Solved

File access restriction on windows 2008 r2 with NAS

Posted on 2014-04-08
4
746 Views
Last Modified: 2014-04-24
what is the best way to protect my department data access from the unauthorised people within the company . we have R&D and HR type department and need to manage security
we have AD setup and one NAS . but we used one user account for all the users within the department . Is it possible to add NAS in to the AD . if yes I am trying to apply the file level security (shard + NTFS ) with the AD user login

No file server in the system  . all the files in the NAS

is there any other way apart from the above mention method  ? any special device like switch with FW  in the market for this requirement
0
Comment
Question by:cur
  • 2
4 Comments
 
LVL 35

Assisted Solution

by:Mahesh
Mahesh earned 200 total points
ID: 39988195
You can simply join your NAS to active directory and from active directory you can manage its

Also then you can create CIFS shares on NAS for which you can control NTFS permissions through windows servers by going to compmgmt.msc and connecting to NAS storage by root user (NAS Administrator)

Share permissions need to be configured through NAS only
Normally it provide all users read and write share permissions

Mahesh.
0
 

Author Comment

by:cur
ID: 39988364
what is the best approch on the security point of view .
NTFS+shard than EFS  someting like that
0
 
LVL 35

Assisted Solution

by:Mahesh
Mahesh earned 200 total points
ID: 39988403
I assume that NAS is joined to domain.
I hope you are accessing NAS through IP addresses such as \\IP_ADDRESS

By default when you configure Shared volume on NAS storage, you need to grant everyone read \ write access share permissions
Then underneath you will configure individual folders

Now you can access NAS storage volumes through windows server computer management console by connecting to NAS storage IP address and from there you can adjust NTFS permissions
Now, On every root folder (Volume level) you need to provide list folder contents NTFS permissions to authenticated users
Then underneath root folder you need to provide granular permissions to individual groups on individual folders with required level of access (Such as Read, Read\write\, Modify)

Also you can't use EFS on non windows servers such as NAS.
According to me you can use EFS only on windows based file servers as it is Microsoft technology and NAS is using different technology
What you can do, you can encrypt data with EFS on client machines and can save on NAS folders

Mahesh.
0
 
LVL 10

Accepted Solution

by:
Pramod Ubhe earned 100 total points
ID: 39988602
NTFS+shared is the correct approach. Configure everyone wth full controll on shared permissions and restrict access using NTFS permissions. For that you can create two types of groups - read access and write access on the share and configure read/write permissions to those groups so that you only need to add users in those groups to grant the access.
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

I had a question today where the user wanted to know how to delete an SSL Certificate, so I thought that I would quickly add this How to! Article for your reference. WHY WOULD YOU WANT TO DELETE A CERTIFICATE? 1. If an incorrect certificate was …
I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now