Sensitive Folder Security - Best Practice
- From: "Qafyg" <qafyg@xxxxxxxxxxx>
- Date: 24 Nov 2006 06:50:16 -0800
I work for a compagny of 800 users.
We used to have 348 shares containing departmental data. No need to
say it was hell to manage rights and especially login scripts.
I've done a big clean-up and managed to bring everything into 1 share
and give specific ntfs rights to each departments, ie.: accounting, hr,
sales, etc. I'm mapping that drive to everyone in the company and
everyone has the "List" right at the root folder to see every
department name.
I'm also wrapping my permission in global security groups. IE.:
Security_Production_Read group has list permission on the root folder
and read permission on the Production folder. This way, admins don't
have to log on the server to give permission to a department folder to
a user.
Ex:
\\Server\Departments$\Accounting
\\Server\Departments$\Human Resources
\\Server\Departments$\Production
When I told the HR Director I wanted to move his data in the a share
that everyone in the compagny sees, he really didn't like that idea.
He's afraid that if a mistake is made assigning rights, it could go
unoticed and his data would be compromised.
So my question really is, Is it an acceptable security practice to map
a drive containing folders with sensitive data to all the company if
access to the sensitive folders is controlled with NTFS permissions.
Thanks for your input.
.
- Follow-Ups:
- Re: Sensitive Folder Security - Best Practice
- From: Roger Abell [MVP]
- Re: Sensitive Folder Security - Best Practice
- Prev by Date: Re: certreq with name-format "Lastname, Firstname"
- Next by Date: Re: Scheduled Tasks - Strange Permissions Issue
- Previous by thread: Automatically force propagation of NTFS permissions...?
- Next by thread: Re: Sensitive Folder Security - Best Practice
- Index(es):
Relevant Pages
|
