27
Mar

NTFS File Permissions

Two recent projects involved analysing NTFS structures to find the kind of problems that usually occur when you need to move large amounts of data to a new server or other location, especially when combining this with a rebuild of the permissions to a something like a 3- or 4-Level Structure.

Usually, three or four levels of permissions are more than enough for an optimal management of the data. When you have differing permissions on 10 Levels, it gets difficult to manage them correctly.

Common issues that need to be identifed and resolved prior to migration are:

  • Share-in-Share and MultiShare scenarios
  • Cascaded Groups, User Accounts at Folder/File Level
  • Maxpath Overflows
  • Differing permissions on multiple levels
  • Illegal Characters in File/Folder Names
  • Inheritance Problems
  • "SPECIAL" Permissions, non-Standard Permissions at Share/Folder level

There can be many more factors to consider depending on the complexity of the domain structure. The use of scanning tools to analyse each and every share saving the data to CSV files allowed specific reports to be generated for each scenario. Due to the large scale of data involved C# was used to filter the data according to the required criteria, thus reducing the amount of data for the reporting process.

Feel free to contact me for an analysis of your share structures. After ascertaining your goals I can scan your environment and present useful information to your mangement team and system administrators which will greatly accelerate the process of cleaning up your data structure. More detailled information will be posted here soon.

Note - this service is provided for Microsoft Windows Server based Shares on NTFS Drives or SAN Systems which support NTFS. Scanning Scripts require .NET 2.0 on the Windows Server, and a User Account which is a member of the Domain Administrators Group on all File Servers which are to be scanned - additionally the user account will require NTFS permissions to all folders and files which are to be scanned.

Back to Top