Identify globally accessible directories (web client)
Background / Value
If "Everyone accounts" are used for the assignment of access rights, (almost) everyone has access to the connected resources. The consequence is an excessive assignment of access rights and a high probability for unauthorized access. These go against the principle of least privilege and should therefore not be used. Before deleting permissions you should assign specific groups to the appropriate resources.
"Everyone accounts" are:
- Everyone
- Authenticated Users
- Domain-Users
Related features
Remove permissions from globally accessible directories in bulk
Step-by-step process
-
Click Analyze.
-
Click Risk assessment dashboard.
- Access Rights Manager shows a rating for the risk factor Globally accessible directories.
- Click Minimize risks.
The tiles are sorted by risk level and may therefore be located in different places.
- Access Rights Manager lists all globally accessible directories.
- Use sorting, filtering and grouping to analyze the data.
- Select the rows to display in the grid and in the reports.
- Export the data into Excel.
- Create a report in PDF- or CSV-format. Save the report or email it.