Logo: LUTZ & GRUB AG | IT-Services

File server and resource authorization concept

Increase security level

There are many reasons for replacing existing file server systems and switching to virtual or physical new file servers based on Windows Server: The most important one is to raise the security level of data management! Switching to an up-to-date file server system offers an exposed opportunity to consolidate your file server infrastructure. This will provide you with a permanent, secure and always traceable access protection for your sensitive company data.

Authorization concept based on three columns

  • The normalization of role-based group and group membership in Active Directory
  • .

  • static, one-time permission entries in the Access Control Lists (ACL) for the data directories on the file server, while maintaining the predefined directory depths
  • .

  • integration of organizational units (OU) and Windows group design into existing ADS infrastructures
  • .

  • static, one-time permission entries in the access control lists (ACL) at the data directories on the file server while maintaining the predefined directory depths
  • .

  • Integration of organizational units (OU) and Windows group design into existing ADS infrastructures
  • .

clear control

Authorization assignment takes place exclusively in ADS via group memberships. Onboard administration consoles and the user helpdesk (ITIL) can be integrated into the management by delegation. The mapping of the authorization flow is traceable via a matrix. Sensitive data is identified and secured separately. Users are granted access to their data using a single network drive connection, to which group policy preferences are assigned.

The authorization model can be adapted dynamically for access to other resources outside the file server infrastructure.

Services and key points of our authorization concept

Capture of proportional “business processes” for the development of the authorization strategy

  • Design of organizational units and norm window groups for the access model
  • Creation of a matrix for the arrangement of data directories (floating rights)
  • Creation of a decision paper for the internal project presentation
  • Separate protection of sensitive data directories with “empty groups” concept
  • GPO consolidation with provision of one drive for users via GPO
  • Practical support for data migration to new structure
  • ACL cleanup with revision of single permissions, avoidance of phantom SIDs
  • Archive solutions for data migration and dynamic data collections
  • Transfer from authorization concept to other IT resources
  • Efficient deployment and use of Windows Server features
  • Optional directory access monitoring for sensitive data repositories
  • Documentation with tools