?
Solved

ABE  on 2012 file shares

Posted on 2016-11-04
2
Medium Priority
?
69 Views
Last Modified: 2016-11-11
Dear Experts

I have file servers on cluster with 2012 OS. I have enabled ABE on them and I need advise on one thing please.

within the share permission of share, I have enabled "everyone" with "Full Control" access and managing folder permissions with ntfs.

is this an accepted solution or should I use specific groups ? in old 2008 cluster, it shows a lot of groups and I do not want to replicate that on 2012 cluster. would it not be easier to set  everybody with full access and use groups within the permissions section?
0
Comment
Question by:kuzum
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 42

Accepted Solution

by:
Adam Brown earned 2000 total points
ID: 41874083
The most restrictive permission set will win in a situation where multiple permissions apply to an object. In this case, you have Share permissions applied to the network share object and NTFS permission on the files themselves. If the share permissions are set to Full Control for everyone, users will still have to have the appropriate NTFS file permissions for any files they want access to. However, setting Everyone Full control may give users the ability to modify share settings if they can log into the server with their user account. Personally, I tend to remove the Everyone option and change it to Authenticated Users with Read and Write access on share permissions. But that is a common and accepted practice.
0
 

Author Closing Comment

by:kuzum
ID: 41883680
my research also pointed me to the same direction,
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question