Solved

File access restriction on windows 2008 r2 with NAS

Posted on 2014-04-08
4
754 Views
Last Modified: 2014-04-24
what is the best way to protect my department data access from the unauthorised people within the company . we have R&D and HR type department and need to manage security
we have AD setup and one NAS . but we used one user account for all the users within the department . Is it possible to add NAS in to the AD . if yes I am trying to apply the file level security (shard + NTFS ) with the AD user login

No file server in the system  . all the files in the NAS

is there any other way apart from the above mention method  ? any special device like switch with FW  in the market for this requirement
0
Comment
Question by:cur
  • 2
4 Comments
 
LVL 36

Assisted Solution

by:Mahesh
Mahesh earned 200 total points
ID: 39988195
You can simply join your NAS to active directory and from active directory you can manage its

Also then you can create CIFS shares on NAS for which you can control NTFS permissions through windows servers by going to compmgmt.msc and connecting to NAS storage by root user (NAS Administrator)

Share permissions need to be configured through NAS only
Normally it provide all users read and write share permissions

Mahesh.
0
 

Author Comment

by:cur
ID: 39988364
what is the best approch on the security point of view .
NTFS+shard than EFS  someting like that
0
 
LVL 36

Assisted Solution

by:Mahesh
Mahesh earned 200 total points
ID: 39988403
I assume that NAS is joined to domain.
I hope you are accessing NAS through IP addresses such as \\IP_ADDRESS

By default when you configure Shared volume on NAS storage, you need to grant everyone read \ write access share permissions
Then underneath you will configure individual folders

Now you can access NAS storage volumes through windows server computer management console by connecting to NAS storage IP address and from there you can adjust NTFS permissions
Now, On every root folder (Volume level) you need to provide list folder contents NTFS permissions to authenticated users
Then underneath root folder you need to provide granular permissions to individual groups on individual folders with required level of access (Such as Read, Read\write\, Modify)

Also you can't use EFS on non windows servers such as NAS.
According to me you can use EFS only on windows based file servers as it is Microsoft technology and NAS is using different technology
What you can do, you can encrypt data with EFS on client machines and can save on NAS folders

Mahesh.
0
 
LVL 10

Accepted Solution

by:
Pramod Ubhe earned 100 total points
ID: 39988602
NTFS+shared is the correct approach. Configure everyone wth full controll on shared permissions and restrict access using NTFS permissions. For that you can create two types of groups - read access and write access on the share and configure read/write permissions to those groups so that you only need to add users in those groups to grant the access.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was supporting a handful of Windows 2008 (non-R2) 2 node clusters with shared quorum disks. Some had SQL 2008 installed and some were just a vendor application that we supported. For the purposes of this article it doesn’t really matter which so w…
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question