Re: Corporate File control

From: Lanwench [MVP - Exchange] (lanwench_at_heybuddy.donotsendme.unsolicitedmail.atyahoo.com)
Date: 03/09/04


Date: Tue, 9 Mar 2004 12:02:36 -0500

General note - users should probably never have Full Control over any folder
(except roaming profile folder) - Modify is quite enough.

How often are you finding you need to change permissions? I rarely have to
do this - I set up the permissions on the folders when I set up the server,
and rarely need to modify them unless someone wants a new share that is
restricted to a certain group.

Re viruses - you ought to be running good antivirus software (ideally,
centrally managed) that can scan mail, as well as centrally managed server&
workstation AV software. I use Trend products and have them set to update
from Trend every hour....block Yahoo mail., Hotmail, (and POP/IMAP also if
you have your own mail server).

The rest of your questions - too large for me to be able to answer right
now. Not enough coffee. ;-)

Milton Bliss wrote:
> two questions
>
> 1) who should control user access rights in a file server? IT or data
> owners?
>
> 2) where can if find a document that describes all the NTFS setting in
> IMMENSE detail? There a dozen little setting I only generally
> understand.
>
>
>
> mydoom.f came visiting 2/24/4, two weeks later my systems are
> recovered
>
> The virus was effective at deleting many files because I give most
> people high permissions on the file server. This is because I do not
> understand the settings, nor have I taken the time to ascertain the
> users actual needs. It is easier to give them all rights and not
> worry about it. - I'm worried now.
>
>
>
> I proposed to make each department head administer file permissions
> within their department's data.
>
>
>
> My boss say's "too many cooks spoil the soup"
>
>
>
> What is the best practice? It is true the department heads are busy
> non-technical accountants, marketers, and nurses. Teaching them the
> minutia of NTFS permissions would be challenging. Convincing them to
> maintain the permissions concerns me. Further, does Active Directory
> provide me a way to allow the Marketing director to add/delete people
> to/from the MarketingSecurity group? Then does NTFS allow me to give
> that same Marketing director control the exact rights each security
> group has in a specific set of directories?
>
>
>
> On the other hand, I certainly don't have time. Am I better off
> hiring a clerk to maintain AD and NTFS for the entire company?
>
>
>
> The second question of course is the technical detail, where can I
> find good documentation on NTFS settings? I'll need to know what the
> settings do whether I use them, teach them to department heads or a
> clerk.
>
>
>
> I am grateful for direction of the sages.



Relevant Pages

  • Re: Ownsership and Rights
    ... Full Controll set up for bothe the NTFS and for the share. ... Also, when I am logged into the server as Administrator, and I check the ... Effective Permissions does not work as well. ... That I'm working on has share rights of Everyone, ...
    (microsoft.public.windows.server.sbs)
  • Re: Corporate File control
    ... How often are you finding you need to change permissions? ... do this - I set up the permissions on the folders when I set up the server, ... > minutia of NTFS permissions would be challenging. ... > find good documentation on NTFS settings? ...
    (microsoft.public.win2000.file_system)
  • Re: appears to loose authentication
    ... me to think that there are security and permissions issues. ... to any shares below is baffling and also suspectable to incorrect NTFS ... an invalid DNS server in the Tcp/Ip settings. ... I checked the share and ntfs permissions on the goldmine share, ...
    (microsoft.public.security)
  • Re: TS user Permission issue to network from TS server.
    ... You may not have the appropriate permissions to ... User Configuration - Windows Settings - Folder Redirection ... MCSE, CCEA, Microsoft MVP - Terminal Server ... and access the accounting package as any of the users. ...
    (microsoft.public.windows.terminal_services)
  • RE: IIS 6 FTP
    ... the server after making a permissions change causes the settings to work ... This leads me to believe that the settings are cached ... Objet: IIS 6 FTP ... I configured permissions using two groups: ...
    (Security-Basics)