Posts Tagged ‘security’

Welcome Xton Technologies

July 28, 2017

After many successful years at MetaVis culminated with business acquisition by the fiercest competitor we decided to entertain ourselves in the area of cyber security. Welcome, Xton Technologies, the company that builds, markets and distributes enterprise privileged accounts management software including:

  • Database for secrets that enables permission based sharing of secret information like passwords and security certificates for employees, contractors and scripts
  • Policy driven password reset
  • Centralized script execution for Windows, Unix and IoT devices
  • Agentless access to network resources without disclosing passwords or keys to end users capable to record and monitor RDP, VNC or SSH sessions.
  • Privileged account discovery

I will spend more time in the following posts discussing various aspect of this innovating software. For now, let’s enjoy variety of love locks on the Salzburg bridge on the picture below symbolizing patches of cyber security implemented by typical enterprise in attempt to match the speed of the modern world.

Xton Tech, Identity Manager, agentless RDP SSH VNC sessions

Makartsteg Bridge

Also, visit our WEB Site, help us spread the word, like our LinkedIn page, download the installer from our WEB site to try the software; or recommend us someone who might be interested.

MetaVis Feature of the Day: Cleaning up SharePoint Users

June 13, 2014

MetaVis platform includes Orphaned Users report that can find all users in site collection or server farm who are deleted or disabled in the corporate Active Directory. There are several scenarios that could lead to such inconsistency. First, users could be disabled in the Active Directory by mistake and it should be fixed. Also, the users might not be with the organization anymore. In this case, MetaVis offers tools (both interactive and static reports) to analyze permissions that users still have in the site collection and either remove these “orphaned” permissions or transfer them to a new user.

There is also a Content Inventory report that can identify the content owned by the orphaned user. Administrators can keep the ownership of the content for the historical tracking purposes, transfer the content ownership to the other user in the company, potentially even relocating the content to the other location like OneDrive personal workspace. Administrators can alternatively archive the content that belong to the orphaned user to free more storage and improve service usability.

All these functions work to on-premises and hosted SharePoint versions 2007, 2010 and 2013 (without the need to install anything on the server farm) as well for Office 365 tenancies.

Please visit for more information about MetaVis Security Manager for SharePoint.

Please visit for more information about MetaVis Architect Suite for SharePoint.

MetaVis Feature of the Day: Pattern Based Search in SharePoint

June 11, 2014

It is easy to search through SharePoint farm for documents with certain URLs but try to identify documents with any URL. It is clear what to do to find documents with certain Social Security Number but try to find documents that contain any Social Security Number… and display all these numbers on the way. Meet MetaVis Informant – SharePoint tool that can identify documents in content databases following pre-configured rules and execute actions for the documents it finds.

MetaVis Informant includes dozens if not hundreds pre-built rules to detect documents with PII, PHI, postal addresses, ZIP Codes, driver licenses, URLs, links, dictionary keywords (optionally integrated with SharePoint Term Stores), following certain naming conventions, missing required information (like contract numbers), following some metadata patterns and many more. In addition to this Informant allows to define custom rules using regular expressions. Informant rules could be combined together using logical expressions like “Find documents that contain driver license number and keywords from this list but now keywords from that term set”.

Informant can identify documents following pre-configured policies perform any combination of the following actions

  • Generate report with the identified documents
  • Copy or move documents to certain location
  • Upload files from file system to SharePoint or download them back
  • Quarantine detected documents
  • Change (add or remote) documents permissions
  • Change or enhance document metadata

MetaVis Informant could be used to cross-users security checks to detect what could be seen by different groups of user accounts, audits, data loss prevention and other governance related activities.

MetaVis Informant is a client based tool that does not require server side agents. It works with File Systems, on-premises and hosted SharePoints as well as Office 365.

Please visit for more information about MetaVis Informant.


MetaVis Feature of the Day: SharePoint Permissions Management

June 3, 2014

Many product in MetaVis Platform include the ability to transfer permissions. MetaVis Migrator includes the function to copy and migrate site, list and item level permissions as well as site collection administrators between SharePoint locations as part of larger content copy or migration operations. MetaVis OneDrive for Business Management Suite also includes support for copying content sharing options to OneDrive personal sites.

However, there is also permission oriented product called MetaVis Security Manager that allows administrators to manage permissions in on-premises and hosted SharePoint farms (including versions 2007, 2010, 2013), OneDrive for Business and Office 365 locations. Permissions management functions include the ability to

  • Browse permission records for multiple objects using convenient interface
  • Copy permissions between objects (site collections, sites, lists and items)
  • Mass create, edit and delete multiple permission records
  • Backup up and restore permissions
  • Transfer permissions and group membership between users
  • Report users that have access to certain objects or locations
  • Report objects accessible to certain users
  • Analyze Orphaned users existing in site collections but deleted or disabled in the underlying user directories and report objects still owned by these users
  • Transfer orphaned users between site collections and server farms (including Office 365) to maintain historical records authorship

Please visit for more information about MetaVis Security Manager for SharePoint.


MetaVis Feature of the Day: Transfer SharePoint User Permissions

June 2, 2014

When an employee comes to the organization to replace someone else who performed similar work before, the need arises to transfer permissions to the existing objects from the previous user to the new one.

MetaVis Transfer User Permissions function transfers permissions between users in SharePoint including permissions associated with sites, lists and individual items as well as security groups membership. The function operates for multiple site collections (down the sub-site hierarchy) in the server farm environment and, optionally, for multiple selected users. The function does its work remotely, without server site control; is is available for on-premises, hosted and Office 365 SharePoint site collections and farms.

