https://community.netapp.com/t5/ONTAP-Discussions/Data-Loss-Prevention-Discover-Software/m-p/161057#M36767 <P>Have you try to run the service under a domain admin user?</P> <P><A href="https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/How_to_add_a_domain_user_to_the_built-in_local_administrators_group_in_clustered_Data_ONTAP" target="_self">Make sure the user is a part of the local admin group.</A></P> Tue, 10 Nov 2020 03:44:10 GMT Mjizzini 2020-11-10T03:44:10Z https://community.netapp.com/t5/ONTAP-Discussions/Data-Loss-Prevention-Discover-Software/m-p/160984#M36756 <P>Hi</P> <P>Does anybody has experience on how to allow an external DLP Software (McAfee) having a sight to all NAS shares and also requests "modify rights" on them?</P> <P>Kind Regards</P> <P>Adrian&nbsp;</P> Thu, 05 Nov 2020 08:30:04 GMT https://community.netapp.com/t5/ONTAP-Discussions/Data-Loss-Prevention-Discover-Software/m-p/160984#M36756 paeddy 2020-11-05T08:30:04Z https://community.netapp.com/t5/ONTAP-Discussions/Data-Loss-Prevention-Discover-Software/m-p/161057#M36767 <P>Have you try to run the service under a domain admin user?</P> <P><A href="https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/How_to_add_a_domain_user_to_the_built-in_local_administrators_group_in_clustered_Data_ONTAP" target="_self">Make sure the user is a part of the local admin group.</A></P> Tue, 10 Nov 2020 03:44:10 GMT https://community.netapp.com/t5/ONTAP-Discussions/Data-Loss-Prevention-Discover-Software/m-p/161057#M36767 Mjizzini 2020-11-10T03:44:10Z https://community.netapp.com/t5/ONTAP-Discussions/Data-Loss-Prevention-Discover-Software/m-p/161059#M36769 <P>Hi Mjizzini</P> <P>&nbsp;</P> <P>Thank you for your answer.</P> <P>&nbsp;</P> <P>I created a seperate group like the builtin/administrators-group with only the&nbsp;<SPAN class="mt-bgcolor-f1c40f">"</SPAN><SPAN class="mt-bgcolor-f1c40f">SeTcbPrivilege</SPAN><SPAN class="mt-bgcolor-f1c40f">"</SPAN><SPAN>&nbsp; and shared the "/" as read-only. This seems to work but I don't know if this is the right way to give access to a DLP-Application because the solution as that is bypassing all security settings set on shares (cifs) and exports (nfs). As soon as the DLP application requests modify rights I need to really think about that again.</SPAN></P> <P>&nbsp;</P> <P>We do not have "a general group" on all our shares where I simply could put the dlp-user into that group and access would be granted, and,&nbsp; we do host millions of files.</P> <P>&nbsp;</P> <P>Some more questions are:</P> <P><SPAN>Why DLP application asks for modify rights? I can not imagine what will be happen when the DLP client system catches malware or does wrong functions.</SPAN></P> <P><SPAN>There are also aspects on auditing and performance..</SPAN></P> <P>&nbsp;</P> <P><SPAN>I am really wondering on how do other NAS administrators handle DLP?</SPAN></P> <P>&nbsp;</P> <P><A href="https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/NTFS_permissions_on_a_CIFS_share_are_not_taking_effect_on_a_specific_user" target="_blank">https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/NTFS_permissions_on_a_CIFS_share_are_not_taking_effect_on_a_specific_user</A></P> <P>&nbsp;</P> <P>kind regards</P> <P>Adrian</P> Tue, 10 Nov 2020 06:43:37 GMT https://community.netapp.com/t5/ONTAP-Discussions/Data-Loss-Prevention-Discover-Software/m-p/161059#M36769 paeddy 2020-11-10T06:43:37Z