Privilege abuse is a major cause of breaches in most organizations. Hence it is imperative that organizations periodically cleanup excess and inappropriate access permissions to critical resources. They must also check and update the membership of critical security groups.These will help in ensuring the principle of least access and Role based access control is followed. ADManager Plus allows you to manage the file server and share permissions in a few clicks through,
Navigate to Management> FIle Server Management > Permission management
Click Modify NTFS permissions. Select the folders and the accounts you wish to modify the permissions for.
Select the required permission settings for inherited permissions as well.
Click Save
Additionally, ADManager Plus offers reports with management options to list users with access and permissions like,
Folders accessible by Accounts
AD objects accessible by accounts
Servers accessible by accounts
Permissions for Folders and more.
ADManager Plus also offers a non invasive, OU based delegation to enable help desk technicians to perform critical tasks like user provisioning, password resets, etc. You can learn more about it here.
Tune in next week to know how to configure a disable and delete policy so you do not have to manually revoke a user's permissions to critical resources every time a user account is disabled or deleted in an organization, thus keeping your AD clean and secure!
Cheers,
Team ADManager Plus