Solved

How do I secure sensitive files on the file server / File Server best practice

Posted on 2009-05-08
2
189 Views
Last Modified: 2012-05-06
Hi Experts,

I have recently built a file server on a Dell PowerEdge 2950. The OS is Windows 2003 R2. I have set up folders and mapped them on the individual PCs. In future we plan to install WSS 3.0 for collaboration, but not now. I have set the permissions on folders on the server using the standard file security in the OS. Now the Head of Departments are very sceptical - rightly so, of putting there files on the file server. An example is the HR Manager putting files such as Salary Scales, etc. Not all Administrators should be able to see these files or be able to take ownership of the folder and give themselves rights. What are the best practices for file-server access?
0
Comment
Question by:cimani1000
2 Comments
 
LVL 95

Accepted Solution

by:
Lee W, MVP earned 125 total points
ID: 24334549
If you can't be trusted, you should be fired.  The administrators have to have some level of access... but if the files are that sensitive, they can be encrypted using the Encrypting File System or they can put a password on the file.  In general, files are always accessible to the admins unless there is encryption of some kind.  It should be possible to determine IF someone (with admin rights) has taken ownership with auditing enabled - and you should assign SEPARATE admin accounts for each administrator, disabling the default administrator account - so each admin can potentially be tracked.  But let me ask you this - are their workstations physically secured so no one can access them?  They may perceive they are secure right now, but - and I say this without ever seeing your environment, but KNOWING how most environments are - I could probably walk in and access those files RIGHT NOW within 5 minutes - without even using a domain account.  And anyone with any signficant windows troubleshooting can do the same.  BUT, if the files are put on a server that is PHYSICALLY secured - in LOCKED room - then the odds of me accessing them within 5 minutes are GREATLY reduced.

Focusing on your admins and not fully addressing security from ALL aspects (password quality, PHYSICAL security, locking workstations when users aren't in front of them, etc) is like putting 12 locks on your front door and then opening the window next to it so anyone can crawl through.
0
 

Author Comment

by:cimani1000
ID: 24337679
Hey Lee, thanks for being candid. Well as the main administrator, I should be the only one to biew these files so no need to get fired :). it's the other admins I'm worried about. I agree security at all the 7 layers of the OSI model is paramount. I was looking more for layer 7 security as of now. I think we can have a cross between encryption and passwords on the files. I guess it's only the Head of Department, Myself and maybe the CEO who should have access to the encryption key/or password.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Requesting private key file from web certificate 4 35
Windows 10 Firewall question 5 83
Big Problem with Redirected Folder 8 44
ESXi VM of Server 2003 Saving Slow. 7 60
Have you considered what group policies are backwards and forwards compatible? Windows Active Directory servers and clients use group policy templates to deploy sets of policies within your domain. But, there is a catch to deploying policies. The…
Remote Apps is a feature in server 2008 which allows users to run applications off Remote Desktop Servers without having to log into them to run the applications.  The user can either have a desktop shortcut installed or go through the web portal to…
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question