Security Basics mailing list archives

Re: Windows Fileserver Pemissions

From: Robert McIntyre <1tgeye () surewest net>
Date: Fri, 12 Jun 2009 09:00:37 -0700 (PDT)

You do not have to partition your hard drive in order to isolate the HR folder.  What you do need to do is prevent the 
folder from inheriting permissions from the parent (root in this case.)

If you haven't done it already, create a security group for HR.  Next go to the properties page of the HR folder.  
Click on the Security tab, click on the advanced button.  Add the HR group to the folder and give them modify rights, 
they do not need full control.

Uncheck the box, "Inherit from parent the permission entries..."  At this point a dialog box will pop up asking you if 
you want to copy or replace permissions.  If you choose replace, the HR group will have modify rights and all other 
permissions will be removed, including administrators.

You could choose to copy the permissions and then after that is done go in and remove everyone except HR and the 
administrators.

Hi All,

I hope you can offer me some advice.

We currently have our main fileservers; windows using NTFS permissions with all depatments folders on the root. 
Permissions are fairly well controlled but the HR directory in particular is on the root of this one large logical 
drive. (So there are many groups that probably have access when they do not need to)

I'm planning to create a new logical partition for HR to enable me to contain permissions but is this necessary?
If I ensured that the groups were managed better what would I gain by partitioning?

Thanks in advance for any pointers in the right direction.

Thanks
S




     

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most 
concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. 
Gain a laser like insight into what is covered on the exam, with zero fluff! 

http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most 
concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain 
a laser like insight into what is covered on the exam, with zero fluff! 

http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
------------------------------------------------------------------------

Current thread:

Windows Fileserver Pemissions fac51 (Jun 12)
- RE: Windows Fileserver Pemissions James Winzenz (Jun 15)
- Re: Windows Fileserver Pemissions Jeffrey Walton (Jun 15)
- Re: Windows Fileserver Pemissions Ansgar Wiechers (Jun 15)
- <Possible follow-ups>
- Re: Windows Fileserver Pemissions Robert McIntyre (Jun 15)
  - Re: Windows Fileserver Pemissions Kurt Buff (Jun 15)