Tuesday, November 13, 2012 7:48 PM
I am looking for a clever way to make a read-only account for the purpose of scanning all files on a server. There are quick ways to create an account with access to all files on a server such as placing account in Admin container (not preferred), placing account in Backup Operators container (also not preferred as the account would be able to power down the device), or to create an account and a script to provide the account read only access to each file individually (not preferred because then a script has to be ran regularly to update permissions to new files).
Has anybody found a clever way to create and push a "read-only" account to servers for DLP projects or other similar projects?
Wednesday, November 14, 2012 2:12 AM
I would add the user in almost the same group you use for your server shares. Create a group like Public-RO for a group named Public.
IMO you only need to scan folder / share where user can put file there.
- Marked As Answer by Cheers ZHANGMicrosoft Contingent Staff, Moderator Wednesday, November 21, 2012 6:18 AM