Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Windows Fileserver Pemissions

From: Jeffrey Walton <noloader () gmail com>
Date: Fri, 12 Jun 2009 12:45:56 -0400
 We currently have our main fileservers; windows using
 NTFS permissions with all departments folders on the root.

Sounds reasonable if on a separate physical disk: ..\..\.. ....
\System32\cmd.exe is not available.


Permissions are fairly well controlled...

Confirmed through an audit? Be aware of curve balls such as Bypass
Traversal Checking (see Russinovich's interesting article at [1].


 I'm planning to create a new logical partition for HR...

Be careful if you simply copy the files and folders. There are gotchas
depending on whether the drive is on the same or separate volume
(xxcopy works well here).


If I ensured that the groups were managed better what would I
gain by partitioning?

Some performance gains and possibly an increase in robustness.

It's also been my experience that departments usually have a their
shared drive mapped for them during logon. So there's no real need for
a user to know that \\Server.example.com\D$ is the root of the share.
Expect that a savvy user will usually invetigate and poke around (I
usually do).

Jeff

[1] 
http://blogs.technet.com/markrussinovich/archive/2005/10/19/the-bypass-traverse-checking-or-is-it-the-change-notify-privilege.aspx

On 6/12/09, fac51 <fac51 () yahoo com> wrote:


 Hi All,

 I hope you can offer me some advice.

 We currently have our main fileservers; windows using NTFS permissions with all depatments folders on the root. 
Permissions are fairly well controlled but the HR directory in particular is on the root of this one large logical 
drive. (So there are many groups that probably have access when they do not need to)

 I'm planning to create a new logical partition for HR to enable me to contain permissions but is this necessary?
 If I ensured that the groups were managed better what would I gain by partitioning?

 Thanks in advance for any pointers in the right direction.

 Thanks
 S



------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most 
concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain 
a laser like insight into what is covered on the exam, with zero fluff!

http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: