Deploy ACL in the migration client

1. Task of the function.

"Deploy ACL" writes the directory structure under the deploy path and authorizes the previously created list and authorization groups. Subdirectories without explicit permissions are not created.

You need write access to the deploy path, eg as administrator. Continue reading

Permanent link to this post:

Deploy Groups in the Migration Client

In Design & Work, a new authorization structure was calculated based on the read permission structure according to Microsoft Best Practice. This consists
- from new authorization and list groups,
- Nesting of existing groups and accounts into new groups, as well as nesting of new groups into each other, and
- from access rights that the groups should receive to the directories.

1. Task of this function.

With Deploy Groups, the new authorization and list groups are written to the AD. Into these the nested groups and accounts are nested. You need write access to the AD, eg as a domain admin.

Continue reading

Permanent link to this post:

Project type "Table import" in the migration client

NTFS permissions created in an xlsx table are read.

1. Function.

When importing a table, you can use the authorizations prepared in a spreadsheet in migRaven insert and authorize authorization and list groups. Finally, the groups are written into AD and directories and ACLs in a dedicated share. Even a CSV file output during the redesign project can be used as a basis processed accordingly and read in as xlsx here.

Continue reading

Permanent link to this post:

Project type "Redesign" in the Migration Client

The redesign project will read in a share or a share subdirectory. The authorizations can be displayed in the tree structure. In table and drag-and-drop modes, you can build the permissions to your liking. Finally, an authorization target state with by migRaven created authorization and list groups. You can write this in the Deploy path, which can be an empty share or even a DFS.

1. Voraussetzungen

Before a project can be started, a Resource Scan Service must be created in the configuration.
It is also necessary to configure the authorization groups beforehand.
You need read rights to the share to be read.
There must be a target share that you have write access to. They will create directories there and entitle groups and users.
You must have administrator rights to the domain in which you want to create the authorization groups.

2. Create a project for a share or a share subdirectory.

2.1. Read directories and permissions

Continue reading

Permanent link to this post:

Group Name (Migration Client)

Under the tab "Name" the name structure of the migRaven configured to create authorization groups. Here, the authorization groups must specify the prefix, the components of the name, the order of these and the separator between the components.

Within certain parameters are the names of migRaven created groups freely definable. Should the from migRaven created authorization groups are later used by 8MAN, the group names are already here to agree with the possibilities of 8MAN.

1. Inputs.

Continue reading

Permanent link to this post:

Group type in the migration client

The group configuration The group type and name structure of the authorization groups to be created, the creation depth of the list groups and the storage location for the new groups are specified in AD.

The group configuration must take place before the first project call, since the authorization groups are created according to this configuration during the project run.

At the Rider Type The group type for the authorization groups and the storage location for them must be entered in the AD.

The tab Type.

Continue reading

Permanent link to this post:

Table mode in the migration client

You populate the table with your credentials, whether from a scanned share, Novell permissions, or a self-created Excel spreadsheet. You can edit and change the permissions according to your needs and ideas. You can remove and add directories. You can authorize users and groups with the five default rights to these directories. You can initiate inheritance breaks and redirect directories in the redesign project.

1. Rights mapping.

In a redesign project, the first step in table mode is the Rights mapping, The existing rights must be changed to the five standard rights.

Only then do you get into the table mode for the authorization assignment.

Continue reading

Permanent link to this post:

The view in the migration client

The view is the visual representation of the authorization structure, on the one hand the read in (initial state) and after the "Design & Work" of the planned authorization structure (target state).

1. Initial state - the read authorization structure.

The "View initial state" is only part of the "Scan resources" project type. It shows the authorization structure of a read Windows share.

After reading the source directory lands migRaven in view - initial state.
On the left you can move through the directory structure. On the right, you can see the authorized groups and accounts and their rights for the directory selected on the left. Underneath, you can let the members of the groups, the accounts, who are allowed to change, or let all authorized persons be shown on this directory.

Continue reading

Permanent link to this post:

Deploy GPO (Migration Client)

The "Deploy GPO" writes the planned NTFS permissions to the source directory via Microsoft Group Policy.

1. Deploy GPO in

1.1. Automatically create the Microsoft GPO migRaven.

The "Deploy GPO" creates a GPO that contains the authorizations to be set. This GPO must be assigned to the appropriate server after creation. The GPO can contain hundreds of entries. Since setting the authorizations via GPO does not use the standard API, which can only process the authorizations one after the other, the new authorizations are set in parallel via the directory tree via GPO. This process is extremely fast and makes it possible to set the rights on a productive system without influencing users.

Continue reading

Permanent link to this post:

GPO project (migration client)

For a source share, NTFS permissions are calculated and written to the source share via Group Policy, and very fast!

New migRavenVersion 5.0: Share migration through Group Policy

The permissions are migrated directly to the source share via Group Policy without the directories and data to change or copy. No target share is created. The advantage of this project type is that the authorizations are granted very quickly.

In contrast to the "ReDesign / Scan resource" project type, a Group Policy object is created instead of the "Deploy ACL" in Group Policy Management, which contains the new authorizations for the scanned share. To enable this object, the user must link it to the server being migrated through AD and Group Policy Management.

1. Advantages, limitations and features.

1.1. advantages

This approach has the following advantages:

  • The authorizations are realized via window-own system-related functions, the group guidelines.
  • Therefore, the authorization is very fast. For example, a Windows Filer with 100.000 directories, 10 Mio files, and 300 new permissions = between 10 and 60 minutes.
  • Since this takes place on the physical path of the share (c: \ directory), the process step via the "green meadow" is omitted.
  • The storage space to copy the data is not required!
  • It takes place directly on the productive drive.

Continue reading

Permanent link to this post:

Load more