?
Solved

How do I secure a Windows Server 2003/2008 Fileserver?

Posted on 2011-03-06
3
Medium Priority
?
494 Views
Last Modified: 2012-05-11
What are the steps most systems administrators take for securing file servers? What security monitors do you set etc?
0
Comment
Question by:victor2008
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 5

Expert Comment

by:sykojester
ID: 35048168
Proper permissions is one of the biggest things for a file server.  Antivirus is also a big thing as client computers can be notorious for becoming infected and spreading via shares which gets other client machines infected.

I don't quite understand what you are referring to by security monitors.  Possibly audit logs?
0
 

Author Comment

by:victor2008
ID: 35048293
yes, i meant audit logs.  do you use the built in security auditing or third party? how would a virus infect a share and then spread to other computers?
0
 
LVL 5

Accepted Solution

by:
sykojester earned 2000 total points
ID: 35048350
I generally don't audit file/folder access on shares for small business.  Usually the issue is the user modifies or deletes a file and needs the previous version which is where previous versions, shadow copy, & backups come in handy.

You can enable domain or local policies for audit tracking on who accesses files and folders including when they read and modify them.

If you're doing this on the file server itself it can be done via Local Security Policy / Audit Policy / Audit Object Access.  You can audit both success and/or failure.

Some viruses do spread via network shares, esp. mapped drives.  Some create autorun.inf's with the shares as well as drop files within the share for users to execute.  They can also attach to existing file formats depending on the virus/malware such as .exe, .doc, xls, .pdf, and so on.  I've finally eliminated this within my environment as I've recently gotten a new job.  Fun Fun.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question