Open Access to Shares

P

Paul

Guest
Hopefully a quick question, I have just moved to a new organisation, which is

having a problem with staff bringing laptops and attaching then to the

network.

Accessing the file shares directly without joining the domain, the shared

permissions are currently set to full control, with NTFS allowing only

authenticated users access to the shares.

So Jo Blogs comes along with his laptop, plug into the network, copies the

network settings from a legitimate client and then log’s on with his username

& password to the file share.

How can I ensure that only domain clients can have access to network shared

recources?

Many thanks in advance.

--

Paul

 
S

S. Pidgorny

Guest
Not easily.

IPsec can make sure only authorised systems can connect to the resources.

NAP can be used to make sure connecting systems are compliant to the

organisational policy (eg up to date with fixes etc) - that goes on top of

the computer authentication.

--

Svyatoslav Pidgorny, MS MVP - Security, MCSE

-= F1 is the key =-

http://sl.mvps.org http://msmvps.com/blogs/sp

"Paul" <Paul@discussions.microsoft.com> wrote in message

news:66CC94AE-72A8-4202-8C77-58149C62C58B@microsoft.com...<span style="color:blue">

> Hopefully a quick question, I have just moved to a new organisation, which

> is

> having a problem with staff bringing laptops and attaching then to the

> network.

> Accessing the file shares directly without joining the domain, the shared

> permissions are currently set to full control, with NTFS allowing only

> authenticated users access to the shares.

> So Jo Blogs comes along with his laptop, plug into the network, copies the

> network settings from a legitimate client and then log's on with his

> username

> & password to the file share.

> How can I ensure that only domain clients can have access to network

> shared

> recources?

>

> Many thanks in advance.

> --

> Paul </span>

 
P

Paul

Guest
Thanks for your speedy response;

Thus far we only allow users only access to their own files, changing NTFS

permissions of authenticated users to owner only access, that way they can

only see their own documents but this doesn’t stop the possibility of virus

infection as the files are accessed directly on the server.

How complicated is an implementation of IPSEC across the network, and would

users notice any change in service.

One final spanner, is that we also support 10 MAC running OSX would IPSEC

accommodate this?

--

Paul

"S. Pidgorny <MVP>" wrote:

<span style="color:blue">

> Not easily.

>

> IPsec can make sure only authorised systems can connect to the resources.

> NAP can be used to make sure connecting systems are compliant to the

> organisational policy (eg up to date with fixes etc) - that goes on top of

> the computer authentication.

>

> --

> Svyatoslav Pidgorny, MS MVP - Security, MCSE

> -= F1 is the key =-

>

> http://sl.mvps.org http://msmvps.com/blogs/sp

>

> "Paul" <Paul@discussions.microsoft.com> wrote in message

> news:66CC94AE-72A8-4202-8C77-58149C62C58B@microsoft.com...<span style="color:green">

> > Hopefully a quick question, I have just moved to a new organisation, which

> > is

> > having a problem with staff bringing laptops and attaching then to the

> > network.

> > Accessing the file shares directly without joining the domain, the shared

> > permissions are currently set to full control, with NTFS allowing only

> > authenticated users access to the shares.

> > So Jo Blogs comes along with his laptop, plug into the network, copies the

> > network settings from a legitimate client and then log's on with his

> > username

> > & password to the file share.

> > How can I ensure that only domain clients can have access to network

> > shared

> > recources?

> >

> > Many thanks in advance.

> > --

> > Paul </span>

>

>

> </span>

 
S

S. Pidgorny

Guest
Deploying IPsec in Windows domain is relatively easy, especially in

smaller-scale infrastructures. Reading:

http://technet.microsoft.com/en-us/network/bb531150.aspx

OS X support is a tricky bit - Apple supports IPsec as a VPN protocol (point

to point connections to a router) but not the transport mode. This is a

small challenge, giving you two options - either make exclusions from the

IPsec policuy on the servers, or implement a VPN-like connection from the

Macs to your network.

--

Svyatoslav Pidgorny, MS MVP - Security, MCSE

-= F1 is the key =-

http://sl.mvps.org http://msmvps.com/blogs/sp

"Paul" <Paul@discussions.microsoft.com> wrote in message

news:D3EE525B-D397-4781-BB3A-57EAB68BC1F1@microsoft.com...<span style="color:blue">

> Thanks for your speedy response;

> Thus far we only allow users only access to their own files, changing NTFS

> permissions of authenticated users to owner only access, that way they can

> only see their own documents but this doesn't stop the possibility of

> virus

> infection as the files are accessed directly on the server.

> How complicated is an implementation of IPSEC across the network, and

> would

> users notice any change in service.

>

> One final spanner, is that we also support 10 MAC running OSX would IPSEC

> accommodate this?

> --

> Paul

>

>

> "S. Pidgorny <MVP>" wrote:

><span style="color:green">

>> Not easily.

>>

>> IPsec can make sure only authorised systems can connect to the resources.

>> NAP can be used to make sure connecting systems are compliant to the

>> organisational policy (eg up to date with fixes etc) - that goes on top

>> of

>> the computer authentication.

