dstewart83161
asked on
Term Server Search is bypassing security
We have a terminal server running windows 2008 with an AD. One of the users just pointed out that a user ID with very restricted access is able to look at there Search - Recently Changed Files which is provided as a default link to the users, and it shows all files from all users that have changed on the system. Double clicking on a file opens it up and thus bypasses the security in place on the system. This is a major loop hole and we need to get it closed up or shut down, either or.
Any suggestions as to how to approach this and correct it as quickly as possible?
Dallas
Any suggestions as to how to approach this and correct it as quickly as possible?
Dallas
Implement NTFS security on your file store locations or if there is no file server, then ensure that the 'restricted user' does not have local admin rights on the Terminal Server, which appears to be the case.
ASKER
The term server is also an AD so NTFS security is already on by default. The user IDs have only two groups they are a member of: VPN access group and Guest group...that's it. No local admin rights.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I fully understand the TermServer not recommended as an AD as well. I didn't create the environment, just inherited it. In many SMB's though, this kind of stuff is required for them to keep costs down. RAS is not recommended on an AD either yet Microsoft delivers an all in one solution with its SBS environments that does this very thing.
What I did discover was that the yahoo...uh...prior technician, handed out the Remote Desktop Users group to give out file permissions instead of just what it was intended for. Once I removed it and dealt with some other user permissions fallout from that issue, the problem was corrected. Thanks so much for weighing in.
What I did discover was that the yahoo...uh...prior technician, handed out the Remote Desktop Users group to give out file permissions instead of just what it was intended for. Once I removed it and dealt with some other user permissions fallout from that issue, the problem was corrected. Thanks so much for weighing in.
Glad to hear your up and running. Just to note SBS is a very different type of machine, which is supported by MS, that's the difference.