Link to home
Create AccountLog in
Avatar of stepnharp
stepnharp

asked on

Security Policy: MS servers (2003, 2008, 2012, ++) file transfer question.

Hi,
Thank you for any assistance you can provide.  

Q:  How can files be copied between MS servers with the below security requirements:
\\server111\c$\folder\file  -->  \\share$\folder\file   -->  \\server222\c$\folder\file

Main Goal: For MS servers (2003, 2008, 2012, ++), only Users with ADMIN permission Users are allowed on the c$ drive.  
IIS Developers are not given Admin permissions.  
Developers are given a specific GPO to allow only what is required for them to do their job with a higher then default User permissions, but lower then ADMIN permissions.  

With the following mostly related to, but not limited to, MS IIS web development process:  DEV   -->  Staging -->  Production  and the transfer of files between the 3 phases.  With DEV, Staging & Production environments having its own server instance.

My company has the following security requirements #1-5 below.

1.      No Local Shares (except for Users Home drives)
1.a.      This is for the purpose of preventing a Public server being mapped to a Private share.
2.  IIS Developers do not have Admin permissions
3.  RDP by Admin User not allowed
4.  share$ are accessed by Admin permission only
5.  No file transfer agent (FTP, SFTP, ect)
6.  Local Admin User is not allowed

Thanks, Scott
Avatar of NVIT
NVIT
Flag of United States of America image

> No Local Shares

Without creating a share, users can't see, and thus, copy files.
ASKER CERTIFIED SOLUTION
Avatar of Dan McFadden
Dan McFadden
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Avatar of stepnharp
stepnharp

ASKER

Dan,  Thanks for your input.