>>

>> --

>> Svyatoslav Pidgorny, MS MVP - Security, MCSE

>> -= F1 is the key =-

>>

>> http://sl.mvps.org http://msmvps.com/blogs/sp

>>

>> "Paul" <Paul@discussions.microsoft.com> wrote in message

>> news:66CC94AE-72A8-4202-8C77-58149C62C58B@microsoft.com...<span style="color:darkred">

>> > Hopefully a quick question, I have just moved to a new organisation,

>> > which

>> > is

>> > having a problem with staff bringing laptops and attaching then to the

>> > network.

>> > Accessing the file shares directly without joining the domain, the

>> > shared

>> > permissions are currently set to full control, with NTFS allowing only

>> > authenticated users access to the shares.

>> > So Jo Blogs comes along with his laptop, plug into the network, copies

>> > the

>> > network settings from a legitimate client and then log's on with his

>> > username

>> > & password to the file share.

>> > How can I ensure that only domain clients can have access to network

>> > shared

>> > recources?

>> >

>> > Many thanks in advance.

>> > --

>> > Paul</span>

>>

>>

>> </span></span>

 
P

Paul

Guest
Once again thanks very much for your time and responce

Regards

--

Paul

"S. Pidgorny <MVP>" wrote:

<span style="color:blue">

> Deploying IPsec in Windows domain is relatively easy, especially in

> smaller-scale infrastructures. Reading:

>

> http://technet.microsoft.com/en-us/network/bb531150.aspx

>

> OS X support is a tricky bit - Apple supports IPsec as a VPN protocol (point

> to point connections to a router) but not the transport mode. This is a

> small challenge, giving you two options - either make exclusions from the

> IPsec policuy on the servers, or implement a VPN-like connection from the

> Macs to your network.

>

>

> --

> Svyatoslav Pidgorny, MS MVP - Security, MCSE

> -= F1 is the key =-

>

> http://sl.mvps.org http://msmvps.com/blogs/sp

>

>

> "Paul" <Paul@discussions.microsoft.com> wrote in message

> news:D3EE525B-D397-4781-BB3A-57EAB68BC1F1@microsoft.com...<span style="color:green">

> > Thanks for your speedy response;

> > Thus far we only allow users only access to their own files, changing NTFS

> > permissions of authenticated users to owner only access, that way they can

> > only see their own documents but this doesn't stop the possibility of

> > virus

> > infection as the files are accessed directly on the server.

> > How complicated is an implementation of IPSEC across the network, and

> > would

> > users notice any change in service.

> >

> > One final spanner, is that we also support 10 MAC running OSX would IPSEC

> > accommodate this?

> > --

> > Paul

> >

> >

> > "S. Pidgorny <MVP>" wrote:

> ><span style="color:darkred">

> >> Not easily.

> >>

> >> IPsec can make sure only authorised systems can connect to the resources.

> >> NAP can be used to make sure connecting systems are compliant to the

> >> organisational policy (eg up to date with fixes etc) - that goes on top

> >> of

> >> the computer authentication.

> >>

> >> --

> >> Svyatoslav Pidgorny, MS MVP - Security, MCSE

> >> -= F1 is the key =-

> >>

> >> http://sl.mvps.org http://msmvps.com/blogs/sp

> >>

> >> "Paul" <Paul@discussions.microsoft.com> wrote in message

> >> news:66CC94AE-72A8-4202-8C77-58149C62C58B@microsoft.com...

> >> > Hopefully a quick question, I have just moved to a new organisation,

> >> > which

> >> > is

> >> > having a problem with staff bringing laptops and attaching then to the

> >> > network.

> >> > Accessing the file shares directly without joining the domain, the

> >> > shared

> >> > permissions are currently set to full control, with NTFS allowing only

> >> > authenticated users access to the shares.

> >> > So Jo Blogs comes along with his laptop, plug into the network, copies

> >> > the

> >> > network settings from a legitimate client and then log's on with his

> >> > username

> >> > & password to the file share.

> >> > How can I ensure that only domain clients can have access to network

> >> > shared

> >> > recources?

> >> >

> >> > Many thanks in advance.

> >> > --

> >> > Paul

> >>

> >>

> >> </span></span>

>

>

> </span>

 
D

David H. Lipman

Guest
From: "Paul" <Paul@discussions.microsoft.com>

| Hopefully a quick question, I have just moved to a new organisation, which is

| having a problem with staff bringing laptops and attaching then to the

| network.

| Accessing the file shares directly without joining the domain, the shared

| permissions are currently set to full control, with NTFS allowing only

| authenticated users access to the shares.

| So Jo Blogs comes along with his laptop, plug into the network, copies the

| network settings from a legitimate client and then log’s on with his username

| & password to the file share.

| How can I ensure that only domain clients can have access to network shared

| recources?

|

| Many thanks in advance.

Set the shares to ONLY allow access to Domain Members such as those that are in an OU group.

--

Dave

http://www.claymania.com/removal-trojan-adware.html

Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

 
You must log in or register to reply here.
Top Bottom