Security Policy: MS servers (2003, 2008, 2012, ++) file transfer question.
Posted on 2016-09-29
Thank you for any assistance you can provide.
Q: How can files be copied between MS servers with the below security requirements:
\\server111\c$\folder\file --> \\share$\folder\file --> \\server222\c$\folder\file
Main Goal: For MS servers (2003, 2008, 2012, ++), only Users with ADMIN permission Users are allowed on the c$ drive.
IIS Developers are not given Admin permissions.
Developers are given a specific GPO to allow only what is required for them to do their job with a higher then default User permissions, but lower then ADMIN permissions.
With the following mostly related to, but not limited to, MS IIS web development process: DEV --> Staging --> Production and the transfer of files between the 3 phases. With DEV, Staging & Production environments having its own server instance.
My company has the following security requirements #1-5 below.
1. No Local Shares (except for Users Home drives)
1.a. This is for the purpose of preventing a Public server being mapped to a Private share.
2. IIS Developers do not have Admin permissions
3. RDP by Admin User not allowed
4. share$ are accessed by Admin permission only
5. No file transfer agent (FTP, SFTP, ect)
6. Local Admin User is not allowed