RE: Windows Fileserver Pemissions

[James Winzenz <James.Winzenz () Pulte com>]

You say that permissions are fairly well controlled, but that there are many groups that probably have access when they 
do not need to.  How so?  What does your permissions structure look like?  What type of access do you grant the groups? 
 Modify?  Full Control?  If you are controlling access to the department folders via group membership and proper NTFS 
permissions, then effective management of the groups seems like it should be sufficient.  This is all we do for our 
fileservers.  However, we also do not grant our users full control, so they can't modify the permissions on the 
folders.  Placing the HR data on a separate partition would isolate it further, but might cause more confusion for the 
HR folks unless you map drives and can easily change the drive mapping(s).

Thanks,

James Winzenz
Infrastructure Systems Engineer II - Security
Pulte Homes Information Services

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of fac51
Sent: Friday, June 12, 2009 5:32 AM
To: security-basics () securityfocus com
Subject: Windows Fileserver Pemissions


Hi All,

I hope you can offer me some advice.

We currently have our main fileservers; windows using NTFS permissions with all depatments folders on the root. 
Permissions are fairly well controlled but the HR directory in particular is on the root of this one large logical 
drive. (So there are many groups that probably have access when they do not need to)

I'm planning to create a new logical partition for HR to enable me to contain permissions but is this necessary?
If I ensured that the groups were managed better what would I gain by partitioning?

Thanks in advance for any pointers in the right direction.

Thanks
S






------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most 
concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain 
a laser like insight into what is covered on the exam, with zero fluff!

http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
------------------------------------------------------------------------


CONFIDENTIALITY NOTICE:  This email may contain confidential and privileged material for the sole use of the intended 
recipient(s).  Any review, use, distribution or disclosure by others is strictly prohibited.  If you have received this 
communication in error, please notify the sender immediately by email and delete the message and any file attachments 
from your computer.  Thank you.

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most 
concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain 
a laser like insight into what is covered on the exam, with zero fluff!

http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
------------------------------------------------------------------------