Solved

How do I secure sensitive files on the file server / File Server best practice

Posted on 2009-05-08
2
187 Views
Last Modified: 2012-05-06
Hi Experts,

I have recently built a file server on a Dell PowerEdge 2950. The OS is Windows 2003 R2. I have set up folders and mapped them on the individual PCs. In future we plan to install WSS 3.0 for collaboration, but not now. I have set the permissions on folders on the server using the standard file security in the OS. Now the Head of Departments are very sceptical - rightly so, of putting there files on the file server. An example is the HR Manager putting files such as Salary Scales, etc. Not all Administrators should be able to see these files or be able to take ownership of the folder and give themselves rights. What are the best practices for file-server access?
0
Comment
Question by:cimani1000
2 Comments
 
LVL 95

Accepted Solution

by:
Lee W, MVP earned 125 total points
Comment Utility
If you can't be trusted, you should be fired.  The administrators have to have some level of access... but if the files are that sensitive, they can be encrypted using the Encrypting File System or they can put a password on the file.  In general, files are always accessible to the admins unless there is encryption of some kind.  It should be possible to determine IF someone (with admin rights) has taken ownership with auditing enabled - and you should assign SEPARATE admin accounts for each administrator, disabling the default administrator account - so each admin can potentially be tracked.  But let me ask you this - are their workstations physically secured so no one can access them?  They may perceive they are secure right now, but - and I say this without ever seeing your environment, but KNOWING how most environments are - I could probably walk in and access those files RIGHT NOW within 5 minutes - without even using a domain account.  And anyone with any signficant windows troubleshooting can do the same.  BUT, if the files are put on a server that is PHYSICALLY secured - in LOCKED room - then the odds of me accessing them within 5 minutes are GREATLY reduced.

Focusing on your admins and not fully addressing security from ALL aspects (password quality, PHYSICAL security, locking workstations when users aren't in front of them, etc) is like putting 12 locks on your front door and then opening the window next to it so anyone can crawl through.
0
 

Author Comment

by:cimani1000
Comment Utility
Hey Lee, thanks for being candid. Well as the main administrator, I should be the only one to biew these files so no need to get fired :). it's the other admins I'm worried about. I agree security at all the 7 layers of the OSI model is paramount. I was looking more for layer 7 security as of now. I think we can have a cross between encryption and passwords on the files. I guess it's only the Head of Department, Myself and maybe the CEO who should have access to the encryption key/or password.
0

Featured Post

Do email signature updates give you a headache?

Do you feel like all of your time is spent managing email signatures? Too busy to visit every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

Join & Write a Comment

Have you considered what group policies are backwards and forwards compatible? Windows Active Directory servers and clients use group policy templates to deploy sets of policies within your domain. But, there is a catch to deploying policies. The…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
This video discusses moving either the default database or any database to a new volume.
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now