At NetVision, we hear from numerous organizations who are looking for help with cleaning up permissions that have gotten out of control over time. David Rowe explains the challenges and provides some tips on how to tackle the job in this ESJ article titled Coming Clean: Getting a Handle on Permissions and Group Memberships.
We’re looking for an experienced engineer to help with software builds, installation, and configuration management. More details here.
Today, NetVision announced our partnership with Sparxent. More details here.
Quoted from the release:
“Today’s enterprises are strapped for resources and very often lack the expertise needed to meet compliance and audit demands,” said David Rowe, CEO of NetVision, Inc. “We’re pleased to be partnering with a value-add solutions developer like Sparxent who brings a true ground-level understanding of the business challenges related to audit and compliance. We see Sparxent as an integral part in extending our reach here and in the EMEA, where our customers will receive hands-on, localized support professionals to help them improve their audit results.”
As one of the few vendors who evaluate both access-related events and states we’re always looking for meaningful ways to combine the two. By some definitions this is called “context”. I think that’s too scientific; defining the combination of data points as providing context when in fact – it’s simply the answer. I say this based on increasingly frequent discussions with prospective customers who – rightly – say, “well, if you have this very rich information it’s very titillating but what I’m really after is…..[pick your daily job-related outcome].” So, I hypothesize, that data from a SEIM or a query tool or any other mechanism is simply data if provided without context. And with the right context it’s merely the answer. Here’s a new tagline. “Expect Answers”
A recent edition of NetVision’s monthly newsletter AuditMonthly discussed the issues of permission bloat and group clean up. There are some focus areas outlined in one of our solutions pages: Active Directory Group Clean Up. We can help you get your arms around the issue, identify low hanging fruit, and clean things up.
There’s a new white paper on the NetVision Knowledge page titled:
The Business Value of Effective Audit
Effective access auditcan be a powerful business enabler providing significant value beyond protecting against malicious insiders. This paper identifies the business challenge, how the industry is approaching the challenge, and NetVision’s unique approach to access rights reporting and monitoring.
NetVision will soon be announcing availability of our Microsoft Exchange monitoring capabilities. Indepent of Microsoft event logs, this solution will enable you to monitor message, calendar, contact, and task activity. Events can be triggered based on whether the initiator is the mailbox owner as well as event filtering by subsets of users. So, for example, if a help desk user sends a message from your CEO, you might want to take different action than if the CEO’s assistant sends a message from that account.
If you’d like us to keep you updated on the Exchange monitoring release, please let us know.
NetVision today released an updated version of Access Rights Inspector Single Server Edition. The new version applies a fix to issues related to large volume size and the initial file/folder rights scan. The SSE version is a free 30-day trial providing access rights reports on a single server.
Access Rights Inspector SSE enables users to select user accounts/groups and files/folders to generate custom reports on access rights based on those selections.
Available Reports include:
- Effective Rights: calculates permissions based on group memberships, inherited rights, ownership, and more.
- Explicit Rights: provides explicit permission settings for selected accounts and resources.
- Deny ACEs: provides a list of all locations where permissions are explicitly denied.
In a new paper for NetVision customers titled Active HIPAA Response, we break down the security and privacy requirements found within the HIPAA regulation text and map NetVision policies and reports to those requirements. While organizations need to perform discovery of Protected Health Information (PHI), NetVision’s HIPAA compliance pack provides quick setup of compliance reporting related to Windows file system and Active Directory for complete coverage of Microsoft networking platforms. The HIPAA package is also available for Novell networking environments. NetVision isn’t claiming to make anyone compliant with a set of canned reports. But, if you’re concerned about HIPAA requirements, the HIPAA compliance pack automates the creation of a set of reports that map to the areas within HIPAA for which NetVision can help. Let us know if you’d like more information!
According to the two TechNet articles below, a user with the ‘take ownership’ permission on a file or folder should be able to assign ownership to a group of which they’re a member. Unfortunately, it doesn’t seem to work that way. An error is thrown indicating that the user should have ‘restore files and directories’ permission in order to assign ownership to a group.
Thanks! to FK for raising the issue (which contradicts information in the NetVision paper on Windows Access Rights) It’s a fairly obscure find, but worth understanding.