Overview where others have to give up. Recognize effective authorizations, find mountains of data - data owners determine even in very large ADs.

As an administrator or data owner, if you want to clean up the file server that is overloaded with data, you need an overview or at least an overview of the data and its structure on the file server.

But with the 20.000 and more files per employee that already exist today, this is almost impossible with the on-board resources provided by the operating system. migRaven.24/7 addresses this problem and provides transparency for both the administrator and the data owner about the data and directory structures.

Visualization of the data structure

The one developed for the department migRaven.24/7 Web Interface provides a clear overview of essential data structure information on the Home page and helps users to understand their data and directory structures.

Specifically delivers the home page of migRaven.24/7 Your employees answers to:

  • How many directories and files are there?
  • What storage space do the files occupy?
  • What is the age distribution of the data?
  • Which users have direct access permissions to the directories?
  • Which file types are in the directories?
  • Who are the file owners within the directories?

migRaven.24/7 provides the detailed information about your data.

Key figure Data Owner

If obsolete data disappears from the productive area of ​​the file server, in most cases IT administration becomes active. However, this situation is absurd because only the department or the file owner (data owner) is aware of the data content and can make a clear statement about the relevance and further use of files.

However, with the growing structures of thousands of files, the question of data owners within directories is anything but trivial.

Reliable identification of the data owner

In migRaven.24/7 the number of files per user is displayed in the File Owner tab. The user with the most files created is either the Data Owner himself or at least knows who it is from the circle of colleagues.

If the data owner of a directory has been determined, the data owner rights can be assigned to the corresponding user on the directory in one click. This gives the data owner the opportunity to give himself an overview of the files and the structure and can decide whether

  • certain directories are obsolete,
  • Permissions are no longer appropriate,
  • Archiving policies should be assigned to the directory.
31.05.2019 | 03: 34 minutes | Presentator: Thomas Gomell

Obsolete data analysis

The beginning of each optimization is the analysis of the current state: This report shows you therefore quickly and clearly, what is difficult to do with Windows on-board resources: Where in directories have deposited large amounts of data and how old this or the structure containing them are. In doing so, you set yourself from which period of time data should be considered obsolete or at least outdated and then see how many of the directories and files that exist on a share are correct or how large the occupied space of these files is. In addition, these values ​​are presented in relation to the total amount of data - often with the result that 70% and more of the data could have been archived or deleted long ago.

Thanks to the Obsolete Data Report, you can purposefully take action against these mountains of data and thus increase the efficiency of all users in handling the file system.

Reality in companies with 1000 + employees: On average, about 70% of all data in the production systems are older than 2 years.

Dates older than 2 years

The Obsolete Data Report from migRaven.24/7 shows you quickly and clearly what is difficult to do with Windows on-board resources: Where in directories have deposited large amounts of data and how old this or the structure containing them are.

awareness

The situation described is also in yours Company, if it has existed for some years, most likely Reality. With the Obsolete Data Report you can be certain that your previous data management has worked.

The Obsolete Data Report also shows where the unused data has been deposited.

20.05.2019 | 36: 07 minutes | Presentator: Thomas Gomell

Best Practices Report

The Best Practice Report provides administrators with key metrics related to Microsoft Best Practices compliance permissions on the scanned drive. Easily find out where, for example, permissions are too low (more than 3 levels), inheritances are broken or users are directly authorized. This information is indispensable for preparing a file server restructuring or cleaning up the Active Directory!

Permission levels

In order to make the administration of authorizations as simple as possible, permissions should not be set too low. In doing so, level 3 of the directory structure has proved to be the optimal directory depth. Because every explicit level below level 1 makes it necessary that list permissions are also set up so that the user can even get to the actual directory. The report shows you in detail how deep the permissions in your environment are, and the resulting average level of privilege.

Permissions into the 13. Level - Too deep and overly complex authorization structures are unfortunately the rule in many IT environments.

Inheritance interruption

The break in inheritance should be avoided just like deny permissions. Even if it may seem sensible in certain situations, this procedure provokes additional effort in the further life cycle of the system, e.g. if it becomes necessary to inherit authorizations. The report shows you all broken inheritance. It is recommended that you always work according to the Least Privilege Principle: Ialways only grant as many authorizations as are actually required. This makes it necessary to reverse the view when assigning authorizations. Rights are not set from above, but from below. This means that, for example, on the level above an explicitly assigned Modify right, you only need list authorizations for this to work.

Directly entitled persons

Another recommendation is to use groups to assign authorizations. Groups make it possible to assign rights for many users in the first place. Because Access Control Lists (ACL) are basically limited and performance problems can easily arise if too many ACLs available. The report shows how many users who are not administrators are directly authorized in an environment. According to best practice, you should work according to the AG-DL (or G, or U) -P principle: The account is assigned to a role group (G), this into authorization groups (DL) - this in turn becomes a member of the P (ACL). 

However, it makes sense to dispense with the role group in certain cases, eg if the user combination is only needed for a single directory. Exactly then one uses A - () - DL-P - the users become the direct member in the authorization group. This ensures that no users are authorized directly in an ACL.

Orphaned ACE

Orphaned ACEs occur when an account is deleted from the AD without removing the ACE entries. This is not a technical problem, but a "blemish" which of course also affects the reporting.

21.01.2019 | 52: 34 minutes | Presentator: Thomas Gomell

Best Practice Report with migRaven.24/7 test now

TOP