Skip to content

Windows Server Connector Overview

This connector enables you to use Data Access Security to access and analyze data stored in Windows Server and do the following:

  • Analyze the structure of your stored data.
  • Classify the data being stored.
  • Verify user permissions on the resources and compare them against requirements.

Installation Flow Overview

  1. Setup the prerequisites.
  2. Add a new Windows Server application to Data Access Security.

Collecting Data Stored in a Managed Application

The list below describes the high-level installation process required to collect and analyze data from an external application. Most of these should already be set up in your Data Access Security installation.

  1. Create an application in Data Access Security.
  2. Create a Virtual Appliance Cluster if utilizing Permission Collection, Crawler, or Data Classification.

Supported Versions

The Data Access Security Microsoft Windows Server Connector supports the following versions of Microsoft Windows Server and Windows Server Core:

2016, 2019, 2022, 2025

32 and 64-bit support for all versions

Windows Server Operation Principles

Data Access Security connects to the Windows Server through SMB, collects the local users and groups, and analyzes the share and NTFS permissions on all the folders.

Business Resource Path

The full path of the business resource is the UNC shared path, rather than the physical path of the folder. The physical paths display since they are represented by the administrative shares (c, d...) and are treated in the same way as any other share on the server.

  • Crawler - The crawler crawls through all the shares and creates business resources with the share’s full path (\\server_name\share\folder).
  • Permission Collector - The permissions collector analyzes share permissions, as well as NTFS permissions.

Resource Tree Structure

Physical paths that do not belong to a share are not displayed in Data Access Security.

The Business Resources tree is represented as follows:

  • [Application Name]
    • [Special / Admin Shares] (this includes C$ and any other volume configured on the endpoint)
    • [Share A]
    • [Share B]

Windows Server Failover Cluster

Windows Server Failover Cluster is an Active Passive Cluster based on Windows Server.

The following definitions apply to the Windows Server Failover Cluster:

  • Node - A physical server that is part of a cluster. All nodes in a cluster must be configured when the “Is Cluster”’ field in the application configuration wizard is checked.
  • Server Name - A logical layer on top of the node layer. Shares in a cluster belong to a Server Name which is the name used when shares in the cluster are accessed. A Server Name (discovered automatically, as part of the crawling task) is active on one node at a time.
  • File Share Scoping - Shares located on a cluster node can only be specified through the Server Name, not through the cluster node name in which they are currently active.

Windows Failover Cluster Share Scoping

Data Access Security supports Windows Failover Cluster Share Scoping.

The Server Names and their corresponding shares are discovered as part of the crawl task.

Documentation Feedback

Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.