Advertisement
- Home
- Security
- Operating Systems Security
- Windows
- How do I secure a folder with advanced NTFS permissions?
| 10.07.2008 at 02:13PM PDT, ID: 23795394 | Points: 500 |
|
[x]
Attachment Details
|
||
How do I secure a folder with advanced NTFS permissions?
Asked by dwstovall in Windows Network Security, Miscellaneous Security, Microsoft Windows Operating Systems, File Servers
Tags: Microsoft, Windows, Server 2003 R2
I need to better understand NTFS Folder and File permissions so that I can better protect a folder from deletion.
In the uploaded file: "Folder.gif", you can see the contents of the "ITOPS" folder. I hope to use this folder for IT resources (documentation, tools, apps, etc). It contains several "test" folders and files, along with an "SA" (SysAdmin) folder and a "DS" (Desktop Support) folder.
I am using three security groups to control permissions: ITOPS, ITOPS_SA, and ITOPS_DS. Both the ITOPS_SA and ITOPS_DS groups are members of the ITOPS group.
I am also using "ABE" (Access-Based Enumeration) to control what's visible and accessible. The ITOPS_SA group is applied to the SA folder, the ITOPS_DS group is applied to the DS folder, and the ITOPS group is applied to the ITOPS folder. As a result of ABE, "DS" folks can see and access all but the "SA" folder, and "SA" folks can see and access all but the "DS" folder.
What I hope to accomplish is to protect the DS and SA folders from deletion by their respective group members while at the same time keeping the rest of the contents of the ITOPS folder under full control by either group.
Thanks...
I want to make the contents of this folderStart Free Trial
In the uploaded file: "Folder.gif", you can see the contents of the "ITOPS" folder. I hope to use this folder for IT resources (documentation, tools, apps, etc). It contains several "test" folders and files, along with an "SA" (SysAdmin) folder and a "DS" (Desktop Support) folder.
I am using three security groups to control permissions: ITOPS, ITOPS_SA, and ITOPS_DS. Both the ITOPS_SA and ITOPS_DS groups are members of the ITOPS group.
I am also using "ABE" (Access-Based Enumeration) to control what's visible and accessible. The ITOPS_SA group is applied to the SA folder, the ITOPS_DS group is applied to the DS folder, and the ITOPS group is applied to the ITOPS folder. As a result of ABE, "DS" folks can see and access all but the "SA" folder, and "SA" folks can see and access all but the "DS" folder.
What I hope to accomplish is to protect the DS and SA folders from deletion by their respective group members while at the same time keeping the rest of the contents of the ITOPS folder under full control by either group.
Thanks...
I want to make the contents of this folderStart Free Trial
Attachments:
Loading Advertisement...
20080716-EE-VQP-32 - Hierarchy / EE_QW_2_20070628
Advertisement
- 1. KCTS 111,408
- 2. toniur 90,530
- 3. Phil_Agc... 68,828
- 4. rpggamer... 63,924
- 5. McKnife 53,148
- 6. tigermatt 52,816
- 7. richrumble 50,444
- 8. oBdA 47,082
- 9. CoccoBill 46,953
- 10. bbao 43,271
- 11. snoopfrogg 40,926
- 12. martin_b... 37,705
- 13. IndiGenus 34,028
- 14. r-k 32,170
- 15. LauraEHu... 31,960
- 16. johnb6767 29,442
- 17. slam69 28,502
- 18. henjoh09 27,750
- 19. Shift-3 23,836
- 20. RobWill 23,590
- 21. DaveHowe 23,000
- 22. Jay_Jay70 20,800
- 23. LeeTutor 20,552
- 24. TechSoEasy 19,625
- 25. war1 17,840
- 1. richrumble 672,986
- 2. r-k 434,030
- 3. Sheharya... 354,618
- 4. trywaredk 297,335
- 5. oBdA 297,207
- 6. war1 293,536
- 7. gidds99 268,792
- 8. rpggamer... 260,843
- 9. Phil_Agc... 244,228
- 10. KCTS 197,339
- 11. toniur 195,512
- 12. sirbounty 191,193
- 13. CoccoBill 181,019
- 14. PeteLong 156,654
- 15. sunray_... 146,627
- 16. bbao 126,170
- 17. johnb6767 124,704
- 18. Jay_Jay70 117,706
- 19. McKnife 107,288
- 20. leew 101,811
- 21. mdiglio 97,751
- 22. PowerIT 96,084
- 23. younghv 84,800
- 24. LauraEHu... 83,525
- 25. rindi 83,261
