Define file server and share specific change settings
You can configure the following settings for each file server and configured shares:
- Account used to make the changes
- Domain where the Access Rights Manager groups are stored
- Group Wizard Settings (such as access categories, group naming conventions, and blacklist)
- List rights management
If you do not set any optional Group Wizard settings, ARM uses the parent level settings.
-
In the Change Configuration - File Server window, click the Group Wizard tab.
You can access this window in the File server change configuration. -
Under Resources, select the targeted file server.
See Add FS scans for instructions on how to add a filer server. Newly-added file servers and shared do not have a configuration. -
Click + to create the configuration.
Under Resources, ARM displays the number of existing configurations that exist below and their location .
Configure the FS change account
-
In the Change Configuration - File Server window, click the Basic Settings tab.
You can access this window in the File server change configuration. -
In the Credential for change fields, click the link and select the account used to apply changes to the selected file server resource. If you do not set these credentials, they will be requested in the ARM application.
Select the domain for ARM groups
-
In the Change Configuration - File Server window, click the Basic Settings tab.
You can access this window in the File server change configuration. -
Click the Domain for ARM groups drop-down menu and select the domain where the ARM groups are stored.
If you do not enter a domain, the ARM groups will automatically be stored in the domain that the user selected in the ARM application.
Configure automatic list rights management
The List Right Configuration menu includes several options for determining how ARM automatically ensures that users can navigate to the folders they are allowed to access. Compared to Microsoft native tools, you can avoid many cumbersome and error prone administrative steps.
-
Maximize List Rights Configuration.
-
Select the Manage list rights (List folder content) automatically checkbox.
-
Use the sliders to determine the level of folder depth that ARM manages.
Level Description 0 The shared folder (share folder). This folder is visible based on share rights.
An assignment of list rights on this level is not required.
Green ARM creates list groups for every level. The access rights groups become members of list groups.
Blue ARM does not create list groups for these levels.
Access groups are provisioned by entering the list rights directly into the access control list (ACL). Overall, minimal groups are created and the Kerberos token sized is minimized. Additional ACL entries are required, which may impact server performance.
-
Under Configure directory levels, move the Orange slider to exclude folder levels from the automatic creation of list groups. This process can help users who have list rights to these folder levels.
-
Select the following checkbox to prevent users from gaining access to levels that they are not able to access:
Do not allow access light changes below the last level that has list groups enabled
This option prevents access rights changes with ARM below the lowest "list-rights-level" plus one (for example. level 7 as shown below).
-
Click the Mode drop-down menu and select a list group mode.
This setting has no impact on Kerberos token size.
-
Select an option to prevent ARM from deleting folders that will be retained as parents for inheritance.
You can also protect folder levels by assigning restricted modify, as this option requires fewer group memberships.
Delete a file server- and share-specific change configuration
Click X in the top right corner to delete the file server.