Help Center
File Audit Endpoint Security File Analysis Risk Analysis Release NotesQuick Start
- System requirements
- Minimum privileges required
- Default port configuration
- Installing DataSecurity Plus
- Uninstalling DataSecurity Plus
- Starting datasecurity plus
- Launching datasecurity plus
- Configuring your solutions
Setting up File Audit
Dashboard
Reports
Alerts
Incidents
Advanced configurations
- Predefined audit reports
- Creating new audit reports
- Creating new alert profiles
- Creating new incident profiles
- Configuring exclusion-based settings
- Configuring retention and archive settings
Setting up Endpoint Security
Reports
Advanced configurations
- Predefined policies
- Creating new policies
- Predefined audit profiles
- Creating new audit profiles
- Predefined incident profiles
- Creating a new incident
- Exclude configuration
Setting up File Analysis
Dashboard
Reports
Incidents
Configuration
Setting up Data Risk Assessment
DashboardReports
Advanced configuration
- Predefined policies
- Creating new policies
- Predefined rules
- Creating new rules
- Creating new incident profiles
- Scan configuration
About DataSecurity Plus
How-To
Quick Start File Audit Endpoint Security Risk Analysis File Analysis About DataSecurity Plus Release notes Contact usContact us
2019
2018
2017
2016
2015
Permissions and privileges guide
Once Domain Admin credentials are granted, DataSecurity Plus instantly starts detection, auditing, analysis, and response activities in licensed modules. If you don't want to provide Domain Admin credentials, follow the steps in this guide to set up the service account with the least privileges required.
1. Privileges required for every module
The below steps list the privileges required by every edition and every module of DataSecurity Plus. These permissions should be granted first, before the permissions specific to each module are provided.
-
Grant the user Full control over the product installation folder.
DataSecurity Plus requires Full control over the product installation folder to write in the database.
- Log in to the computer where DataSecurity Plus is installed with Domain Admin privileges.
- Locate the product installation folder; right-click Properties > Security > Edit; add the DataSecurity Plus user, and provide Full control.
-
Grant the user Full control over DataSecurity Plus' archive folder.
DataSecurity Plus requires Full control over the archive folder for storing and retrieving archived data from the database.
To find the location of the archive folder, open DataSecurity Plus > Admin > Configurations > Archive Configuration
Log in to the target computer with Domain Admin privileges. Locate the folder; right-click Properties > Security > Edit; add the DataSecurity Plus user, and provide Full control permission.
-
Grant the user Full control over all of DataSecurity Plus' scheduled reports folders.
DataSecurity Plus requires Full control over the scheduled reports folder for saving scheduled reports in the specified location.
- To find the location of a Scheduled Reports folder, open DataSecurity Plus > Admin > Schedule Reports > Modify Schedule Report. You can see the location under After Execution.
- Log in to the target computer with Domain Admin privileges. Locate the folder; right-click, go to Properties > Security > Edit; add the DataSecurity Plus user, and provide Full control permission.
Repeat the steps on all destination folders for scheduled reports.
-
Grant the user Read and Execute permission over all of DataSecurity Plus' alert script folders
The product requires Read & execute permissions on each alert script folder to execute scripts once an alert gets triggered
- To find the location of the alert scripts folder, open DataSecurity Plus > Configuration > Alerts > Modify Alert Profile. You can see the location under
Actions. - Log in to the target computer with Domain Admin privileges. Locate the folder, right-click, go to Properties > Security > Edit; add the DataSecurity Plus user, and provide Read & execute permission.
- To find the location of the alert scripts folder, open DataSecurity Plus > Configuration > Alerts > Modify Alert Profile. You can see the location under
-
Grant the user Modify permission over files for which Move/Delete responses are configured
- Log in to the target computer with Domain Admin privileges. Locate the file for which Move/Delete responses are configured.
- Right-click the file, go to Properties > Security > Edit, add the DataSecurity Plus user, and provide the Modify permission.
- Repeat the steps for all the files for which the specified responses are configured.
2. Privileges required for the File Audit module
The steps below detail the procedure to assign the minimum privileges required by DataSecurity Plus' File Audit module.
- Make the user a member of the Power Users group
- Log in to your Domain Controller with Domain Admin privileges. Open the Group Policy Management Console, right-click on DataSecurity Plus Permission GPO > Edit.
- In the Group Policy Management Editor, select Computer Configuration > Preferences > Control Panel Settings. Right-click on Local Users and Groups > Add Local Group.
- In the New Local Group Properties wizard, select Update under Action. Select Power Users group under Group Name, and add the DataSecurity Plus user.
3. Privileges required for the Data Risk Assessment module
DataSecurity Plus requires Read permissions to locate sensitive data (such as PII, ePHI, credit card details, and so on) in file shares.
There are two ways to grant the user Read permission on the shares to be audited:
- Make the user a member of the Local Adminsitrators group.
- Log in to any computer with Domain Admin privileges. Open the MMC console > File > Add/Remove Snap-in. Select Local Users and Groups > Add > Another computer > Add target computer.
- Select the target computer, and open Local Users and Groups. Select Groups, right-click on Administrators > Properties > Add DataSecurity Plus user.
- Repeat the above steps for every Windows file server or cluster to be audited.
- Grant the user Read permission in both share and NTFS permissions on every audited share.
- Log in to any computer with Domain Admin privileges. Open the MMC console > File > Add/Remove Snap-in. Select Shared Folders > Add > Another computer > Add target computer.
- Select the target computer, selectShare, right-click on Properties > Security > Edit > Add the DataSecurity Plus user , and provide Read permission for both share and NTFS.
- Repeat the above steps for every share to be audited.
4. Privileges required for the Endpoint Security module
DataSecurity Plus requires Local Administrator credentials to monitor all endpoints. To make the user a member of the Local Administrators group:
- Log in to any computer with Domain Admin privileges. Open the MMC console > File > Add/Remove Snap-in. Select Local Users and Groups > Add > Another computer > Add target computer.
- Select the target computer, and open Local Users and Groups. Select Groups, right-click on Administrators > Properties > Add DataSecurity Plus user.
- Repeat the above steps for every endpoint to be audited.
Note: In case you want to monitor a large number of endpoints, making the DataSecurity Plus user a Local Administrator for each endpoint is a tedious task. To simplify the process, provide Domain Administrator credentials to the DataSecurity Plus user.
5. Privileges required for the File Analysis module
This section details the minimum privileges required by DataSecurity Plus' File Analysis module.
- Ensure that the Local System user has Read permission over all monitored files.
By default, the Local System User has Full Control permissions. For File Analysis however, only Read permissions are required. If you wish to change the default permissions, ensure that the Local System User has Read permission over all the files to be monitored in the file server.