Solved

shares and risks

Posted on 2013-11-11
9
192 Views
Last Modified: 2013-11-19
If you have a share on say a SQL server that is exposed to the everyone or domain users group, but doesnt contain any sensitive/important data - is there any risk? Our admin says not - I wasnt sure aside from the confidentiality angle, if theres any other risks with sharing a directory to the whole network - or what mischevious acts someone could get up to if they spotted it? data security is the biggest concern usually in this type of finding, but as theres no sensitive data on there - I cant see any real issue?
0
Comment
Question by:pma111
  • 4
  • 3
  • 2
9 Comments
 
LVL 70

Assisted Solution

by:KCTS
KCTS earned 250 total points
ID: 39638515
Its quite normal to SHARE to all users and restrict access via NTFS permissions only - if this is being done then their are no real issues.

If all users have full SHARE and NFTS then there is nothing to stop someone deleting/or changing data.
0
 
LVL 16

Accepted Solution

by:
Dirk Mare earned 250 total points
ID: 39638536
Well it depends on what the everyone group and domain users are allowed to do in that folder (file security permissions).
Full:
Read/ Write:
Modify:
Read Only:

Yes, you would normally want to keep away from such folders because user aren't always aware that everyone in the company can access the share. Example lets say the HR lady saves an excel sheet with the whole companies salaries in to that share. doesn't matter who you are as long as you have the "Read" right you would be able to open that document.

It comes down to user awareness.

Doesn't matter what share you have I doubt that they would be able to access any SQL data, If that was your real concern. Unless the admin is sharing the DB folder.
0
 
LVL 3

Author Comment

by:pma111
ID: 39638545
both share and NTFS access to everyone. Only read and execute permissions.
0
 
LVL 16

Expert Comment

by:Dirk Mare
ID: 39638567
Like I said everyone will be able to Open and Read any document that gets saved.

If user are aware of this and it is what they want it shouldn't be a problem.

I would recommend creating folders for the users that are requesting this and set permission according to that.

Then HR has Full access to their folder and not to the finance department folder.
0
Will my email signature work in Office 365?

You've built an email signature using raw HTML code in Office 365, but you can't review how it looks with Transport Rules. So you have to test it over and over again before it can be used. Isn't this a bit of a waste of your time? Wouldn't a WYSIWYG editor make it a lot easier?

 
LVL 3

Author Comment

by:pma111
ID: 39638892
But apart from access to files they should have access to (which as per the question isnt a concern as its meaningless irrelevant data) - there are no other risks to the server in the case of an everyone share.
0
 
LVL 70

Expert Comment

by:KCTS
ID: 39638942
No - giving everyone full control on the folders and files lets them do everything with those files and folders - including create and delete - but that does not give them any other permissions - so they can't create and delete users for example.
0
 
LVL 16

Expert Comment

by:Dirk Mare
ID: 39638986
Sql servers normally dont have a lot of storage so if its large files and files that get access it a lot it could cause performance issues or it will fill up the drives with data
0
 
LVL 3

Author Comment

by:pma111
ID: 39639063
do shares not typically have restrictions? i.e. can you have 5 shares for one drive, and put a quote on how much until that share is "full", or could you potentially use 99% of the drives storage just by  filling one share - as non of them are subject to quotas, i.e. all come out of the same storage chunk.
0
 
LVL 16

Expert Comment

by:Dirk Mare
ID: 39639280
It depends how the quotas are setup but yes you can have storage quitas setup for the shares
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Forcibly removing a 2003 server from the Domain 4 34
SQL Server Communications Audit 5 70
server DNS address could not be found 22 126
Server Backup on 2016 Essentials Box 1 38
Remote Apps is a feature in server 2008 which allows users to run applications off Remote Desktop Servers without having to log into them to run the applications.  The user can either have a desktop shortcut installed or go through the web portal to…
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now