Security Properties of Desktop shortcuts to network file shares.

Fred Marshall
Fred Marshall used Ask the Experts™
on
We've had the practice of setting up desktop shortcuts to network shares.
Because of some mysterious failed logons to the shares, I got to investigating the shortcuts.
This is in a domain-joined workstation.

I notice that we can examine the Properties of the shortcut and that there is a Security tab.
The security tab gives Full Control to:
SYSTEM
[domain username] for the current logon / matches the Desktop contents of course...
Local Administrators
And the Allow column is grayed out while the Deny column isn't.

Now, the actual network share has Security settings giving Full Control to a domain Group.
So, where do these particular permissions that we see in the shortcut come from?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Distinguished Expert 2018
Commented:
The shortcut file is on the desktop and inherits the ACLs from the profile folder which has full control for the user himself. Normal and expected and not part of your problem.
Why don't you just map the shares as drives?

Author

Commented:
serialband:  Because the objective was to avoid MAPs (which take up connections) in a connection-limited environment.
Acronis in Gartner 2019 MQ for datacenter backup

It is an honor to be featured in Gartner 2019 Magic Quadrant for Datacenter Backup and Recovery Solutions. Gartner’s MQ sets a high standard and earning a place on their grid is a great affirmation that Acronis is delivering on our mission to protect all data, apps, and systems.

Distinguished Expert 2018

Commented:
So I would rather look at the credential storage and see what (outdated?) credentials are saved for the target server that could be producing bad logon attempts.

Author

Commented:
McKnife:  Yes, that would be the thing to do.  And, it has been done.  All Windows Credentials have been deleted from each User that can log on I do believe.  That wouldn't include domain users that have never logged on (but could).  That's why I was investigating shortcuts.

Author

Commented:
Thanks!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial