Security Basics mailing list archives
RE: Windows Fileserver Pemissions
From: James Winzenz <James.Winzenz () Pulte com>
Date: Fri, 12 Jun 2009 08:32:55 -0700
You say that permissions are fairly well controlled, but that there are many groups that probably have access when they do not need to. How so? What does your permissions structure look like? What type of access do you grant the groups? Modify? Full Control? If you are controlling access to the department folders via group membership and proper NTFS permissions, then effective management of the groups seems like it should be sufficient. This is all we do for our fileservers. However, we also do not grant our users full control, so they can't modify the permissions on the folders. Placing the HR data on a separate partition would isolate it further, but might cause more confusion for the HR folks unless you map drives and can easily change the drive mapping(s). Thanks, James Winzenz Infrastructure Systems Engineer II - Security Pulte Homes Information Services -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of fac51 Sent: Friday, June 12, 2009 5:32 AM To: security-basics () securityfocus com Subject: Windows Fileserver Pemissions Hi All, I hope you can offer me some advice. We currently have our main fileservers; windows using NTFS permissions with all depatments folders on the root. Permissions are fairly well controlled but the HR directory in particular is on the root of this one large logical drive. (So there are many groups that probably have access when they do not need to) I'm planning to create a new logical partition for HR to enable me to contain permissions but is this necessary? If I ensured that the groups were managed better what would I gain by partitioning? Thanks in advance for any pointers in the right direction. Thanks S ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain a laser like insight into what is covered on the exam, with zero fluff! http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html ------------------------------------------------------------------------ CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by email and delete the message and any file attachments from your computer. Thank you. ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain a laser like insight into what is covered on the exam, with zero fluff! http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html ------------------------------------------------------------------------
Current thread:
- Windows Fileserver Pemissions fac51 (Jun 12)
- RE: Windows Fileserver Pemissions James Winzenz (Jun 15)
- Re: Windows Fileserver Pemissions Jeffrey Walton (Jun 15)
- Re: Windows Fileserver Pemissions Ansgar Wiechers (Jun 15)
- <Possible follow-ups>
- Re: Windows Fileserver Pemissions Robert McIntyre (Jun 15)
- Re: Windows Fileserver Pemissions Kurt Buff (Jun 15)