Re: Managing Security

• Previous message: Roger Abell: "Re: Getting user name for failed authentication"
• In reply to: Eric Graham: "Managing Security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sat, 26 Jun 2004 02:47:20 -0700

You are perhaps tackling this backwards, and in a
way that swims upstream.

With Windows you need to examine the filesystem
to see what its permissioning is. That is problematic.
The are some tools that can ease this, like Somarsoft's
DumpSec http://www.somarsoft.com

However, with Windows you also can define filesystem
security templates that state how storage should be
permissioned. Then you can use these to compare
what is to what the template states should be, and also
you can use these to make the permissions as the template
defines.

Swimming with the current, one examines what one stores,
maps how it should be permissioned, does some storage
rearrangement to simplify variations of permissions, and
then define the templates with the security configuration
toolset (the Templates and the Sec Config and Analysis
snap-ins for MMC).

Starting with your existing, make a first guess as to how
it should be permissioned, state that in a template, then
analyze and see how what you have differs from what
you stated. Iterate, and close in on what you want.

-- 
Roger Abell
Microsoft MVP (Windows Server System: Security)
MCSE (W2k3,W2k,Nt4)  MCDBA
"Eric Graham" <egraham@fdionline.net> wrote in message
news:eh3IUnsWEHA.2816@TK2MSFTNGP11.phx.gbl...
> Is there any software (inexpensive software) that would basically do
> security audits on shared folders and files?  I want to be able to print
up
> security settings for shared folders and files so I can easily see where I
> need to modify my settings.
>
> Thanks
> Eric
>
>

• Previous message: Roger Abell: "Re: Getting user name for failed authentication"
• In reply to: Eric Graham: "Managing Security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: What server hardening are you doing these days? ... permissions on their data, and Microsoft encourages ISVs to minimize ... I've been able to discuss ACLs and other security issues in Windows with ... Control or DAC (which is what you're referring to by the "stupid ... (Focus-Microsoft) Re: Customzing Security Template Files ... As you work with the Security Templates and the Security Configuration ... (which by the way also tells you where the permissions are persisted, ... >>> When configuring a service using the Security Template snapin, ... (microsoft.public.security) RE: What server hardening are you doing these days? ... hardening in windows is that consulting within the financial sector as I ... permissions on servers in a granular fashion in order to get their ... applications to work without compromising the security of their ... "...Discretionary controls are not a replacement for mandatory controls. ... (Focus-Microsoft) Re: [Full-disclosure] Microsoft Windows Vista/2003/XP/2000 file management security issues ... --You sound like many Linux/Unix guys I know who think they know Windows ... You're still acting like Windows security is ... security permissions, acting like you've never heard of the Creator ... RAG> world, then going further to assume that a bonehead administrator ... (Full-Disclosure) RE: Re[4]: Microsoft Windows Vista/2003/XP/2000 file management security issues ... --You sound like many Linux/Unix guys I know who think they know Windows ... You're still acting like Windows security is ... security permissions, acting like you've never heard of the Creator ... RAG> world, then going further to assume that a bonehead administrator ... (Bugtraq)