Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Share Permissions

from [mcclenbw] Network Security [Permanent Link]
Subject: RE: Share Permissions
Date: Wed, 6 Sep 2006 08:10:05 -0400 
Create one user share, and then give each user access to their folder
under the share (\\servername\sharename($)\userfoldername).  Now account
operators don't need to create shares.

For the "Bonus Problem", just create another share pointing to the drive
root. Like \\server\fdrive$. You can have multiple shares pointing to a
single share point.

Brady McClenon
Administrative Computer Services
State University College at Oneonta
Oneonta, NY  13820



-----Original Message-----
From: Monrad.DC@forces.gc.ca [mailto:Monrad.DC@forces.gc.ca] 
Sent: Tuesday, September 05, 2006 10:39 AM
To: focus-ms@securityfocus.com
Subject: Share Permissions

We have several W2K3 file & print servers maintained by our 
server team.

I am trying to follow least privileges principles and set up 
permissions for our account operators to have the minimum 
required rights on these servers to do their jobs.

Done:

1.  Create personal folders - No problem, NTFS rights on a 
folder for user drives solves this.

2.  Set permissions on personal folders - No problem - Full 
rights for techs so they can set permissions.

Problem:

  Create shares - As far as I can tell, only power users and 
administrators have the rights to create shares.  
  I don't want the account operators to have the additional 
rights that come with the power user group.

Bonus Problem:

  We have numerous drives holding different shares based on 
department and function.  Giving the account operators rights 
to traverse through the root share on all non -system shares 
would ease their job.  The ability to create a share using 
MMC and navigate through the root to the user share is just 
one example of this.  I have not been able to find a way to 
effectively change the permissions on the root share (i.e. 
F$) without disabling all admin shares and creating more 
problems after a reboot or server service restart.

Any help would be appreciated.

Drew

--------------------------------------------------------------
-------------
--------------------------------------------------------------
-------------




---------------------------------------------------------------------------
---------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Share Permissions, Aleksandr Sevostjanov
Next by Date:  SecurityFocus Microsoft Newsletter #307, mfossi
Previous by Thread:  FW: MST transforms templates from sec persepctive?, Murda Mcloud
Next by Thread:  RE: Share Permissions, mcclenbw
Indexes:  [Date] [Thread] [Top] [All Lists]