Securing Shares...
I was curious how you guys went about securing your shares. There are so many different ways to secure, but I was curious how other people went about it.
Let me know how you would do the following.
Allow a group of users read/write access but not delete. Group = Marketing
I usually under the shared folder permissions would set the everyone group as read/change
Then under the folder permissions I would allow Marketing group Read/Write permissions.
Let me know how you would do the following.
Allow a group of users read/write access but not delete. Group = Marketing
I usually under the shared folder permissions would set the everyone group as read/change
Then under the folder permissions I would allow Marketing group Read/Write permissions.
Comments
-
Trailerisf Member Posts: 455Yeah, that is what I do... Also, hide the share with a $ at the end.
(read/execute)On the road to Cisco. Will I hunt it, or will it hunt me? -
royal Member Posts: 3,352 ■■■■□□□□□□You could do the hidden share as well as use something called Access Based Enumuration which is downloadable from Microsoft for free. Access Based Enumuration will basically hide the shares that someone does not have access to see them. It is good for new file server designs so it makes it easier to navigate for users because they will only see what they can access.“For success, attitude is equally as important as ability.” - Harry F. Banks
-
TechJunky Member Posts: 881Thanks for the tip on ABE. I need to upgrade to SP1 anyhow to fix some current problems.
-
sprkymrk Member Posts: 4,884 ■■■□□□□□□□I think ABE is in W2K3 R2, not SP1. It's a whole new copy of the server license, you can't download it like SP1.All things are possible, only believe.
-
TechJunky Member Posts: 881When i went to install ABE it said I had to have SP1 installed first. So perhaps it may work? I downloaded SP1 and I will schedule an install date and see if it allows me to install ABE after SP1 has been installed.
-
sprkymrk Member Posts: 4,884 ■■■□□□□□□□Cool. I've been wrong plenty of times before, so let me know if it works.All things are possible, only believe.
-
garv221 Member Posts: 1,914It all depends on the drive. Never use the group "everyone" only authenicated users. Keep default share permissions as "everyone full control" & restrict their NTFS. I use the special permissions more than anything b/c modify can sometimes be to much...Folders get moved...users, they are like children
-
TechJunky Member Posts: 881Actually if you share a folder with default permissions shares it sets the share folder permission to everyone-read. Anyhow, who cares about technicalities... I am bored.
-
sprkymrk Member Posts: 4,884 ■■■□□□□□□□garv221 wrote:Never use the group "everyone" only authenicated users.
Actually garv, that was true in W2K, but is no longer something you need (or even should) do. In W2K, the only difference between the "Everyone" and "Authenticated Users" was that under W2K the "Everyone" group contained the anonymous user. That's not the case anymore. In both WXP and W2K3 those 2 groups are exactly identical.All things are possible, only believe. -
garv221 Member Posts: 1,914TechJunky wrote:Actually if you share a folder with default permissions shares it sets the share folder permission to everyone-read. Anyhow, who cares about technicalities... I am bored.
Yeah for 2k3- For Server 2000 it defaults everyone full share rights.
sprkymrk- I am using 2K server...Funny I am certified in 2003 server though..lol -
TechJunky Member Posts: 881Ok, I installed Windows 2003 Service Pack 1 and the Hotfix to fix the firewall being disabled issue with XP clients running SP2 on a 2003 SBS Server using AD.
I have a couple more hotfixes and then I will try EBA installation. -
blargoe Member Posts: 4,174 ■■■■■■■■■□Access based enumeration came out as a download from Microsoft about a week after SP1 was released I think. I think it comes with R2 but works great with SP1 without R2.
I always set the share perms back to Full and use ABE and NTFS permisisons to secure.IT guy since 12/00
Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
Working on: RHCE/Ansible
Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...