Solved

File access restriction on windows 2008 r2 with NAS

Posted on 2014-04-08
4
769 Views
Last Modified: 2014-04-24
what is the best way to protect my department data access from the unauthorised people within the company . we have R&D and HR type department and need to manage security
we have AD setup and one NAS . but we used one user account for all the users within the department . Is it possible to add NAS in to the AD . if yes I am trying to apply the file level security (shard + NTFS ) with the AD user login

No file server in the system  . all the files in the NAS

is there any other way apart from the above mention method  ? any special device like switch with FW  in the market for this requirement
0
Comment
Question by:cur
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 37

Assisted Solution

by:Mahesh
Mahesh earned 200 total points
ID: 39988195
You can simply join your NAS to active directory and from active directory you can manage its

Also then you can create CIFS shares on NAS for which you can control NTFS permissions through windows servers by going to compmgmt.msc and connecting to NAS storage by root user (NAS Administrator)

Share permissions need to be configured through NAS only
Normally it provide all users read and write share permissions

Mahesh.
0
 

Author Comment

by:cur
ID: 39988364
what is the best approch on the security point of view .
NTFS+shard than EFS  someting like that
0
 
LVL 37

Assisted Solution

by:Mahesh
Mahesh earned 200 total points
ID: 39988403
I assume that NAS is joined to domain.
I hope you are accessing NAS through IP addresses such as \\IP_ADDRESS

By default when you configure Shared volume on NAS storage, you need to grant everyone read \ write access share permissions
Then underneath you will configure individual folders

Now you can access NAS storage volumes through windows server computer management console by connecting to NAS storage IP address and from there you can adjust NTFS permissions
Now, On every root folder (Volume level) you need to provide list folder contents NTFS permissions to authenticated users
Then underneath root folder you need to provide granular permissions to individual groups on individual folders with required level of access (Such as Read, Read\write\, Modify)

Also you can't use EFS on non windows servers such as NAS.
According to me you can use EFS only on windows based file servers as it is Microsoft technology and NAS is using different technology
What you can do, you can encrypt data with EFS on client machines and can save on NAS folders

Mahesh.
0
 
LVL 10

Accepted Solution

by:
Pramod Ubhe earned 100 total points
ID: 39988602
NTFS+shared is the correct approach. Configure everyone wth full controll on shared permissions and restrict access using NTFS permissions. For that you can create two types of groups - read access and write access on the share and configure read/write permissions to those groups so that you only need to add users in those groups to grant the access.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question