Please visit for more information about MetaVis Administration Suite for SharePoint.

Please visit for more information about MetaVis Security Manager for SharePoint.


MetaVis Feature of the Day: OneDrive for Business Sharing Analysis

May 30, 2014

MetaVis Platform allows administrators to monitor OneDrive for Business usage and activity trends. Graphical dashboards display information like space distribution and file type analysis to understand whether and how organization employees use their personal sites.

One of these reports is particularly interesting for security analysis and data leaks prevention. Content sharing report visualizes external parties who can access internal content because this content was shared by inside personnel. Content sharing report allows to drill down to the user who shared the content and ultimately allows to locate the content itself. For some people, the absence of this transparency to see how the content is shared with 3rd parties is the last road block holding them from adopting OneDrive for Business in their organizations. MetaVis brings this transparency with OneDrive for Business Management Suite.

Please visit for more information about MetaVis OneDrive for Business Management Suite.

MetaVis Feature of the Day: SharePoint Permissions Backup

May 20, 2014

Unlike for some other objects in SharePoint there is no recycle bin for SharePoint permissions and security group membership. Once permission record is deleted or changed there is no way to roll back the change or at least to peek at how did it look before the modification. To help administrators with this situation MetaVis has an option to backup up and restore SharePoint site, list and item level permissions only without the content as well as browse historical snapshots with backed up permissions. As a compliment to this functionality MetaVis also has an option to backup SharePoint security groups including groups membership with the further ability to browse groups and group membership in the backup snapshots as well as the option to restore groups or group membership to SharePoint sites. All of it without any server side agents and fully compatible with Office 365 and any other hosted SharePoint environment.

Please visit to learn more about MetaVis Backup.

MetaVis Security Manager for SharePoint

September 12, 2011

One of the problems SharePoint Administrators and Site Owners face during their job is to efficiently manage SharePoint security across multiple site collections and server farms, possibly across multiple user directories: active directory domains, federated directories like ADFS or database user directories for form based authentication. MetaVis Security Manager for SharePoint is designed to simplify these activities.

Specifically, MetaVis Security Manager for SharePoint allows its users to perform the following functions:

  • Browse, add, edit and delete groups, users, permissions and permission levels in a visual hierarchical structure of site collections, sites, lists and individual items in a single GUI for multiple server farms, domains and site collections.
  • Copy groups, users, permissions and permission levels between server farms, site collections, sites, lists and individual items possible across different user directories (LDAP, ADFS, RDBMS).
  • Manage permissions for multiple SharePoint objects at the same time.
  • Compare objects permissions.
  • Discover and resolve potential security problems in multi-server farm environments like disabled users with granted permissions, broken chain of permission inheritance, etc.
  • Analyze who has access to what in a multi-server farm and multi-site collection environment. Discover what objects could be accessed by certain users or groups.

MetaVis Security Manager for SharePoint supports SharePoint 2007 and 2010 environments, connects to SharePoint from remote computers, does not require server side installations and supports managing hosted SharePoint environments like Microsoft Office 365.

MetaVis Platform Features Overview: Browse list or library permissions and copy selected list permissions between lists

April 8, 2011

SharePoint lists by default have their permissions inherited from the sites where they got created. However it is possible to break list permission inheritance and set up unique permissions for the specific list. In this case list permissions will not be changed in case someone will change site permissions however unique users or groups could be added to the list permissions.


MetaVis Migrator and MetaVis Change Manager support copying or unique list permissions between SharePoint sites. This time we added a function to display list permissions in the MetaVis Content Viewer and copy individual permissions between lists, sites and site collections.


Right click on a list, select Objects and then Show Permissions menu item to browse list permissions.



Users can copy and paste or drag-and-drop permissions records from this Permissions Viewer to the other list in this or other SharePoint site.


Also note the little icon on the Permissions Viewer toolbar that is an indicator that the list has permissions inherited from the parent site. Clicking on this button would break or restore list permissions inheritance.



MetaVis Platform Features Overview: Bulk user mapping to add or replace domain in login names

March 8, 2011

Many if not all SharePoint objects have user accounts associated with them. They could come in the form of basic item or document properties like Created By or Modified By. The other example is the value in Person or Group field. Users could also be members of SharePoint security groups or object permission records.

One of the common problems that arise when people copy SharePoint objects or the whole site collections between active directory domains is to change account information when copying users. For a long time MetaVis Migrator used to have an ability to specify user mapping when performing copy operations. Each Copy Wizard to copy items, lists, sites, permissions or user groups includes the controls to provide user mapping

User mapping should be provided in the form of CSV file with a row per user mapping. Each row should specify account name is the source and target environments separated with comma.

While this approach works well in majority of the situations it is often hard to compile user mapping file if environments contain hundreds if not thousand user accounts.

To cover the situation with bulk user mapping, MetaVis Migrator added the ability to provide user-mapping rows using wildcard specifications like on the picture below

In addition to this, the wildcard specification could just add a domain to the account that does not have domain in the source environment

The later mapping could be user to map user accounts from FBA environments or from non-user fields like text field or MS Office Authors or Last Saved By fields.

It is worth to note that the wildcard records could be provided in the mapping file in addition to the real account mapping. This technics provides the mechanism to specify default values to the user mapping in addition to the direct mapping of the account that have more changes in the source and target environment than just domain change.