stepnharp
asked on
Security Policy: MS servers (2003, 2008, 2012, ++) file transfer question.
Hi,
Thank you for any assistance you can provide.
Q: How can files be copied between MS servers with the below security requirements:
\\server111\c$\folder\file --> \\share$\folder\file --> \\server222\c$\folder\file
Main Goal: For MS servers (2003, 2008, 2012, ++), only Users with ADMIN permission Users are allowed on the c$ drive.
IIS Developers are not given Admin permissions.
Developers are given a specific GPO to allow only what is required for them to do their job with a higher then default User permissions, but lower then ADMIN permissions.
With the following mostly related to, but not limited to, MS IIS web development process: DEV --> Staging --> Production and the transfer of files between the 3 phases. With DEV, Staging & Production environments having its own server instance.
My company has the following security requirements #1-5 below.
1. No Local Shares (except for Users Home drives)
1.a. This is for the purpose of preventing a Public server being mapped to a Private share.
2. IIS Developers do not have Admin permissions
3. RDP by Admin User not allowed
4. share$ are accessed by Admin permission only
5. No file transfer agent (FTP, SFTP, ect)
6. Local Admin User is not allowed
Thanks, Scott
Thank you for any assistance you can provide.
Q: How can files be copied between MS servers with the below security requirements:
\\server111\c$\folder\file
Main Goal: For MS servers (2003, 2008, 2012, ++), only Users with ADMIN permission Users are allowed on the c$ drive.
IIS Developers are not given Admin permissions.
Developers are given a specific GPO to allow only what is required for them to do their job with a higher then default User permissions, but lower then ADMIN permissions.
With the following mostly related to, but not limited to, MS IIS web development process: DEV --> Staging --> Production and the transfer of files between the 3 phases. With DEV, Staging & Production environments having its own server instance.
My company has the following security requirements #1-5 below.
1. No Local Shares (except for Users Home drives)
1.a. This is for the purpose of preventing a Public server being mapped to a Private share.
2. IIS Developers do not have Admin permissions
3. RDP by Admin User not allowed
4. share$ are accessed by Admin permission only
5. No file transfer agent (FTP, SFTP, ect)
6. Local Admin User is not allowed
Thanks, Scott
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
Dan, Thanks for your input.
Without creating a share, users can't see, and thus, copy files.