Identify globally accessible directories (web client)
When you create new users in ARM, you can assign users to accounts with Everyone permissions. User accounts that are configured with Everyone permissions include:
-
Everyone
-
Authenticated Users
-
Domain-Users
If accounts with Everyone permissions are used to assign access rights, (almost) everyone associated with these accounts can access the connected resources. This practice results in excessive access rights assignments and a high probability for unauthorized access. Everyone account permissions negatively impacts the principle of least privilege and should not be used.
Before you delete permissions, assign specific groups to the appropriate resources.
-
Log in to the web client.
-
In the toolbar, click Analyze > Risk assessment dashboard.
ARM displays a rating for the Globally accessible directories risk factor.
-
Click Minimize Risks.
The Globally Accessible Directories screen displays.
The screen title displays at the top of the screen (1). The Path column (2) lists all globally accessible directories and associated information. Select the rows you want to display in the grid and reports (3). Click Direct Excel Export (4) to export the data into a Microsoft Excel spreadsheet.
Click Create Report (5) to save the report in PDF or CSV format.
See Remove permissions from globally accessible directories in bulk for more information.