To use file system protection, you must first define the files/folders to protect:
The File System Protection page displays when File System is selected from the Protection task list in the navigation pane of the Administration Tasks tab. From this page you can launch the File System Protection wizard to specify a file or folder to be protected from unauthorized access. You can also edit existing templates, disable a template, and remove templates that are no longer being used.
NOTE: Authorization to use the administration tasks on the Administrations Tasks tab is defined using the Application User Interface page under the Configuration task list. If you are denied access to the tasks on this page, refer to the Change Auditor User Guide for more information on how to gain access. |
The File System Protection page contains an expandable view of all the File System Protection templates that have been previously defined. To add a new template to this list, click Add. Once added, the following information is provided for each template:
• |
Excluded from Protection - indicates you selected the Allow option to allow only the selected accounts to change the protected objects. |
• |
Included in Protection - indicates you selected the Deny option to allow all accounts to change the protected objects EXCEPT for those selected. |
NOTE: If you are planning to use multiple File System Protection templates, refer to the Change Auditor Technical Insight Guide for more information on how multiple protection templates are evaluated. |
2 |
Click Protection. |
3 |
4 |
Click Add to open the File System Protection wizard which steps you through the process of creating a File System Protection template. |
5 |
In the Template Name field, enter a descriptive name for the template. |
6 |
In the Path field, enter or click the Browse button to specify the file system path to protect. Click Add to move the specified file system path to the selection list. |
7 |
8 |
9 |
By default, protection will be applied to both files and folders in the selected file system path. To protect just files, folders or shares, click the arrow control in the Applies To cell and select one of the following options: |
• |
• |
• |
Files and Folders (default) |
• |
10 |
By default, protection will prevent ‘all’ operations from occurring. However, to protect against specific operations, click the arrow control in the Protection Type cell and select one or more of the following operations: |
• |
[All] (default) |
• |
• |
• |
• |
• |
• |
11 |
Use the File Mask field to optionally specify a file mask to protect a group of files in the selected file system path. Once you have specified a file mask, click Add to add it to the list at the bottom of the page. |
12 |
On the next page of the wizard, use the Browse or Search page to optionally select user or group accounts which will be allowed to make changes to the protected objects selected on the previous page. Click Add to add the selected user or group to the Override Account list. |
NOTE: The Allow option is selected by default indicating that the selected users or groups will be allowed to change the protected objects. However, you can select the Deny option at the top of this page and select individual users or groups that are NOT allowed to change the protected objects. When using the Deny option, you are allowing all users and groups to change the protected objects except for those selected on this page. |
13 |
On the next page of the wizard, you have the option to schedule when the protection will be enforced. You can either select to have the protection always run or have it run only during specific times. To enable the protection only during specific times, select the Protection is scheduled option, and define when it should be enabled (hour blocks on a weekly basis). The times selected are the local agent time where the template is applied. |
• |
Protect access from all locations: Protection is always enabled regardless of the location. |
• |
Protect access only from select locations: Protection is only enabled for the specified locations. |
• |
Disable protection only for select locations: Protection is disabled for the selected locations. Enabled everywhere else. |
• |
Protect access from all unknown locations: All file system requests from locations that cannot be determined by the agent will be protected. |
16 |
To create the template and assign it to an agent configuration, expand Finish and select Finish and Assign to Agent Configuration. |
• |
Select a configuration, then select the newly created template, click in the corresponding Assigned cell and click Yes. |
• |
On the Agent Configuration page, select one or more agents from the agent list and click the Assign tool bar button. |
• |
On the Agent Configuration page, select the agents assigned to use the modified agent configuration and click Refresh Configuration to ensure the agents are using the latest configuration. |
2 |
• |
Place your cursor in the Status cell for the template to be disabled, click the arrow control and select Disabled. |
2 |
To re-enable the protection template, use the Enable option in either the Status cell or right-click menu. |
• |
Place your cursor in the Status cell for the file path to be disabled, click the arrow control and select Disabled. |
2 |
To re-enable protection of a file path, use the Enable option in either the Status cell or right-click menu. |
1 |
On the File System Protection page, select the template to delete and click Delete | Delete Template. |
1 |
On the File System Protection page, select the file path to be deleted and click Delete | Delete File Path. |
2 |
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. 利用規約 プライバシー Cookie Preference Center