Jump to content

Open Access to Shares

Guest Paul

By Guest Paul
in Techno Babble

 Share

Recommended Posts

Guest Paul

Guest Paul

Posted
Posted

Hopefully a quick question, I have just moved to a new organisation, which is

having a problem with staff bringing laptops and attaching then to the

network.

Accessing the file shares directly without joining the domain, the shared

permissions are currently set to full control, with NTFS allowing only

authenticated users access to the shares.

So Jo Blogs comes along with his laptop, plug into the network, copies the

network settings from a legitimate client and then log’s on with his username

& password to the file share.

How can I ensure that only domain clients can have access to network shared

recources?

 

Many thanks in advance.

--

Paul

  • Replies 5
  • Created
  • Last Reply

Popular Days

Popular Days

Guest S. Pidgorny

Guest S. Pidgorny

Posted
Posted

Not easily.

 

IPsec can make sure only authorised systems can connect to the resources.

NAP can be used to make sure connecting systems are compliant to the

organisational policy (eg up to date with fixes etc) - that goes on top of

the computer authentication.

 

--

Svyatoslav Pidgorny, MS MVP - Security, MCSE

-= F1 is the key =-

 

http://sl.mvps.org http://msmvps.com/blogs/sp

 

"Paul" <Paul@discussions.microsoft.com> wrote in message

news:66CC94AE-72A8-4202-8C77-58149C62C58B@microsoft.com...<span style="color:blue">

> Hopefully a quick question, I have just moved to a new organisation, which

> is

> having a problem with staff bringing laptops and attaching then to the

> network.

> Accessing the file shares directly without joining the domain, the shared

> permissions are currently set to full control, with NTFS allowing only

> authenticated users access to the shares.

> So Jo Blogs comes along with his laptop, plug into the network, copies the

> network settings from a legitimate client and then log's on with his

> username

> & password to the file share.

> How can I ensure that only domain clients can have access to network

> shared

> recources?

>

> Many thanks in advance.

> --

> Paul </span>

Guest Paul

Guest Paul

Posted
Posted

Thanks for your speedy response;

Thus far we only allow users only access to their own files, changing NTFS

permissions of authenticated users to owner only access, that way they can

only see their own documents but this doesn’t stop the possibility of virus

infection as the files are accessed directly on the server.

How complicated is an implementation of IPSEC across the network, and would

users notice any change in service.

 

One final spanner, is that we also support 10 MAC running OSX would IPSEC

accommodate this?

--

Paul

 

 

"S. Pidgorny <MVP>" wrote:

<span style="color:blue">

> Not easily.

>

> IPsec can make sure only authorised systems can connect to the resources.

> NAP can be used to make sure connecting systems are compliant to the

> organisational policy (eg up to date with fixes etc) - that goes on top of

> the computer authentication.

>

> --

> Svyatoslav Pidgorny, MS MVP - Security, MCSE

> -= F1 is the key =-

>

> http://sl.mvps.org http://msmvps.com/blogs/sp

>

> "Paul" <Paul@discussions.microsoft.com> wrote in message

> news:66CC94AE-72A8-4202-8C77-58149C62C58B@microsoft.com...<span style="color:green">

> > Hopefully a quick question, I have just moved to a new organisation, which

> > is

> > having a problem with staff bringing laptops and attaching then to the

> > network.

> > Accessing the file shares directly without joining the domain, the shared

> > permissions are currently set to full control, with NTFS allowing only

> > authenticated users access to the shares.

> > So Jo Blogs comes along with his laptop, plug into the network, copies the

> > network settings from a legitimate client and then log's on with his

> > username

> > & password to the file share.

> > How can I ensure that only domain clients can have access to network

> > shared

> > recources?

> >

> > Many thanks in advance.

> > --

> > Paul </span>

>

>

> </span>

Guest S. Pidgorny

Guest S. Pidgorny

Posted
Posted

Deploying IPsec in Windows domain is relatively easy, especially in

smaller-scale infrastructures. Reading:

 

http://technet.microsoft.com/en-us/network/bb531150.aspx

 

OS X support is a tricky bit - Apple supports IPsec as a VPN protocol (point

to point connections to a router) but not the transport mode. This is a

small challenge, giving you two options - either make exclusions from the

IPsec policuy on the servers, or implement a VPN-like connection from the

Macs to your network.

 

 

--

Svyatoslav Pidgorny, MS MVP - Security, MCSE

-= F1 is the key =-

 

http://sl.mvps.org http://msmvps.com/blogs/sp

 

 

"Paul" <Paul@discussions.microsoft.com> wrote in message

news:D3EE525B-D397-4781-BB3A-57EAB68BC1F1@microsoft.com...<span style="color:blue">

> Thanks for your speedy response;

> Thus far we only allow users only access to their own files, changing NTFS

> permissions of authenticated users to owner only access, that way they can

> only see their own documents but this doesn't stop the possibility of

> virus

> infection as the files are accessed directly on the server.

> How complicated is an implementation of IPSEC across the network, and

> would

> users notice any change in service.

>

> One final spanner, is that we also support 10 MAC running OSX would IPSEC

> accommodate this?

> --

> Paul

>

>

> "S. Pidgorny <MVP>" wrote:

><span style="color:green">

>> Not easily.

