Solved

File Security Risk

Posted on 2011-02-28
1
524 Views
Last Modified: 2012-06-21
I've found a server on our network that I can access remotely just by browsing in Windows Explorer (starting from My Network Places and drilling down).

I can drill all the way down until I find, for instance, the following file:

\\server-here\SYSVOL\domain-here.domain.org\Policies\{9AF8586C-819F-truncated}\MACHINE\Microsoft\Windows NT\SecEdit\GptTmpl.inf

First of all, what is this file? Secondly, is access to this path and file a security risk, and if so, what are the risks?

Thanks guys.
0
Comment
Question by:isaacr25
1 Comment
 
LVL 3

Accepted Solution

by:
mnation1 earned 500 total points
ID: 35004042
You've found the network share that serves out your domain's Group Policy settings to the computers on the domain.  That file contains your default security policy settings.  Everyone on the network should have read-only permissions to the folder you found, but not modify or write permissions.  Each machine and user needs to be able to read those settings so they can be downloaded and applied to each computer/user.
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
One of the biggest threats facing all high-value targets are APT's.  These threats include sophisticated tactics that "often starts with mapping human organization and collecting intelligence on employees, who are nowadays a weaker link than network…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question