Identify globally accessible directories (web client)

Background / Value

If "Everyone accounts" are used for the assignment of access rights, (almost) everyone has access to the connected resources. The consequence is an excessive assignment of access rights and a high probability for unauthorized access. These go against the principle of least privilege and should therefore not be used. Before deleting permissions you should assign specific groups to the appropriate resources.

 

"Everyone accounts" are:

  • Everyone
  • Authenticated Users
  • Domain-Users

 

Related features

Remove permissions from globally accessible directories in bulk

 

Step-by-step process

Go to the Risk Assessment Dashboard.

 

  1. ARM shows a rating for the risk factor "Globally accessible directories".
  2. Click "Minimize risks".

The tiles are sorted by risk level and may therefore be located in different places.

 

  1. ARM lists all globally accessible directories.
  2. Use sorting, filtering and grouping to analyze the data.
  3. Select the rows to display in the grid and in the reports.
  4. Export the data into Excel.
  5. Create a report in PDF- or CSV-format. Save the report or email it.