Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Folder Security best practise

Posted on 2016-08-01
5
Medium Priority
?
34 Views
Last Modified: 2016-08-22
So we currently have 150 users who have access to the J: XXX and the V: XXX these shares have security groups which give permissions to all folders within the share.

We had an issue with users stealing documents before they leave.

My question is what would be best practice when a user hands in there resignation - would I just give the user access to the folders they need access to within the shares or is there a better solution?

Please advise
0
Comment
Question by:Technical Information
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 4

Expert Comment

by:Alexandre Michel
ID: 41737539
Hi

It is very hard to stop someone from stealing information if they have access to your server.
You can certainly change their permissions when they give their resignation, but you should discuss this with their direct supervisor. Doing this might affect their work and stop them from working efficiently  ... and could possibly aggravate them.

Someone that wants to steal  from your company, can very well start copying files & folders well before they submit their resignation.

Unless you invest in 3rd party applications, if they can read a folder, then they can copy the content of the folder and it is hard to monitor, prove, alert you they are doing this right now. You can block access to USB ports, you can block access to cloud storage devices, you can monitor emails, etc...

This where a good employment contract  covers your company against such actions

Assuming the employee stole the information to use at his/her next employer, you can contact the next employer (via a law firm) and inform them they risk legal action if they do not delete immediately any copy of the stolen info (as a Network Admin in a company that had just hired someone that had - unknown to us - also stolen info from his previous employer, I was at the receiving end of such letter)

Alex
0
 
LVL 2

Author Comment

by:Technical Information
ID: 41737591
Thanks for the advice - I understand the above but would like instructions regarding Folder security
0
 
LVL 42

Accepted Solution

by:
Adam Brown earned 1000 total points (awarded by participants)
ID: 41737616
There isn't a way to prevent people from taking files they have access to with just the normal Folder security settings. What you would need to utilize is a Data Loss Prevention (DLP) solution. With just windows server, you would utilize AD Rights Management Services to limit users' ability to copy data to other locations, forward messages, or perform other actions with files that are not covered specifically by file permissions. https://technet.microsoft.com/en-us/library/cc771627(v=ws.11).aspx has a lot of information on AD RMS that should help you understand some of what you can do.
0
 
LVL 25

Assisted Solution

by:madunix
madunix earned 1000 total points (awarded by participants)
ID: 41739729
We have implemented Fortigate as DLP;  Its an automated preventive device that can block sensitive information from leaving the internal network, while at the same time logging the offenders. http://cookbook.fortinet.com/preventing-data-leaks/
0
 
LVL 42

Expert Comment

by:Adam Brown
ID: 41764164
Closing. Noted answers give the information requested or provide solutions that meet the original question requirements
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question