Table of Contents
- Getting Started
- Agent-Based Management
- Common Tasks
- Data Providers
- Directory Services
- Auditing
- Hosts
- Templates
- Template Properties
- Batch Update Templates
- Assign Templates
- Log Management Templates
- SCAP Compliance Monitor
- Active Directory User Monitor Templates
- File and Directory Monitor Templates
- Windows Monitor Templates
- CPU Monitor Template
- Memory Monitor Template
- Disk Space Monitor Template
- Account Lockout Monitor Template
- Audit Policy Monitor Template
- Logon As Monitor Template
- Logon Monitor Template
- Performance Counter Monitor Template
- PowerShell Template
- Process Monitor Template
- RDP Session Monitor Template
- Registry Value Monitor Template
- Service Monitor Template
- SMART Disk Monitor Template
- System Security Monitor Template
- Windows Update Template
- WMI Query Template
- Task Scheduler Template
- Clock Synchronization Template
- Defragment NTFS Disks Template
- Network and Application Monitor Templates
- SSL Certificate Monitor Templates
- Database Templates
- Email Monitor Templates
- SNMP Monitor Templates
- Windows Accounts Templates
- Monitors
- Reports
- Auto-Configurators
- Filters
- Actions
- Schedules
- Environment Variables
- Options
- SNMP
- SSH Shell
- Syslog
- System Reset
- Shared Views
- Active Directory User and Group Filters
- Assign Actions
- Assign Azure Audit Logs
- Assign Consolidated Logs
- Assign Directories
- Assign Disks
- Assign Event Logs
- Assign Files
- Assign Services
- Assign Shares
- Auto-Config Host Assignment Properties
- Define CSV and W3C Log Entry Columns
- Define Log Entry Columns
- Define Log Entry Columns with Regular Expressions
- Executable Status
- Executable Timeline
- Explicitly Assigned Logs
- File Explorer
- General Executable Properties
- Report Columns
- Report Date/Time Ranges
- Report Security Event Log Filters
- Select Folder or File
- Target Files and Sub-Directories
- Command Line Interface
- Server Configuration
- Agent Configuration
- Troubleshooting
- Best Practices
- Terminology
Corner Bowl Server Manager
SIEM, IPS, Server Monitoring, Uptime Monitoring and Compliance Software
File and Directory Access Permissions Reports
The File and Directory Access Permissions Reports enable you to either manually on-demand scan any disk or directory for assigned permissions and optionally schedule the results to be emailed to you or output to a file, for example, a CSV file.
Requirements
| Operating System | Technology |
|---|---|
| Windows | Remote WMI and Windows Shares |
| Linux | SFTP/SSH or FTP/S |
How to create a File and Directory Access Permissions Report:
- From the Menu Bar select File | New. The Create New Object View displays.
- From the Create New Object View, expand Report | File and Permissions Reports then select File and Directory Access Permissions. The Properties View displays.
Note
Unlicensed report types appear in gray text. If you would like to create a report that is not currently licensed, please contact Corner Bowl Software to upgrade your license.
- The Properties View contains 7 configuration tabs.
How to configure the File and Directory Access Permissions
- Use the Files and Sub-Directories section to:
| Option | Description |
|---|---|
| Include files | Scan and list each file in the report. |
| Detail sub-directories and files | Scan and list each sub-directory in the report. |
| Hide BUILTIN users and groups | Hide the BUILTIN account from the report. |
- Use the Access Permissions section to configure the permissions to report. The following permissions are supported:
| Option | Hex Value | Description |
|---|---|---|
| None | 0x00000000 | No permissions assigned. |
| Read | 0x00000001 | Permission to read the data of a file. |
| Write | 0x00000002 | Permission to modify a file's data anywhere in the file's offset range. This includes the ability to write to any arbitrary offset and as a result to grow the file. |
| Append | 0x00000004 | The ability to modify a file's data, but only starting at EOF. |
| ReadEA | 0x00000008 | Permission to read the named attributes of a file or to lookup the named attributes directory. |
| WriteEA | 0x00000010 | Permission to write the named attributes of a file or to create a named attribute directory. |
| Execute | 0x00000020 | Permission to execute a file or traverse/search a directory. |
| DeleteChild | 0x00000040 | Permission to delete a file or directory within a directory. |
| ReadAttributes | 0x00000080 | The ability to read basic attributes (non-ACLs) of a file. |
| WriteAttributes | 0x00000100 | Permission to change the times associated with a file or directory to an arbitrary value. |
| Delete | 0x00010000 | The right to delete the object. |
| ReadControl | 0x00020000 | The right to read the information in the object's security descriptor, not including the information in the system access control list (SACL). |
| WriteDAC | 0x00040000 | The right to modify the discretionary access control list (DACL) in the object's security descriptor. |
| WriteOwner | 0x00080000 | The right to change the owner in the object's security descriptor. |
| Synchronize | 0x00100000 | The right to use the object for synchronization. This enables a thread to wait until the object is in the signaled state. Some object types do not support this access right. |
| SystemSecurity | 0x01000000 | Specifies access to the system security portion of the security descriptor. |
| MaximumAllowed | 0x02000000 | Indicates that the caller is requesting the most access possible to the object. |
| GenericAll | 0x10000000 | All possible access rights |
| GenericExecute | 0x20000000 | Execute access |
| GenericWrite | 0x40000000 | Write access |
| GenericRead | 0x80000000 | Read access |
File and Directory Permissions Report Properties View