asked on
Security Policy: MS servers (2003, 2008, 2012, ++) file transfer question.
Hi,
Thank you for any assistance you can provide.
Q: How can files be copied between MS servers with the below security requirements:
\\server111\c$\folder\file
Main Goal: For MS servers (2003, 2008, 2012, ++), only Users with ADMIN permission Users are allowed on the c$ drive.
IIS Developers are not given Admin permissions.
Developers are given a specific GPO to allow only what is required for them to do their job with a higher then default User permissions, but lower then ADMIN permissions.
With the following mostly related to, but not limited to, MS IIS web development process: DEV --> Staging --> Production and the transfer of files between the 3 phases. With DEV, Staging & Production environments having its own server instance.
My company has the following security requirements #1-5 below.
1. No Local Shares (except for Users Home drives)
1.a. This is for the purpose of preventing a Public server being mapped to a Private share.
2. IIS Developers do not have Admin permissions
3. RDP by Admin User not allowed
4. share$ are accessed by Admin permission only
5. No file transfer agent (FTP, SFTP, ect)
6. Local Admin User is not allowed
Thanks, Scott
Thank you for any assistance you can provide.
Q: How can files be copied between MS servers with the below security requirements:
\\server111\c$\folder\file
Main Goal: For MS servers (2003, 2008, 2012, ++), only Users with ADMIN permission Users are allowed on the c$ drive.
IIS Developers are not given Admin permissions.
Developers are given a specific GPO to allow only what is required for them to do their job with a higher then default User permissions, but lower then ADMIN permissions.
With the following mostly related to, but not limited to, MS IIS web development process: DEV --> Staging --> Production and the transfer of files between the 3 phases. With DEV, Staging & Production environments having its own server instance.
My company has the following security requirements #1-5 below.
1. No Local Shares (except for Users Home drives)
1.a. This is for the purpose of preventing a Public server being mapped to a Private share.
2. IIS Developers do not have Admin permissions
3. RDP by Admin User not allowed
4. share$ are accessed by Admin permission only
5. No file transfer agent (FTP, SFTP, ect)
6. Local Admin User is not allowed
Thanks, Scott
Microsoft IIS Web ServerWindows Server 2012Windows Server 2008Windows Server 2003OS Security
Last Comment
stepnharp
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Dan, Thanks for your input.
Without creating a share, users can't see, and thus, copy files.