|
Posted by =?Utf-8?B?Q2hhcGxhaW4gRG91Zw== on April 24, 2006, 2:06 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Windows Server 2003. I really need a basic file security primer for Win
Server 2003. I have a file server that is virtually wide open to anyone on
the network. I keep getting bit as people inadvertently move or delte other
people's stuff. Today I had to move back 10 GB of files that were dragged
and dropped on another folder on the server. Any HELP! will be appreciated.
God bless and thanks.
--
Dr. Doug Pruiett
Good News Jail & Prison Ministry
www.goodnewsjail.org
|
|
Posted by =?Utf-8?B?SWFu?= on April 25, 2006, 3:11 am
If you were Registered and logged in, you could reply and use other advanced thread options
Firstly, make sure your users aren't SERVER or DOMAIN Admins. This is a very
common mistake, and if they are, there is nothing you can do to stop them
altering files. (Even if you set permissions they can change them back!)
The users can be local admins of their own computers if need-be, but they
must not be domain admins, as this effectively makes them God. (If you'll
excuse the irreverence..)
Next, ignore the advice given by MS, and use share permissions instead of
filesystem permissions. For a small network these are much easier to
understand, and carry far less risk of a faux-pas though a simple mistake.
Create a user-group for each share, and put appropriate users into this
group.
Third, beware of stored passwords on computers. These are a major
security-headache, all it takes is for an engineer to connect to a restricted
share while doing maintenance, and the password gets saved, effectively
making the ordinary user a server-admin. Probably the engineer doesn't even
realise it's happened. If users have unexpected rights, then this is a likely
cause.
On the server, remove the Administrative Shares C$, D$ (registry change
needed) and turn off the Remote Registry service. These again are a major
security-risk.
Unfortunately you can't stop people doing damage with mouse-slips in
Explorer (if it were more intelligently-written it would ask for confirmation
before moving 10GB of data, but it doesn't!) however you can minimise the
damage they can do by compartmenting the data into smaller shares. The other
option is to get your user to change to an alternative file-manager, e.g.
Servant Salamander. If this is set to confirm copy/move operations then the
risk from mouse-slips is largely removed.
-------------------------------
An alternative approach to XP network logon - http://mylogon.net
|
| Similar Threads | Posted | | Windows 2003 Server Open File - Security Warning | June 19, 2006, 11:59 am |
| File Permissions on Windows 2003 Server | April 25, 2006, 7:02 pm |
| Windows 2003 server Network Security | December 23, 2005, 3:20 pm |
| Role-based security from Windows Server 2003 Security Guide gives problems | November 6, 2006, 7:58 am |
| Local Security rights Windows Server 2003 | October 8, 2005, 1:57 pm |
| Can not use UNC path in Windows server 2003 server 64 bit OS | September 30, 2005, 4:19 pm |
| Not able to open a locked mdb file from Windows 2003 | December 22, 2005, 10:46 pm |
| Windows Update fails on Windows 2003 server | June 23, 2005, 7:27 pm |
| RE: WIndows Server 2003 | July 29, 2005, 12:16 am |
| Windows 2003 server SP1 | September 16, 2005, 12:06 am |
|
XML site map