Modeling access changes before enabling them allows you to clean up access with confidence. The Access Information Center makes this simpler than ever with easy-to-understand visuals and the ability to commit these changes on the spot.
First, we’ll look at the Effective Access report on my PreSales Engineering Share. As you can see, Chris still has access although his account is disabled. In this situation, I want to clean up access to this one resource without impacting any other intended access in case this user returns.
I select the user and can see at the bottom how that user is getting access. To remove the Folder/NTFS access, I’ll need to remove him from the nested group “SB Sales Read”. I simply begin entering the desired group name I wish to model, and matching names become available:
Selecting Sales Read and then the edit button on the right opens the Edit Members window. Here you can select the users you wish to model being removed/added to the group.
Now, we can see the effect our change would have if applied. Within the Group Explorer with the changes tab selected, you see all our queued changes. In the middle, you see the potential change on the user (reading left to right):
Finally, to ensure our changes impact only intended resources, select the File System node in the Resources pane on the left. Then, select the Model Access Changes report in the Reports pane on the right. These selections will display any collateral impact our changes will have if applied:
If you are comfortable with the impact of the changes, then click on the Commit button within the Group Explorer. You can now be confident in your access changes, knowing the impact of the changes before applying them.
Don’t miss a post! Subscribe to The Insider Threat Security Blog here:
Jeff is a Senior Engineer at STEALTHbits.