Securing Shares...

I was curious how you guys went about securing your shares. There are so many different ways to secure, but I was curious how other people went about it.

Let me know how you would do the following.

Allow a group of users read/write access but not delete. Group = Marketing

I usually under the shared folder permissions would set the everyone group as read/change

Then under the folder permissions I would allow Marketing group Read/Write permissions.

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

Trailerisf

Yeah, that is what I do... Also, hide the share with a $ at the end.

(read/execute)

royal

You could do the hidden share as well as use something called Access Based Enumuration which is downloadable from Microsoft for free. Access Based Enumuration will basically hide the shares that someone does not have access to see them. It is good for new file server designs so it makes it easier to navigate for users because they will only see what they can access.

TechJunky

Thanks for the tip on ABE. I need to upgrade to SP1 anyhow to fix some current problems.

sprkymrk

I think ABE is in W2K3 R2, not SP1. It's a whole new copy of the server license, you can't download it like SP1.

TechJunky

When i went to install ABE it said I had to have SP1 installed first. So perhaps it may work? I downloaded SP1 and I will schedule an install date and see if it allows me to install ABE after SP1 has been installed.

sprkymrk

Cool. I've been wrong plenty of times before, so let me know if it works.

garv221

It all depends on the drive. Never use the group "everyone" only authenicated users. Keep default share permissions as "everyone full control" & restrict their NTFS. I use the special permissions more than anything b/c modify can sometimes be to much...Folders get moved...users, they are like children

TechJunky

Actually if you share a folder with default permissions shares it sets the share folder permission to everyone-read. Anyhow, who cares about technicalities... I am bored.

sprkymrk

garv221 wrote:

Never use the group "everyone" only authenicated users.

Actually garv, that was true in W2K, but is no longer something you need (or even should) do. In W2K, the only difference between the "Everyone" and "Authenticated Users" was that under W2K the "Everyone" group contained the anonymous user. That's not the case anymore. In both WXP and W2K3 those 2 groups are exactly identical.

garv221

TechJunky wrote:

Actually if you share a folder with default permissions shares it sets the share folder permission to everyone-read. Anyhow, who cares about technicalities... I am bored.

Yeah for 2k3- For Server 2000 it defaults everyone full share rights.

sprkymrk- I am using 2K server...Funny I am certified in 2003 server though..lol

TechJunky

Ok, I installed Windows 2003 Service Pack 1 and the Hotfix to fix the firewall being disabled issue with XP clients running SP2 on a 2003 SBS Server using AD.

I have a couple more hotfixes and then I will try EBA installation.

TechJunky

ABE works fine with Win 2003 SP1 SBS just incase anyone wanted to know.

sprkymrk

TechJunky wrote:

ABE works fine with Win 2003 SP1 SBS just incase anyone wanted to know.

Cool, thanks.

blargoe

Access based enumeration came out as a download from Microsoft about a week after SP1 was released I think. I think it comes with R2 but works great with SP1 without R2.

I always set the share perms back to Full and use ABE and NTFS permisisons to secure.

RTmarc

blargoe wrote:

I always set the share perms back to Full and use ABE and NTFS permisisons to secure.

x2

Also, this is a Microsoft "best practice".