Author Archives: Jarrod

Create and Configure Central Access Rules and Policies

Create and Configure Central Access Rules and Policies

We can create and configure Central Access Rules and policies that are automatically deployed to all file servers in our Active Directory based domain.

Central Access Rules (CARs) are used to control access to files and folders based on the resource properties that we have created.

The central access rule uses the user and device claims with resource properties to determine the permissions that should be set on particular files.

Read more »

Create and Configure Resource Properties and Lists

Create and configure resource properties and lists

We can create and configure resource properties and lists to specify extra properties that can be used on files and folders. A resource list simply contains one or more resource properties, both are created through Active Directory Administrative Center as we’ll see in the examples.

These are needed as part of a Dynamic Access Control (DAC) solution to create and configure central access rules.

Additional properties can be set on a file or folder using resource properties. This is similar to file classification but instead works at the domain level rather than only on the file server. We can use these resource properties to configure access to the file that they are applied to.

Read more »

Configure User and Device Claim Types

We can configure user and device claim types in Active Directory which can be used as part of Dynamic Access Control (DAC) in a Windows based environment.

DAC was added in Windows Server 2012 to allow administrators to configure custom authorization to a file server by using conditional logic using user and device claim types. This is quite powerful, we can have permissions to a user change and update automatically based on changes to attributes to the user or device itself.

Read more »

How to Upgrade Debian 8 Jessie to Debian 9 Stretch

Upgrade Debian Jessie 8 to Debian Stretch 9

Debian 9 Stretch was released as the latest stable version of the Linux Debian operating system today. While you can install Debian 9 Stretch fresh, you can also perform an in place upgrade from Debian 8 Jessie quite easily, which is what we will cover here.

Read more »

Perform Access-Denied Remediation in Windows Server 2016

Perform Access-Denied Remediation

Access-denied remediation, also known as access-denied assistance, allows us to set a predefined error message to be provided to a user that attempts to access a file or folder that they do not have permissions to. Rather than receiving a generic permission denied error, an administrator can instead customize the error message. We can perform access-denied remediation by both setting it up manually on a file server, or automatically for many file servers through group policy.

Read more »

Configure File Access Auditing in Windows Server 2016

We can configure file access auditing in Windows Server 2016 so that events are logged every time a specified user or group successfully accesses or attempts and fails to access a specified file or folder. This post will show you how to configure file access auditing in Windows Server 2016.

Read more »

Configure File Classification Infrastructure (FCI) Using FSRM

We can configure file classification infrastructure (FCI) using File Server Resource Manager (FSRM) in Windows to classify different files based on various attributes. While files have the usual properties on them such as creation date and owner for example, we can use FCI to add our own custom properties to a file. This allows us to classify files in our environment automatically based on the contents of the file.

Read more »

Deploy Configurations to Domain and Non-Domain Joined Servers with Security Compliance Manager (SCM)

We can deploy security baseline configurations to domain and non-domain joined servers with Security Compliance Manager (SCM). This is done by first exporting the security baseline as a GPO, and then importing it either as group policy or local policy depending on whether or not the client is a member of an active directory domain.

Read more »

Configure File Management Tasks in Windows Server 2016

Configure File Management Tasks

We can configure file management tasks with File Server Resource Manager (FSRM) in Windows Server 2016 to perform various tasks on the file server for us.

For example we can configure scheduled tasks to to complete specific actions, such as expire files older than a certain date automatically and archive them, or encrypt files that match a specific criteria. We can also run custom scripts on a specific set of files to perform arbitrary actions as required.

In this example we’ll show you how to configure file management tasks in Windows Server 2016, however the steps are very similar to older versions of the Windows operating system.
Read more »

Fixing Plex on the QNAP NAS

I recently upgraded the firmware on my QNAP NAS from QTS 4.2.x to 4.3.x, and in doing so Plex stopped working. It was difficult to find information online to fix the problem, so I figured I’d write this short post on how to fix the issue.

Read more »