Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Shared Domain folders, everyone has access.

Posted on 2004-09-15
4
Medium Priority
?
259 Views
Last Modified: 2010-04-11
First off, i did not set up the domain at my company. I just have a question about file security. We have about 10 servers, (one at each location) that we use for different software, and as domain controllers. We also have shared files on each server for stuff that we need to install on clients. The problem is, anyone who had domain user rigts on the domain, can get into these shares if they know the svr name or ip. Since i use "run" to access them, alot of times they just just click run and can see the history. This hasent been a problem, but we are seeing some questionable files showing up on our servers. Our fear is that it could be used as a file dump.

How can we add a simple password to these directories, so that when i we try and get access to these particular files, it will ask for a password?
The trick is that some software uses shared files on these servers, these apps need FULL access to the directories. Should I just make those particular folders hidden?

Thanks!
0
Comment
Question by:ZLucas
4 Comments
 
LVL 2

Accepted Solution

by:
AlfaLAN earned 1500 total points
ID: 12070879
Are you familiar with userrights?
If not, in short you have share-permissions and file(ntfs)-permissions.
Both use the same available users & groups but are NOT the same.

You can never give/get more userrights through share-permissions than the file(ntfs)-permissions allow.
So you could say that you can use the share-permissions as a limiting filter to assign userrights.

So you could set up the share-root's to authenticated users (having full control). No user Everyone. This provides at least some defence to user anonymous.

Then setup correct file(ntfs)-permissions: Remove user everyone, add group administraters (full controll), Add user/group creator-owner where needed (full controll), Add system (at least traverse folders, and add what is needed).. The most important part is to group your users in groups (Better even: OU's).

The idea in layman's language is: When a user tries to do something with a file, the harddrive checks to see if this user is a member of a group that has the right to perform this file-action. Otherwise it will ask for a username/password that has the appropriate rights. If this is not (correct) provided than the harddisk will deny access.

Where to find what:
Rightclick on a disk or directory and select properties. Then select tab sharing...should explain itself.
next tab called security is the tab that controlles the file(ntfs)-permissions.

What rights are needed? Use filemon.exe from www.sysinternals.com. It can show you wich application is trying to do what to what file as what user.
So if access was denied (operation not succesfull) you know what rights to put where.

BEWARE, you can get yourselfe some major nightmares when playing with userrights on a production machine if you do not know what you are doing!

Maby someone can post some links on increasing security using ntfs-permissions? What is generally needed and where? What should generally be edited?

Hope this helps,
0
 
LVL 17

Expert Comment

by:Jared Luker
ID: 12070920
What operating system are your servers running?  Are the drives formatted NTFS (if windows)?

Setting up share and NTFS permissions can get very tricky.  I would suggest you make a representation of your directory structure and who you want to have access to it and post it.  We can probably help more with that info.
0
 
LVL 8

Expert Comment

by:dhoustonie
ID: 12073898
As you have mentioned Domain Controllers, I'm assuming the basic Windows NT Domain.
The questions that spring into my mind are:
Users what rights do they have?  Are they local administrators, or power users? How or why do they have the rights to install software?
What operating System are your clients? Widows 98/me or a Windows NT 2000 or XP?
Why does each user account need full acces  to the apps, why don't you use the administraor account to install the software, and restrict the user accounts to read only access of the folders?
What sort of number of clients are there in total or per site?
I think that you will need to tighten up your security, particularly if you are starting to see unknown files on your domain Controllers. They could delete your applications that you are trying to protect.
Do you have a policy in place with regards the use of computers and domain cotrollers?
Do you have auditing enabled to find out which user is creating these files?

Dave
0
 
LVL 2

Expert Comment

by:adam1213
ID: 12081494
On the shares right click, select properties, sharing

in win xp click permisions and put a password
in 98 put a password in the password field

0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article covers the basics of data encryption, what it is, how it works, and why it's important. If you've ever wondered what goes on when you "encrypt" data, you can look here to build a good foundation for your personal learning.
When you put your credit card number into a website for an online transaction, surely you know to look for signs of a secure website such as the padlock icon in the web browser or the green address bar.  This is one way to protect yourself from oth…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
Suggested Courses

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question