Re: Shared permissions vs. security
From: Carl Gross (CarlGross_at_discussions.microsoft.com)
Date: 05/27/05
- Next message: Steven L Umbach: "Re: How to investigate"
- Previous message: B. Meincke: "Re: Deny Software Installation to Students"
- In reply to: Steven L Umbach: "Re: Shared permissions vs. security"
- Next in thread: Steven L Umbach: "Re: Shared permissions vs. security"
- Reply: Steven L Umbach: "Re: Shared permissions vs. security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 27 May 2005 10:14:04 -0700
I have had to make some changes to some of the shares and groups because they
were too insecure. Since then, I have had to add each user manually to each
workstation with Power User privileges in order to do enything.
I have also been changing the Security settings on each persons hard drive
(default is Everyone - Full Control) and in some cases I need to make them
Administrators to make install/uninstall easier. This works on most people,
but some are perplexing me by not allowing me to install some software
(antivirus updates in particular) and saving of temporary files for network
applications.
"Steven L Umbach" wrote:
> I can't recommend settings but use the principle of least privilege. If a
> user does not need to write to a share then give them only read.list/execute
> permissions.
>
> As far as hackers and worms make sure that users are forced to use strong
> passwords via security policy, that the users are not local administrators
> if they do not need be, that you keep all your computers current with
> critical security updates from Windows updates, that all computers have
> antivirus installed that can keep itself current with updates automatically
> and that the antivirus runs in autoprotect mode and scans ALL email
> attachments, and you have a firewall that protects your network. Microsoft
> makes a free tool called Microsoft Baseline Security Analyzer that can scan
> all your computers looking for basic vulnerabilities as shown at the link
> below.
>
> http://www.microsoft.com/technet/security/tools/mbsahome.mspx
>
> Microsoft also offers a free guide call Antivirus in Depth that is excellent
> in education users on what malware is, how it propagates, how to detect it,
> how to eliminate it, and how to prevent it. See the link below if
> interested. The last link is a online guide from Microsoft for securing
> small businesses. --- Steve
>
> http://www.microsoft.com/technet/security/topics/serversecurity/avdind_0.mspx
> --- Anti Virus in Depth.
> http://www.microsoft.com/smallbusiness/gtm/securityguidance/hub.mspx
>
>
> "Carl Gross" <CarlGross@discussions.microsoft.com> wrote in message
> news:18033C22-B195-4B50-91B8-208938BB23EE@microsoft.com...
> > Can you recommend a security setting that I can enter to keep viruses like
> > Backdoor.Trojan from propogating through (allowing people to work on the
> > network and yet not allow THINGS or hackers permission to run amock).
> >
> > "Carl Gross" wrote:
> >
> >> I have been trying to make our network more secure by setting each
> >> workstation hardrive shared between Domain Admins with Full Control
> >> rights.
> >>
> >> What is the difference between setting this permission and selecting the
> >> Security tab to have the same permissions except adding the SYSTEM and
> >> user
> >> at that workstation?
> >>
> >> We have W2K SP4 workstations on a SBS 2003 server.
>
>
>
- Next message: Steven L Umbach: "Re: How to investigate"
- Previous message: B. Meincke: "Re: Deny Software Installation to Students"
- In reply to: Steven L Umbach: "Re: Shared permissions vs. security"
- Next in thread: Steven L Umbach: "Re: Shared permissions vs. security"
- Reply: Steven L Umbach: "Re: Shared permissions vs. security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
