Solved

Term Server Search is bypassing security

Posted on 2014-01-05
6
222 Views
Last Modified: 2014-01-13
We have a terminal server running windows 2008 with an AD.  One of the users just pointed out that a user ID with very restricted access is able to look at there Search - Recently Changed Files which is provided as a default link to the users, and it shows all files from all users that have changed on the system.  Double clicking on a file opens it up and thus bypasses the security in place on the system.  This is a major loop hole and we need to get it closed up or shut down, either or.

Any suggestions as to how to approach this and correct it as quickly as possible?

Dallas
0
Comment
Question by:dstewart83161
  • 3
  • 2
6 Comments
 
LVL 18

Expert Comment

by:Netflo
Comment Utility
Implement NTFS security on your file store locations or if there is no file server, then ensure that the 'restricted user' does not have local admin rights on the Terminal Server, which appears to be the case.
0
 

Author Comment

by:dstewart83161
Comment Utility
The term server is also an AD so NTFS security is already on by default.  The user IDs have only two groups they are a member of:  VPN access group and Guest group...that's it.  No local admin rights.
0
 
LVL 18

Assisted Solution

by:Netflo
Netflo earned 250 total points
Comment Utility
If the TS is also your AD server firstly this is not recommended first of all.

Have you had a look at the file in question and checked effective permissions? Looks to me that NTFS security is not bolted down correctly on a file level and you may be relying on share level security.
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 53

Accepted Solution

by:
McKnife earned 250 total points
Comment Utility
Hi.

I bet there's not much magic involved. Make sure that you did not overlook something like him being a member of groups that are nested in the local administrators group or even nested in domain admins.

Being a TS does not induce anything like this.
0
 

Author Closing Comment

by:dstewart83161
Comment Utility
I fully understand the TermServer not recommended as an AD as well.  I didn't create the environment, just inherited it.  In many SMB's though, this kind of stuff is required for them to keep costs down.  RAS is not recommended on an AD either yet Microsoft delivers an all in one solution with its SBS environments that does this very thing.

What I did discover was that the yahoo...uh...prior technician, handed out the Remote Desktop Users group to give out file permissions instead of just what it was intended for.  Once I removed it and dealt with some other user permissions fallout from that issue, the problem was corrected.  Thanks so much for weighing in.
0
 
LVL 18

Expert Comment

by:Netflo
Comment Utility
Glad to hear your up and running. Just to note SBS is a very different type of machine, which is supported by MS, that's the difference.
0

Featured Post

Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

Join & Write a Comment

I have put this article together as i needed to get all the information that might be available already into one general document that could be referenced once without searching the Internet for the different pieces. I have had a few issues where…
The System Center Operations Manager 2012, known as SCOM, is a part of the Microsoft system center product that provides the user with infrastructure monitoring and application performance monitoring. SCOM monitors:   Windows or UNIX/LinuxNetwo…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now