IT Documentation - The Blog

Clean up Access Control Lists

March 29, 2021

… or never again laboriously search the ACL of the file servers for dead SIDs.

Do you like detective stories? Based on the countless crime movies and series that we ubiquitously encounter on TV or its more modern variants Netflix and Co., chances are quite good that you are not averse to a good crime series either. It is less important which type of detective you swear allegiance to. Whether, like me, you prefer the “Columbo” variety, follow the streets of San Francisco or prefer to stay in the big city districts. One thing every good crime series needs. A dead body. After all, what would a crime novel be without a passable victim who has mysteriously dropped out of reality? And what would a good crime novel be without an ingenious inspector, who would not be able to get to the bottom of even the most evil contemporaries with all the tricks up their sleeves?

So we can come to the conclusion that without the corpse there can be no action or solving. Ideally, victims in crime stories usually lie around somewhere in the way and someone stumbles upon them more or less by chance.

A completely different calibre of crime story takes place on our file servers. Under certain circumstances, they are teeming with dead SIDs and no one notices. After all, no one stumbles across them. By the way, SID means “Security Identifier” and is a unique security identifier that permanently identifies each user and group in a Windows AD.

Our whodunit is set on our file server, the victims are the orphaned ACL entries and the main character is Inspector Docusnap.

Unlike on TV, we don’t just stumble across them and our “corpses” may be a bit older. With Docusnap, however, we have the right sniffer in our ranks who uncovers exactly such abuses and reliably forwards his report to us.

Once configured, Docusnap can show us an up-to-date report at any time on whether orphaned entries can be found in the access control lists and shows all “dead” SIDs sorted neatly by system. Since Docusnap has access to all IT servers and this information is also constantly kept up to date, nothing is left out and no detail is overlooked when securing evidence.

In our short video we show how easy it is for everyone to inform themselves about the “crime scene server” and also keep it clean.

With Docusnap, there are no unsolved cases in our crime series. Ruthlessly and with meticulous accuracy, we don’t give even the small-time crooks a chance. For some, this is already a big deal; for Docusnap, it’s just another small step towards optimal security in our networks.
 
That’s Docusnap: