Help Center
Quick Start
- Overview
- System requirements
- Minimum privileges required
- Default port configuration
- Installing DataSecurity Plus
- Uninstalling DataSecurity Plus
- Starting DataSecurity Plus
- Launching DataSecurity Plus
- Configuring your solution
- Licensing details
- Applying a license
File Auditing
- About File Auditing
- Domain configuration
- File server configuration
- Failover cluster configuration
- NetApp server configuration
- Workgroup configuration
Setting up File Audit
Dashboard
Reports
Alerts
Configuration
Storage Configuration
File Analysis
- About File Analysis
- On-Demand Reports
Setting up File Analysis
Dashboard
Reports
Alerts
Configuration
Data Risk Assessment
- About Data risk assessment
Setting up Data risk assessment
Dashboard
Reports
Ownership analysis
Configuration
Endpoint DLP
- About Endpoint DLP
Setting up Endpoint DLP
Reports
Alerts
Prevention policies
Configuration
Cloud Protection
- About Cloud Protection
- Gateway Server Configuration
- Certificate Authority Configuration
- Gateway Configuration in Endpoint
- Manage Certificate Trust Store
- Threat Analytics Database
- Manage Banned Applications
- Manage Authorized Applications
- Gateway Server Failover
- Two-way SSL configuration
- Global Insight
- Application Insight
- User Insight
- Shadow Application Insight
- Banned Application Insight
- Cloud App Discovery
- Cloud Access Reports
- Application Insights
- Shadow Cloud Application Reports
- Banned Cloud Application Reports
- File Upload Reports
Setting up Cloud Protection
Dashboard
Reports
Control Policies
Storage Configuration
Administrative settings
- Technician configuration
- Notification filters
- Manage agent
- Agent settings
- SIEM integration
- Business hours configuration
- Two-factor authentication
- Workgroup configuration
- Security policy
Email configuration
General settings
- Connection
- Personalize
- DataSecurity Plus Server
- Privacy Settings
- Disk utilization
- Schedule Retention Policy
Policy Configuration
Release notes
2024
2023
2022
2021
2020
2019
2018
2017
2016
2015
Troubleshooting
- HTTP communication failure
- Dormant DataEngine
- Secure Gateway server failure
- RPC communication failure
- Known issues and limitations
- Known errors and solutions
Guides
- Agent document
- How to Migrate/Move DataSecurity Plus
- How to apply SSL certificate
- How to automate DataSecurity Plus database backup
- How to set alerts in DataSecurity Plus
- How to secure your DataSecurity Plus installation
On-demand reports
On-Demand Reports can be used to instantly retrieve specific file security or storage information as needed. They are available under the On-Demand Reports tab.
The list of available On-Demand Reports are:
- Effective Permissions: Shows the effective permissions of users on the selected folders. You can choose to omit the AD objects that do not have any permissions by checking the box available below the report parameters.
- All Shares: List all the shared folders in a selected server with details on the share name, type, share path, local path, security permissions (access and audit) and share permissions.
- Open Sessions: Lists all the open user sessions in the server with details on the host IP, the username, connected time, idle time, and the number of open files.
- Open Files: Lists the files that are open at the time the report is generated.
- Junction Points: A junction point refers to a directory that redirects to another directory on the local device. For example, if folder A redirects to folder B, which is present on the same drive or a different drive on the same device, then folder A is a junction point. This report will list both folders A and B.
- Privileged Users: Lists the users with excessive privileges. Here, excessive privileges refer to the specific permission for which you generate the report.
- Orphaned Files: Displays the location of files and folders owned by deleted users.
- NTFS Permissions: Displays the security permissions users have over folders.
- Empty Folders: Lists all the empty folders within a specific folder.
- Explicit Permissions: Lists all users who have been granted explicit permissions over folders, subfolders, or files. You can define the type of permission you wish to generate the report for in Report Configuration. Inherited permissions are not considered while generating this report.
Configuring parameters for On-Demand Reports
On-Demand Reports can be generated by defining the following report parameters:
| Report parameter | Description |
| Server Name | The server you wish to scan. |
| AD Objects | The users, groups, or well-known security IDs you wish to analyze. |
| Folders | The shares or local folders you want to scan in the target server. Local folders refer to folders that have not been shared with users and can be added to the scan by specifying the folder path. |
| Subfolder Level | The depth of subfolder levels you want to scan. You can scan only the target folder, leaving out the child items by choosing No Sublevel in the drop-down. Or, you can choose to scan one, two, or all sublevels. |
| Scan | Choose the directory object you want to scan. You can choose between scanning only files, only folders, or both files and folders. |
| Permission | Choose a particular permission you wish to track. For example, generating the list of users who have Full Control. Applicable only to Privileged Users and Explicit Permissions reports. |
File Analysis offers granular reporting to help access specific data easily. Here are some instances where you'll find our reports helpful.
- Examine all the privileges users have over shared files: Let's say you want to track the permissions of a user, say John Smith, across all the files inside a particular parent folder and its child folders located in server FS01. You can do this by going to File Analysis > On-Demand Reports > Effective Permissions, and setting the parameters as:
Server Name: FS01
AD objects: John Smith
Folders: D:\Contracts\Vendors
Subfolder Level: All Sublevels
Scan: Files only - View which users have the particular permission to run executables: If you want to find which users can execute programmables within a local folder, you can retrieve the information by generating the Privileged Users report. This report considers privileges specified by you for reporting. For example, to view which users have the Read and Execute permission on the D:\Marketing\Contracts folder, go to File Analysis > On-Demand Reports > Privileged Users, and set the parameters as:
Server Name: FS01
Permission: Read and Execute
Folders: D:\Marketing\Contracts (Specify folder path in the Add Folder Path box)
Subfolder Level: All Sublevels
Scan: Folders only - View which users have explicitly been granted Full Control permission: You can find which users have Full Control over shared files in server FS01 by going to File Analysis > On-Demand Reports > Explicit Permissions and setting the parameters as:
Server Name: FS01
Permission: Full Control
AD Objects: ALL
Folders: D:\Marketing\Contracts
Subfolder Level: No Sublevel
Scan: Files only
Note: On-Demand Reports can only be generated if the Local System Account has Read permission over the selected folders.
Follow the steps below to generate reports:
- Select File Analysis from the application drop-down.
- Select On-Demand Reports.
- Define the server and other scan parameters as required.
- Click Generate Report.
Note: You can view the scan progress, errors (if any), and associated error messages in the right-side panel. These errors might be due to lack of permissions to the Local System Account, inability to find the directory or estimate the size of the share, or other unknown errors. To resolve unknown errors, contact support@datasecurityplus.com.