Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

EmpowerID

...

streamlines the management of Windows Servers as a

...

resource system for file share management,

...

offering automated role-based access control, delegated permissions administration, and self-service

...

access requests

...

through workflows – all backed by a comprehensive audit trail. Once a server

...

is added as a managed resource system, EmpowerID

...

continuously

...

inventories and

...

monitors the server

...

, detecting new shared folders

...

and any changes to

...

permissions

...

. This

...

ensures complete visibility

...

into shared folder resources

...

, including who has access and their level of access.

This article outlines the steps for setting up a Windows File Server as a managed resource system, including creating a file share resource system and configuring it with PowerShell user account credentials.

Prerequisites

Before adding a Windows File Server to EmpowerID as a managed resource system, ensure that EmpowerID

...

is connected to Active Directory. For

...

guidance, refer to the article on Connecting to Active Directory.

...

Additionally,

...

the

...

PowerShell user account configured for the resource system

...

must have

...

the necessary NTFS permissions on each file server.

To add Windows File servers as a managed resource system, you need to do the following:

...

Create file share resource system

...

Procedure

Step 1 – Create file share resource system

...

Add the username and password of the PowerShell user account as resource system configuration parameters

  1. Expand Admin > Applications and Directories

...

  1. on the navbar and click Account Stores and Systems.

  2. On the Account Stores page, click the Actions tab and then click Create File Share Resource System.

...

  1. Image Added

  2. On the Select File Server Computer page, search for your file server.

  3. Click the record for that server to select it, and then click Submit.

...

  1. Image Added

  2. EmpowerID creates the Windows File Server resource system.

  3. On the Find Account Store page, click the Resource Systems tab, search for the Windows File Server

...

  1. you just created, and then click the Display Name link

...

  1. .

...

  1. Image Added

  2. From the Resource System > Resource System Info tabs of the Account Store Details page that appears

...

  1. click the Edit link for the file server resource system to put it in edit mode.

...

  1. Image Added

  2. On the edit page, select the Projection tab and then select Group Membership Projection Enabled. This ensures that EmpowerID evaluates who should be members of what Resource Role groups

...

  1. regularly

...

  1. .

...

  1. Image Added

  2. Select the Enforcement tab and do the following to specify the type of rights enforcement to be applied to any Resource Role groups created by EmpowerID for the shares on the file server: (This process is used to determine who should have access to shares on the server based on their assignments to Access Levels in EmpowerID and is enforced using special domain local groups known as "Resource Role Groups". See Projection and Enforcement for more information about this process. )

    • Enforcement Type – Select one of the below enforcement options:

      • No Action – No rights enforcement action occurs.

      • Projection with No Enforcement – Adds people to Resource Role Groups in EmpowerID

...

      • but does not grant these permissions on the server.

      • Projection with Enforcement – Adds people to Resource Role Groups in EmpowerID and grants the roles to the Resource Role Groups. This is the recommended setting.

      • Projection with Strict Enforcement – This removes any assignments to groups that occur outside of EmpowerID. If someone is added to a group independently of EmpowerID, they are removed from the group by EmpowerID.

    • Rights Enforcement Enabled – Select to enable the chosen enforcement on the file server

    • Schedule – Click the Start and End fields and select the desired start and end date for enforcement.

    • Interval – Select how often you want the enforcement job to run against the file server.

  1. Click Save.

Step 2 – Add the PowerShell username and password as configuration parameters

Note

The PowerShell User account specified here must have permissions to manage shared folders on the file server.

  1. From the Resource Systems tab of the Account Stores and Systems page, search for the File Server resource system you just created and click the Display Name link for it.

  2. Select the Resource System tab and then expand the Configuration Parameters accordion at the bottom of the page.

  3. In the accordion, click the Add button above the grid and then enter the following information in the General pane for the PowerShell user account:

    • Name – Enter PowershellUser

    • Value – The user name of the account making the PowerShell calls

  4. Click Save.

...

  1. Image Added

  2. Click the Add button above the grid again and then enter the following information in the General pane for the PowerShell user password:

    • Name – Enter PowershellPassword

    • Value – The password of the account making the PowerShell calls

    • Encrypt Data – Select this to encrypt and hide the password

  3. Click Save.

    Insert excerpt
    IL:External Stylesheet
    IL:External Stylesheet
    nopaneltrue

Next Steps

Create shared folders

Configure self-service requests for shared folders

Unshare shared folders

Delete shared folders

Div
stylefloat: left; position: fixed;

IN THIS ARTICLE

Table of Contents
minLevel2
maxLevel4
stylenone