Solved

How do I secure a Windows Server 2003/2008 Fileserver?

Posted on 2011-03-06
3
488 Views
Last Modified: 2012-05-11
What are the steps most systems administrators take for securing file servers? What security monitors do you set etc?
0
Comment
Question by:victor2008
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 5

Expert Comment

by:sykojester
ID: 35048168
Proper permissions is one of the biggest things for a file server.  Antivirus is also a big thing as client computers can be notorious for becoming infected and spreading via shares which gets other client machines infected.

I don't quite understand what you are referring to by security monitors.  Possibly audit logs?
0
 

Author Comment

by:victor2008
ID: 35048293
yes, i meant audit logs.  do you use the built in security auditing or third party? how would a virus infect a share and then spread to other computers?
0
 
LVL 5

Accepted Solution

by:
sykojester earned 500 total points
ID: 35048350
I generally don't audit file/folder access on shares for small business.  Usually the issue is the user modifies or deletes a file and needs the previous version which is where previous versions, shadow copy, & backups come in handy.

You can enable domain or local policies for audit tracking on who accesses files and folders including when they read and modify them.

If you're doing this on the file server itself it can be done via Local Security Policy / Audit Policy / Audit Object Access.  You can audit both success and/or failure.

Some viruses do spread via network shares, esp. mapped drives.  Some create autorun.inf's with the shares as well as drop files within the share for users to execute.  They can also attach to existing file formats depending on the virus/malware such as .exe, .doc, xls, .pdf, and so on.  I've finally eliminated this within my environment as I've recently gotten a new job.  Fun Fun.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question