Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

shares and risks

Posted on 2013-11-11
9
194 Views
Last Modified: 2013-11-19
If you have a share on say a SQL server that is exposed to the everyone or domain users group, but doesnt contain any sensitive/important data - is there any risk? Our admin says not - I wasnt sure aside from the confidentiality angle, if theres any other risks with sharing a directory to the whole network - or what mischevious acts someone could get up to if they spotted it? data security is the biggest concern usually in this type of finding, but as theres no sensitive data on there - I cant see any real issue?
0
Comment
Question by:pma111
  • 4
  • 3
  • 2
9 Comments
 
LVL 70

Assisted Solution

by:KCTS
KCTS earned 250 total points
ID: 39638515
Its quite normal to SHARE to all users and restrict access via NTFS permissions only - if this is being done then their are no real issues.

If all users have full SHARE and NFTS then there is nothing to stop someone deleting/or changing data.
0
 
LVL 16

Accepted Solution

by:
Dirk Mare earned 250 total points
ID: 39638536
Well it depends on what the everyone group and domain users are allowed to do in that folder (file security permissions).
Full:
Read/ Write:
Modify:
Read Only:

Yes, you would normally want to keep away from such folders because user aren't always aware that everyone in the company can access the share. Example lets say the HR lady saves an excel sheet with the whole companies salaries in to that share. doesn't matter who you are as long as you have the "Read" right you would be able to open that document.

It comes down to user awareness.

Doesn't matter what share you have I doubt that they would be able to access any SQL data, If that was your real concern. Unless the admin is sharing the DB folder.
0
 
LVL 3

Author Comment

by:pma111
ID: 39638545
both share and NTFS access to everyone. Only read and execute permissions.
0
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

 
LVL 16

Expert Comment

by:Dirk Mare
ID: 39638567
Like I said everyone will be able to Open and Read any document that gets saved.

If user are aware of this and it is what they want it shouldn't be a problem.

I would recommend creating folders for the users that are requesting this and set permission according to that.

Then HR has Full access to their folder and not to the finance department folder.
0
 
LVL 3

Author Comment

by:pma111
ID: 39638892
But apart from access to files they should have access to (which as per the question isnt a concern as its meaningless irrelevant data) - there are no other risks to the server in the case of an everyone share.
0
 
LVL 70

Expert Comment

by:KCTS
ID: 39638942
No - giving everyone full control on the folders and files lets them do everything with those files and folders - including create and delete - but that does not give them any other permissions - so they can't create and delete users for example.
0
 
LVL 16

Expert Comment

by:Dirk Mare
ID: 39638986
Sql servers normally dont have a lot of storage so if its large files and files that get access it a lot it could cause performance issues or it will fill up the drives with data
0
 
LVL 3

Author Comment

by:pma111
ID: 39639063
do shares not typically have restrictions? i.e. can you have 5 shares for one drive, and put a quote on how much until that share is "full", or could you potentially use 99% of the drives storage just by  filling one share - as non of them are subject to quotas, i.e. all come out of the same storage chunk.
0
 
LVL 16

Expert Comment

by:Dirk Mare
ID: 39639280
It depends how the quotas are setup but yes you can have storage quitas setup for the shares
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question