Control Over Windows Server File and Folder Permissions to Shield Your Sensitive Data

Don’t wait for a data breach or a failed compliance audit to finally start paying proper attention to who has what Windows Server file permissions in your organization. To reduce the risk of breaches and diligently follow data privacy policies, you need to fine-tune your Windows server file and folder permissions, and then regularly manage them to maintain proper data access control. In particular, you need to identify users with permissions to files and folders that they don’t need, and keep an eye on all changes to access permissions and group membership.

Knowing who has access to what by regularly reviewing Windows server file and folder permissions

The actions that a user can perform across your NTFS are strictly limited by the Windows Server file and folder permissions granted to that user. The table below gives you an overview of the basic permissions that can be assigned to users in your network.

Permission Control for Folders Control for Files
Read View and list folder contents and subfolders View or access the file’s contents
Write Create files and subfolders Write to a file
Read & Execute View and list files and subfolders as well as execute files, inherited by files and folders View and access the file’s contents as well as execute the file
Modify Read and write files and subfolders; delete the folder Read and write the file; delete the file
Full Control Read, write, change and delete files and subfolders Read, write, change and delete the file
Special permissions A combination of special permissions that doesn’t match the basic ones, such as List Folder/read data + Delete A combination of special permissions that doesn’t match the basic ones, such as List Folder/read data + Delete

 

Staying abreast of NTFS file and folder permissions with insightful reports

To ensure that only eligible users have access to your sensitive data, you need to identify each user’s exact Windows Server file and folder permissions and determine whether their job descriptions or roles in the organization align with those permissions. Netwrix Auditor for Windows File Servers enables you to effectively protect your data and prove your compliance by delivering a full picture of your current effective permissions and enabling you to spot users with unnecessary access. Plus, the application helps you stay in charge of privilege escalation by delivering actionable reports about what permissions were altered, added or removed across your file systems, who made each change, and when and where it happened.

Account Permissions report from Netwrix Auditor: Object Path, Permission and Means Granted

Watching out for group and user permissions with Netwrix Auditor

Tracking Windows Server user permissions to files and folders is the first step in mitigating the risk of privilege abuse and securing your critical assets. But you also need to know what’s going on with Active Directory group membership, critical Group Policy objects, and local users and groups, so you can make sure none of them are altered without your approval. That’s why Netwrix offers a broad spectrum of Netwrix Auditor applications. They complement Netwrix Auditor for Windows File Servers by providing you with insightful details into activity across your critical systems, including Microsoft Active Directory and Windows Server, so you can strengthen control over access to your highly sensitive information.

Permission Changes report from Netwrix Auditor: Action, Object Type, What, Who and When