>>

>> IPsec can make sure only authorised systems can connect to the resources.

>> NAP can be used to make sure connecting systems are compliant to the

>> organisational policy (eg up to date with fixes etc) - that goes on top

>> of

>> the computer authentication.

>>

>> --

>> Svyatoslav Pidgorny, MS MVP - Security, MCSE

>> -= F1 is the key =-

>>

>> http://sl.mvps.org http://msmvps.com/blogs/sp

>>

>> "Paul" <Paul@discussions.microsoft.com> wrote in message

>> news:66CC94AE-72A8-4202-8C77-58149C62C58B@microsoft.com...<span style="color:darkred">

>> > Hopefully a quick question, I have just moved to a new organisation,

>> > which

>> > is

>> > having a problem with staff bringing laptops and attaching then to the

>> > network.

>> > Accessing the file shares directly without joining the domain, the

>> > shared

>> > permissions are currently set to full control, with NTFS allowing only

>> > authenticated users access to the shares.

>> > So Jo Blogs comes along with his laptop, plug into the network, copies

>> > the

>> > network settings from a legitimate client and then log's on with his

>> > username

>> > & password to the file share.

>> > How can I ensure that only domain clients can have access to network

>> > shared

>> > recources?

>> >

>> > Many thanks in advance.

>> > --

>> > Paul</span>

>>

>>

>> </span></span>

Guest Paul

Guest Paul

Posted
Posted

Once again thanks very much for your time and responce

 

Regards

--

Paul

 

 

"S. Pidgorny <MVP>" wrote:

<span style="color:blue">

> Deploying IPsec in Windows domain is relatively easy, especially in

> smaller-scale infrastructures. Reading:

>

> http://technet.microsoft.com/en-us/network/bb531150.aspx

>

> OS X support is a tricky bit - Apple supports IPsec as a VPN protocol (point

> to point connections to a router) but not the transport mode. This is a

> small challenge, giving you two options - either make exclusions from the

> IPsec policuy on the servers, or implement a VPN-like connection from the

> Macs to your network.

>

>

> --

> Svyatoslav Pidgorny, MS MVP - Security, MCSE

> -= F1 is the key =-

>

> http://sl.mvps.org http://msmvps.com/blogs/sp

>

>

> "Paul" <Paul@discussions.microsoft.com> wrote in message

> news:D3EE525B-D397-4781-BB3A-57EAB68BC1F1@microsoft.com...<span style="color:green">

> > Thanks for your speedy response;

> > Thus far we only allow users only access to their own files, changing NTFS

> > permissions of authenticated users to owner only access, that way they can

> > only see their own documents but this doesn't stop the possibility of

> > virus

> > infection as the files are accessed directly on the server.

> > How complicated is an implementation of IPSEC across the network, and

> > would

> > users notice any change in service.

> >

> > One final spanner, is that we also support 10 MAC running OSX would IPSEC

> > accommodate this?

> > --

> > Paul

> >

> >

> > "S. Pidgorny <MVP>" wrote:

> ><span style="color:darkred">

> >> Not easily.

> >>

> >> IPsec can make sure only authorised systems can connect to the resources.

> >> NAP can be used to make sure connecting systems are compliant to the

> >> organisational policy (eg up to date with fixes etc) - that goes on top

> >> of

> >> the computer authentication.

> >>

> >> --

> >> Svyatoslav Pidgorny, MS MVP - Security, MCSE

> >> -= F1 is the key =-

> >>

> >> http://sl.mvps.org http://msmvps.com/blogs/sp

> >>

> >> "Paul" <Paul@discussions.microsoft.com> wrote in message

> >> news:66CC94AE-72A8-4202-8C77-58149C62C58B@microsoft.com...

> >> > Hopefully a quick question, I have just moved to a new organisation,

> >> > which

> >> > is

> >> > having a problem with staff bringing laptops and attaching then to the

> >> > network.

> >> > Accessing the file shares directly without joining the domain, the

> >> > shared

> >> > permissions are currently set to full control, with NTFS allowing only

> >> > authenticated users access to the shares.

> >> > So Jo Blogs comes along with his laptop, plug into the network, copies

> >> > the

> >> > network settings from a legitimate client and then log's on with his

> >> > username

> >> > & password to the file share.

> >> > How can I ensure that only domain clients can have access to network

> >> > shared

> >> > recources?

> >> >

> >> > Many thanks in advance.

> >> > --

> >> > Paul

> >>

> >>

> >> </span></span>

>

>

> </span>

Guest David H. Lipman

Guest David H. Lipman

Posted
Posted

From: "Paul" <Paul@discussions.microsoft.com>

 

| Hopefully a quick question, I have just moved to a new organisation, which is

| having a problem with staff bringing laptops and attaching then to the

| network.

| Accessing the file shares directly without joining the domain, the shared

| permissions are currently set to full control, with NTFS allowing only

| authenticated users access to the shares.

| So Jo Blogs comes along with his laptop, plug into the network, copies the

| network settings from a legitimate client and then log’s on with his username

| & password to the file share.

| How can I ensure that only domain clients can have access to network shared

| recources?

|

| Many thanks in advance.

 

Set the shares to ONLY allow access to Domain Members such as those that are in an OU group.

 

--

Dave

http://www.claymania.com/removal-trojan-adware.html

Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...