Don’t wait for a data breach or a failed compliance audit to finally start paying proper attention to who has what Windows Server file permissions in your organization. To reduce the risk of breaches and diligently follow data privacy policies, you need to fine-tune your Windows server file and folder permissions, and then regularly manage them to maintain proper data access control. In particular, you need to identify users with permissions to files and folders that they don’t need, and keep an eye on all changes to access permissions and group membership.
The actions that a user can perform across your NTFS are strictly limited by the Windows Server file and folder permissions granted to that user. The table below gives you an overview of the basic permissions that can be assigned to users in your network.
|Permission||Control for Folders||Control for Files|
|Read||View and list folder contents and subfolders||View or access the file’s contents|
|Write||Create files and subfolders||Write to a file|
|Read & Execute||View and list files and subfolders as well as execute files, inherited by files and folders||View and access the file’s contents as well as execute the file|
|Modify||Read and write files and subfolders; delete the folder||Read and write the file; delete the file|
|Full Control||Read, write, change and delete files and subfolders||Read, write, change and delete the file|
|Special permissions||A combination of special permissions that doesn’t match the basic ones, such as List Folder/read data + Delete||A combination of special permissions that doesn’t match the basic ones, such as List Folder/read data + Delete|
To ensure that only eligible users have access to your sensitive data, you need to identify each user’s exact Windows Server file and folder permissions and determine whether their job descriptions or roles in the organization align with those permissions. Netwrix Auditor for Windows File Servers enables you to effectively protect your data and prove your compliance by delivering a full picture of your current effective permissions and enabling you to spot users with unnecessary access. Plus, the application helps you stay in charge of privilege escalation by delivering actionable reports about what permissions were altered, added or removed across your file systems, who made each change, and when and where it happened.
Tracking Windows Server user permissions to files and folders is the first step in mitigating the risk of privilege abuse and securing your critical assets. But you also need to know what’s going on with Active Directory group membership, critical Group Policy objects, and local users and groups, so you can make sure none of them are altered without your approval. That’s why Netwrix offers a broad spectrum of Netwrix Auditor applications. They complement Netwrix Auditor for Windows File Servers by providing you with insightful details into activity across your critical systems, including Microsoft Active Directory and Windows Server, so you can strengthen control over access to your highly sensitive information.