Jump to content

Network Permissions

Guest MichaelC

By Guest MichaelC
in Techno Babble

 Share

Recommended Posts

Guest MichaelC

Guest MichaelC

Posted
Posted

I have done much research on NTFS permissions and securing network shares and

such and have a few questions I cannot find answers for. So I look to you for

help style_emoticons/

 

In my current network setup, we have network shares on seperate drives from

which the OS was installed (W2k3).

 

On these drives, there are permissions that are allowing everyone to view

and write data to areas they shouldnt be.

 

I would rather not have everyone "list folder contents" as it is shown on

the drive permissions and the Users group can create folders and append data.

 

I want to know what are common best practices for root drives with network

shares on them. Should I remove the "Users" and "Everyone" groups from the

root drive so these permissions are not inherited?

 

I am looking to only having Administrators, CREATOR OWNER and SYSTEM to have

Full Control permissions on the root and then apply group permissions to

shares as needed.

 

Does this sound right? Can this create any issues besides people not being

able to browse that could once before?

 

Also, if this is a good idea, I could also implement ABE to allow users to

reach folders deep in the hierarchy that they have permissions to correct?

 

Our current structure is a mess and I am trying to get it cleaned up and am

looking for some pointers to get me going in the right direction.

 

Thanks for all your help!

  • 4 weeks later...
  • Replies 1
  • Created
  • Last Reply

Popular Days

Popular Days

Guest S. Pidgorny

Guest S. Pidgorny

Posted
Posted

G'day:

 

MichaelC wrote:

<span style="color:blue">

> I want to know what are common best practices for root drives with network

> shares on them. Should I remove the "Users" and "Everyone" groups from the

> root drive so these permissions are not inherited?

>

> I am looking to only having Administrators, CREATOR OWNER and SYSTEM to have

> Full Control permissions on the root and then apply group permissions to

> shares as needed.</span>

 

The best practice I follow is this: don't deviate from the defaults

unless you have strong reasons to. So I suggest this: after running

Security Configuration Wizard on the system, only change NTFS and share

permissions on the shares.

 

Changing permissions in a way you've described would work, but it's

excessive.

 

--

Svyatoslav Pidgorny, MCSE, RHCE

-= F1 is the key =-

 

http://sl.mvps.org http://msmvps.com/blogs/sp

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...