Solved

How do I secure sensitive files on the file server / File Server best practice

Posted on 2009-05-08
2
188 Views
Last Modified: 2012-05-06
Hi Experts,

I have recently built a file server on a Dell PowerEdge 2950. The OS is Windows 2003 R2. I have set up folders and mapped them on the individual PCs. In future we plan to install WSS 3.0 for collaboration, but not now. I have set the permissions on folders on the server using the standard file security in the OS. Now the Head of Departments are very sceptical - rightly so, of putting there files on the file server. An example is the HR Manager putting files such as Salary Scales, etc. Not all Administrators should be able to see these files or be able to take ownership of the folder and give themselves rights. What are the best practices for file-server access?
0
Comment
Question by:cimani1000
2 Comments
 
LVL 95

Accepted Solution

by:
Lee W, MVP earned 125 total points
ID: 24334549
If you can't be trusted, you should be fired.  The administrators have to have some level of access... but if the files are that sensitive, they can be encrypted using the Encrypting File System or they can put a password on the file.  In general, files are always accessible to the admins unless there is encryption of some kind.  It should be possible to determine IF someone (with admin rights) has taken ownership with auditing enabled - and you should assign SEPARATE admin accounts for each administrator, disabling the default administrator account - so each admin can potentially be tracked.  But let me ask you this - are their workstations physically secured so no one can access them?  They may perceive they are secure right now, but - and I say this without ever seeing your environment, but KNOWING how most environments are - I could probably walk in and access those files RIGHT NOW within 5 minutes - without even using a domain account.  And anyone with any signficant windows troubleshooting can do the same.  BUT, if the files are put on a server that is PHYSICALLY secured - in LOCKED room - then the odds of me accessing them within 5 minutes are GREATLY reduced.

Focusing on your admins and not fully addressing security from ALL aspects (password quality, PHYSICAL security, locking workstations when users aren't in front of them, etc) is like putting 12 locks on your front door and then opening the window next to it so anyone can crawl through.
0
 

Author Comment

by:cimani1000
ID: 24337679
Hey Lee, thanks for being candid. Well as the main administrator, I should be the only one to biew these files so no need to get fired :). it's the other admins I'm worried about. I agree security at all the 7 layers of the OSI model is paramount. I was looking more for layer 7 security as of now. I think we can have a cross between encryption and passwords on the files. I guess it's only the Head of Department, Myself and maybe the CEO who should have access to the encryption key/or password.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This is my 3rd article on SCCM in recent weeks, the 1st (http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/A_4466-A-beginners-guide-to-installing-SCCM2007-on-Windows-2008-R2-Server.html) dealing with installat…
Learn about cloud computing and its benefits for small business owners.
In this video I am going to show you how to back up and restore Office 365 mailboxes using CodeTwo Backup for Office 365. Learn more about the tool used in this video here: http://www.codetwo.com/backup-for-office-365/ (http://www.codetwo.com/ba…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

912 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now