Solved

File access restriction on windows 2008 r2 with NAS

Posted on 2014-04-08
4
758 Views
Last Modified: 2014-04-24
what is the best way to protect my department data access from the unauthorised people within the company . we have R&D and HR type department and need to manage security
we have AD setup and one NAS . but we used one user account for all the users within the department . Is it possible to add NAS in to the AD . if yes I am trying to apply the file level security (shard + NTFS ) with the AD user login

No file server in the system  . all the files in the NAS

is there any other way apart from the above mention method  ? any special device like switch with FW  in the market for this requirement
0
Comment
Question by:cur
  • 2
4 Comments
 
LVL 36

Assisted Solution

by:Mahesh
Mahesh earned 200 total points
ID: 39988195
You can simply join your NAS to active directory and from active directory you can manage its

Also then you can create CIFS shares on NAS for which you can control NTFS permissions through windows servers by going to compmgmt.msc and connecting to NAS storage by root user (NAS Administrator)

Share permissions need to be configured through NAS only
Normally it provide all users read and write share permissions

Mahesh.
0
 

Author Comment

by:cur
ID: 39988364
what is the best approch on the security point of view .
NTFS+shard than EFS  someting like that
0
 
LVL 36

Assisted Solution

by:Mahesh
Mahesh earned 200 total points
ID: 39988403
I assume that NAS is joined to domain.
I hope you are accessing NAS through IP addresses such as \\IP_ADDRESS

By default when you configure Shared volume on NAS storage, you need to grant everyone read \ write access share permissions
Then underneath you will configure individual folders

Now you can access NAS storage volumes through windows server computer management console by connecting to NAS storage IP address and from there you can adjust NTFS permissions
Now, On every root folder (Volume level) you need to provide list folder contents NTFS permissions to authenticated users
Then underneath root folder you need to provide granular permissions to individual groups on individual folders with required level of access (Such as Read, Read\write\, Modify)

Also you can't use EFS on non windows servers such as NAS.
According to me you can use EFS only on windows based file servers as it is Microsoft technology and NAS is using different technology
What you can do, you can encrypt data with EFS on client machines and can save on NAS folders

Mahesh.
0
 
LVL 10

Accepted Solution

by:
Pramod Ubhe earned 100 total points
ID: 39988602
NTFS+shared is the correct approach. Configure everyone wth full controll on shared permissions and restrict access using NTFS permissions. For that you can create two types of groups - read access and write access on the share and configure read/write permissions to those groups so that you only need to add users in those groups to grant the access.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you migrate a Terminal Server licenses server inside the 2008 server family, you can takte advantage of the build-in migration tool. If you like to migrate an older 2003 Server (and the installed client CALs) to a 2008 R2 server for example, you …
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question