Report on the usage of "everyone"

Background / Value

If the "Everyone" account is used for the assignment of access rights, (almost) everyone has access to the connected resources. The consequence is an excessive assignment of access rights and a high probability for unauthorized access. ARM displays all access rights for the "Everyone" account. These go against the principle of least privilege and should therefore not be used. Removing the "Everyone" account automatically is not possible. Before manually deleting accounts you should assign groups to the appropriate resources. Afterwards you can add the desired members to the group.

 

Related features

Also keep an eye on the critical Authenticated Users.

Identify globally accessible directories (web client)

Remove "everyone" permissions in bulk (web client)

 

Step-by-step process

  1. Select "Start".
  2. Click on "All 'Everyone' permissions".

 

  1. Enter a title for the report and add a comment.
  2. Define the range of the report. You are only able to add users where the manager attribute has been set and which have a valid Data Owner configuration.
  3. Define the desired report settings.
  4. Start the report.

 

B023-03 EN Jeder Account auf Berechtigungen prüfen

In the example you see directories that everyone has access to.