Securing Shares...

TechJunky · November 2006

I was curious how you guys went about securing your shares. There are so many different ways to secure, but I was curious how other people went about it.

Let me know how you would do the following.

Allow a group of users read/write access but not delete. Group = Marketing

I usually under the shared folder permissions would set the everyone group as read/change

Then under the folder permissions I would allow Marketing group Read/Write permissions.

Trailerisf · November 2006

Yeah, that is what I do... Also, hide the share with a $ at the end.

(read/execute)

royal · November 2006

You could do the hidden share as well as use something called Access Based Enumuration which is downloadable from Microsoft for free. Access Based Enumuration will basically hide the shares that someone does not have access to see them. It is good for new file server designs so it makes it easier to navigate for users because they will only see what they can access.

TechJunky · November 2006

Thanks for the tip on ABE. I need to upgrade to SP1 anyhow to fix some current problems.

sprkymrk · November 2006

I think ABE is in W2K3 R2, not SP1. It's a whole new copy of the server license, you can't download it like SP1.

TechJunky · November 2006

When i went to install ABE it said I had to have SP1 installed first. So perhaps it may work? I downloaded SP1 and I will schedule an install date and see if it allows me to install ABE after SP1 has been installed.

sprkymrk · November 2006

Cool. I've been wrong plenty of times before, so let me know if it works.

garv221 · November 2006

It all depends on the drive. Never use the group "everyone" only authenicated users. Keep default share permissions as "everyone full control" & restrict their NTFS. I use the special permissions more than anything b/c modify can sometimes be to much...Folders get moved...users, they are like children

TechJunky · November 2006

Actually if you share a folder with default permissions shares it sets the share folder permission to everyone-read. Anyhow, who cares about technicalities... I am bored.

sprkymrk · November 2006

garv221 wrote:

Never use the group "everyone" only authenicated users.

Actually garv, that was true in W2K, but is no longer something you need (or even should) do. In W2K, the only difference between the "Everyone" and "Authenticated Users" was that under W2K the "Everyone" group contained the anonymous user. That's not the case anymore. In both WXP and W2K3 those 2 groups are exactly identical.

garv221 · November 2006

TechJunky wrote:

Actually if you share a folder with default permissions shares it sets the share folder permission to everyone-read. Anyhow, who cares about technicalities... I am bored.

Yeah for 2k3- For Server 2000 it defaults everyone full share rights.

sprkymrk- I am using 2K server...Funny I am certified in 2003 server though..lol

TechJunky · November 2006

Ok, I installed Windows 2003 Service Pack 1 and the Hotfix to fix the firewall being disabled issue with XP clients running SP2 on a 2003 SBS Server using AD.

I have a couple more hotfixes and then I will try EBA installation.

TechJunky · November 2006

ABE works fine with Win 2003 SP1 SBS just incase anyone wanted to know.

sprkymrk · November 2006

TechJunky wrote:

ABE works fine with Win 2003 SP1 SBS just incase anyone wanted to know.

Cool, thanks.

blargoe · December 2006

Access based enumeration came out as a download from Microsoft about a week after SP1 was released I think. I think it comes with R2 but works great with SP1 without R2.

I always set the share perms back to Full and use ABE and NTFS permisisons to secure.

RTmarc · December 2006

blargoe wrote:

I always set the share perms back to Full and use ABE and NTFS permisisons to secure.

x2

Also, this is a Microsoft "best practice".

Securing Shares...

Comments