Deprecation notice: we no longer actively support the Windows File Shares built-in connector. New users should refer to the Windows File Shares import agent instead.

The Windows File Shares connector for Elimity Insights fetches permissions, principals and resources from Windows File Shares so you can keep in control of your environment.

Follow the instructions below to set up the connector for your environment.

How it works

Elimity Insights periodically fetches permissions, principals and resources from Windows File Shares.
Write Elimity Insights queries to review and monitor updates to the data, or leverage existing queries.
Configure these stored queries to take action when the Elimity Insights data changes.

Integration requirements

Setting up a Windows File Shares source in Elimity Insights requires:

a Windows server with accessible file shares,
a sysadmin user with the ability to create new file share users,
a user in Elimity Insights with the role Connector Admin or higher.

Integration instructions

Follow the following steps to set up a Windows File Shares source in Elimity Insights:

Create a Windows user with read-only access to the file shares you want to import.
Provide the newly created user’s credentials to Elimity Insights. Also fill in the NTLM domain if applicable. For more information about NTLM authentication, refer to the official documentation.
Fill in the starting points (roots) for scanning file shares. Elimity Insights supports both DNS hosts and IP addresses as hostnames. Ensure the Windows server is accessible for Elimity Insights. The snippet below shows an example configuration:
```
{
  "my-host-scan-specific-shares": {
    "my-share-1": [
      "my-dir-1",
      "my-dir-2/my-sub-dir"
    ],
    "my-share-2": [
      "."
    ]
  },
  "my-host-scan-all-shares": null
}
```
Configure how the connector should scan your file shares.

Troubleshooting

Dial tcp <xyz>: connection refused

Elimity Insights cannot connect to your Windows server, ensure that the file shares are accessible and that your firewalls are configured correctly.

Changelog

v3.18.0

Added extra progress logs while scanning shares.
Added out-of-the-box controls.

v3.22.0

Added support for configurable Windows file share server ports. Existing deployments will continue using port 445 by default.

v3.22.1

The connector will now log errors related to DFS namespaces, unmounted volumes and unavailable pipes instead of failing the import.
Added support for scanning multiple servers, the hostname configuration now accepts a comma-separated list of values. This results in changes to resource identifiers and paths.
The port configuration is deprecated and ignored, the connector always connects to port 445.

v3.23.0

The connector now no longer supports the previously deprecated port configuration.
The NTLM domain configuration is now optional, blank spaces in existing configurations are converted to empty values.

v3.24.0

This update further relaxes the connector's error checking, only failing the import if strictly necessary.
A more flexible JSON-based value replaces the configuration field for hostnames, allowing users to explicitly list servers, shares and folder paths to start searching from.
The 'Owner' attribute is renamed to 'SID Owner'.

v3.37.0

The connector is now replaced by the Windows file shares import agent and immediately logs an error message explaining this.