Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
EmpowerID
...
streamlines the management of Windows Servers as a
...
resource system for file share management,
...
offering automated role-based access control, delegated permissions administration, and self-service
...
access requests
...
through workflows – all backed by a comprehensive audit trail. Once a server
...
is added as a managed resource system, EmpowerID
...
continuously
...
inventories and
...
monitors the server
...
, detecting new shared folders
...
and any changes to
...
permissions
...
. This
...
ensures complete visibility
...
into shared folder resources
...
, including who has access and their level of access.
This article outlines the steps for setting up a Windows File Server as a managed resource system, including creating a file share resource system and configuring it with PowerShell user account credentials.
Prerequisites
Before adding a Windows File Server to EmpowerID as a managed resource system, ensure that EmpowerID
...
is connected to Active Directory. For
...
guidance, refer to the article on Connecting to Active Directory.
...
Additionally,
...
the
...
PowerShell user account configured for the resource system
...
must have
...
the necessary NTFS permissions on each file server.
To add Windows File servers as a managed resource system, you need to do the following:
...
Create file share resource system
...
Procedure
Step 1 – Create file share resource system
...
Add the username and password of the PowerShell user account as resource system configuration parameters
Expand Admin > Applications and Directories
...
on the navbar and click Account Stores and Systems.
On the Account Stores page, click the Actions tab and then click Create File Share Resource System.
...
- Image Added
On the Select File Server Computer page, search for your file server.
Click the record for that server to select it, and then click Submit.
...
- Image Added
EmpowerID creates the Windows File Server resource system.
On the Find Account Store page, click the Resource Systems tab, search for the Windows File Server
...
you just created, and then click the Display Name link
...
.
...
- Image Added
From the Resource System > Resource System Info tabs of the Account Store Details page that appears
...
click the Edit link for the file server resource system to put it in edit mode.
...
- Image Added
On the edit page, select the Projection tab and then select Group Membership Projection Enabled. This ensures that EmpowerID evaluates who should be members of what Resource Role groups
...
regularly
...
.
...
- Image Added
Select the Enforcement tab and do the following to specify the type of rights enforcement to be applied to any Resource Role groups created by EmpowerID for the shares on the file server: (This process is used to determine who should have access to shares on the server based on their assignments to Access Levels in EmpowerID and is enforced using special domain local groups known as "Resource Role Groups". See Projection and Enforcement for more information about this process. )
Enforcement Type – Select one of the below enforcement options:
No Action – No rights enforcement action occurs.
Projection with No Enforcement – Adds people to Resource Role Groups in EmpowerID
...
but does not grant these permissions on the server.
Projection with Enforcement – Adds people to Resource Role Groups in EmpowerID and grants the roles to the Resource Role Groups. This is the recommended setting.
Projection with Strict Enforcement – This removes any assignments to groups that occur outside of EmpowerID. If someone is added to a group independently of EmpowerID, they are removed from the group by EmpowerID.
Rights Enforcement Enabled – Select to enable the chosen enforcement on the file server
Schedule – Click the Start and End fields and select the desired start and end date for enforcement.
Interval – Select how often you want the enforcement job to run against the file server.
Click Save.
Step 2 – Add the PowerShell username and password as configuration parameters
Note |
---|
The PowerShell User account specified here must have permissions to manage shared folders on the file server. |
From the Resource Systems tab of the Account Stores and Systems page, search for the File Server resource system you just created and click the Display Name link for it.
Select the Resource System tab and then expand the Configuration Parameters accordion at the bottom of the page.
In the accordion, click the Add button above the grid and then enter the following information in the General pane for the PowerShell user account:
Name – Enter PowershellUser
Value – The user name of the account making the PowerShell calls
Click Save.
...
- Image Added
Click the Add button above the grid again and then enter the following information in the General pane for the PowerShell user password:
Name – Enter PowershellPassword
Value – The password of the account making the PowerShell calls
Encrypt Data – Select this to encrypt and hide the password
Click Save.
Insert excerpt IL:External Stylesheet IL:External Stylesheet nopanel true
Next Steps
Div | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
IN THIS ARTICLE
|