1. Task of the function.
"Deploy ACL" writes the directory structure under the deploy path and authorizes the previously created list and authorization groups. Subdirectories without explicit permissions are not created.
You need write access to the deploy path, eg as administrator. Continue reading
Permanent link to this post: https://help.migraven.com/deploy-acl-6/
In Design & Work, a new authorization structure was calculated based on the read permission structure according to Microsoft Best Practice. This consists
- from new authorization and list groups,
- Nesting of existing groups and accounts into new groups, as well as nesting of new groups into each other, and
- from access rights that the groups should receive to the directories.
1. Task of this function.
With Deploy Groups, the new authorization and list groups are written to the AD. Into these the nested groups and accounts are nested. You need write access to the AD, eg as a domain admin.
Permanent link to this post: https://help.migraven.com/deploy-groups-6/
NTFS permissions created in an xlsx table are read.
When importing a table, you can use the authorizations prepared in a spreadsheet in migRaven insert and authorize authorization and list groups. Finally, the groups are written into AD and directories and ACLs in a dedicated share. Even a CSV file output during the redesign project can be used as a basis processed accordingly and read in as xlsx here.
Permanent link to this post: https://help.migraven.com/projektart-tabellen-import-6/
Permanent link to this post: https://help.migraven.com/projektart-redesign-6/
Under the tab "Name" the name structure of the migRaven configured to create authorization groups. Here, the authorization groups must specify the prefix, the components of the name, the order of these and the separator between the components.
Within certain parameters are the names of migRaven created groups freely definable. Should the from migRaven created authorization groups are later used by 8MAN, the group names are already here to agree with the possibilities of 8MAN.
Permanent link to this post: https://help.migraven.com/gruppen-name-6/
The group configuration The group type and name structure of the authorization groups to be created, the creation depth of the list groups and the storage location for the new groups are specified in AD.
The group configuration must take place before the first project call, since the authorization groups are created according to this configuration during the project run.
At the Rider Type The group type for the authorization groups and the storage location for them must be entered in the AD.
The tab Type.
Permanent link to this post: https://help.migraven.com/gruppen-typ-6/
You populate the table with your credentials, whether from a scanned share, Novell permissions, or a self-created Excel spreadsheet. You can edit and change the permissions according to your needs and ideas. You can remove and add directories. You can authorize users and groups with the five default rights to these directories. You can initiate inheritance breaks and redirect directories in the redesign project.
1. Rights mapping.
In a redesign project, the first step in table mode is the Rights mapping, The existing rights must be changed to the five standard rights.
Only then do you get into the table mode for the authorization assignment.
Permanent link to this post: https://help.migraven.com/tabellen-modus-6/
The view is the visual representation of the authorization structure, on the one hand the read in (initial state) and after the "Design & Work" of the planned authorization structure (target state).
1. Initial state - the read authorization structure.
The "View initial state" is only part of the "Scan resources" project type. It shows the authorization structure of a read Windows share.
After reading the source directory lands migRaven in view - initial state.
On the left you can move through the directory structure. On the right, you can see the authorized groups and accounts and their rights for the directory selected on the left. Underneath, you can let the members of the groups, the accounts, who are allowed to change, or let all authorized persons be shown on this directory.
Permanent link to this post: https://help.migraven.com/der-view-6/
The "Deploy GPO" writes the planned NTFS permissions to the source directory via Microsoft Group Policy.
1. Deploy GPO in migRaven.one
1.1. Automatically create the Microsoft GPO migRaven.
The "Deploy GPO" creates a GPO that contains the authorizations to be set. This GPO must be assigned to the appropriate server after creation. The GPO can contain hundreds of entries. Since setting the authorizations via GPO does not use the standard API, which can only process the authorizations one after the other, the new authorizations are set in parallel via the directory tree via GPO. This process is extremely fast and makes it possible to set the rights on a productive system without influencing users.
Permanent link to this post: https://help.migraven.com/deploy-gpo-6/
For a source share, NTFS permissions are calculated and written to the source share via Group Policy, and very fast!
New migRavenVersion 5.0: Share migration through Group Policy
The permissions are migrated directly to the source share via Group Policy without the directories and data to change or copy. No target share is created. The advantage of this project type is that the authorizations are granted very quickly.
In contrast to the "ReDesign / Scan resource" project type, a Group Policy object is created instead of the "Deploy ACL" in Group Policy Management, which contains the new authorizations for the scanned share. To enable this object, the user must link it to the server being migrated through AD and Group Policy Management.
1. Advantages, limitations and features.
This approach has the following advantages:
- The authorizations are realized via window-own system-related functions, the group guidelines.
- Therefore, the authorization is very fast. For example, a Windows Filer with 100.000 directories, 10 Mio files, and 300 new permissions = between 10 and 60 minutes.
- Since this takes place on the physical path of the share (c: \ directory), the process step via the "green meadow" is omitted.
- The storage space to copy the data is not required!
- It takes place directly on the productive drive.
Permanent link to this post: https://help.migraven.com/gpo-projekt-6/