While this may seem like a simple question for the management, this is a tough one to handle for administrators or managers. This requires you to first identify all your important folders and files and then estimate the number of ACE entries that are likely to be there. You then need to figure out who should and should not have permissions to these. The most important security question to answer is – who is having unauthorized access where? This is like finding a needle in a hay stack. Most of the entries are too monotonous and strenuous to manually look at with the same granular permission entries showing up everywhere in your report.
All unauthorized accesses need to be analyzed along with the type of unauthorized access – can the unauthorized user or group Read or Modify or Delete confidential Files and Folders? To find exceptions you need a solution that will allow you to setup roles and templates for effectively reviewing permissions.
This is often referred to as permissions clutter or permissions bloat. The permissions given to users and groups accumulate over a period of time if the administrators do not perform regular cleanups of ACLs. This is easier said than done because of the missing links and updates from HR systems to Systems management tools. Do deleted or unknown users have access to files and folders? Unless there is an automated solution, cleanups never happen and as a result ACLs accumulate over a period of time, compromising security.
There are always exceptions in any organization where confidential folders and files get special treatment in the form of blocked inheritance and explicit permissions are granted for privileged access. This is one area that needs careful monitoring and needs to be documented properly. In which folders and files the normal rules such as “inheritance of permissions by folders from parent” apply and where have they been blocked or subverted?
This is very dangerous and likely to happen when there are too many privileged accesses to shared folders. This needs to be resolved by analyzing indirect permissions on shares, folders and files.
Vyapin’s NTFS Security auditing solution addresses all the above challenges by providing a single comprehensive solution for NTFS permissions reporting across your enterprise.