How to audit permissions after a Windows migration

Ransomware often leverages a cracked administrator or local administrator password to gain access across a network, or it sets permissions across a network so that attackers can gain access. That’s why it’s important to manage permissions in Windows carefully.

For example, you might be in the process of migrating to a newer version or recently completed a migration from Windows 7 or Server 2009R2. As part of that process, it’s common to change default permissions to copy files, move data and migrate servers. Have you gone back to make sure you’ve removed all excess permissions once the migration is complete? You might have left a door open for an attacker.

Check permission settings before migrating

Get-Acl is the basic PowerShell command to obtain information about the security of a resource. In legacy networks, NT File System (NTFS) permissions have often been set to looser standards. Unless you’ve audited them, you might not realize how they are set. If you are migrating from an older operating system, the permissions were set for a different era and might need to change.

Before starting a migration process, review the permissions that were set. Start with a PowerShell Get-Acl command to see how the NTFS permissions are set. To review all permissions of all users or groups of users in a network, perform an NTFS Directory Effective Permissions Audit.

Permissions when exporting virtual machines

When exporting virtual machines (VMs), you often must change the permissions to migrate. If you don’t change permissions, you will receive an error message “Failed to copy file from ‘<source path of VHD file>’ to ‘<network share>’: General access denied error (0x80070005)”. Because the system account of the Hyper-V host executes the export, the Hyper-V host does not have permission on the network share. Thus, it’s recommended to change permissions to allow systems to access each other.

Copyright © 2019 IDG Communications, Inc.

Source link