Security in Shared folder
Dear Experts ,
I like know how to provide security for shared folder in windows 2008 domain users
my scenario is some users with read/right with renaming file/ folders and copy paste but no delete file and folders . and how to generate log for shared folders so that we can keep watch
July 18th, 2012 5:07am
Hi,
Please refer the similar discussions
How to prevent user from deleting shared network files
http://social.technet.microsoft.com/Forums/uk/winserversecurity/thread/73b5cba3-5049-46c1-a39c-7001e1afe2a1
Preventing Users from Deleting Folders
http://www.petri.co.il/forums/showthread.php?t=4554
Best shared folders monitor tool
http://social.technet.microsoft.com/Forums/en-US/systemcentermonitoring/thread/3b7d3dfa-99e5-4aaf-a0e5-3e7dc4cb6f93/
Group Policy Audit - tracking access/event to shared folder
http://social.technet.microsoft.com/Forums/en-US/winserverGP/thread/da536d11-9d78-42d1-b670-7d6b618acb51/
HTHI do not represent the organisation I work for, all the opinions expressed here are my own.
This posting is provided "AS IS" with no warranties or guarantees and confers no rights.
- .... .- -. -.- ... --..-- ... .- -. - --- ... ....
Free Windows Admin Tool Kit Click here and download it now
July 18th, 2012 5:19am
Hi,
Please refer the similar discussions
How to prevent user from deleting shared network files
http://social.technet.microsoft.com/Forums/uk/winserversecurity/thread/73b5cba3-5049-46c1-a39c-7001e1afe2a1
Preventing Users from Deleting Folders
http://www.petri.co.il/forums/showthread.php?t=4554
Best shared folders monitor tool
http://social.technet.microsoft.com/Forums/en-US/systemcentermonitoring/thread/3b7d3dfa-99e5-4aaf-a0e5-3e7dc4cb6f93/
Group Policy Audit - tracking access/event to shared folder
http://social.technet.microsoft.com/Forums/en-US/winserverGP/thread/da536d11-9d78-42d1-b670-7d6b618acb51/
HTHI do not represent the organisation I work for, all the opinions expressed here are my own.
This posting is provided "AS IS" with no warranties or guarantees and confers no rights.
- .... .- -. -.- ... --..-- ... .- -. - --- ... ....
July 18th, 2012 5:19am
Hi,
Share permissions apply to users who connect to a shared folder over the network. Share permissions do not affect users who log on locally, or log on using Remote Desktop.
To set permissions for users who log on locally or using Remote Desktop, set NTFS file permissions using the options on the
Security tab instead of the
Share Permissions tab. If both share permissions and file system permissions are set for a shared folder, the more restrictive permissions apply when connecting to the shared folder.
You can set file system level permissions (as opposed to shared folder permissions) at the command line by using the operating system tool iCacls.exe or Cacls.exe. The tools run only on an NTFS volume.
To enable access-based enumeration on a shared folder, you must use Share and Storage Management. Access-based enumeration allows users to see only the files and folders in a shared folder to which they have permission to access. For more information, see
http://go.microsoft.com/fwlink/?LinkId=141539
> how to generate log for shared folders so that we can keep watch
You should enable Audit object access policy and configure Auditing for your shared resource.
Audit object access policy determines whether to audit the event of a user accessing an object (for example, file, folder, registry key, printer, and so forth) which has its own system access control list (SACL) specified.
Please refer to this article to configure auditing:
How to audit user access of files, folders, and printers
http://support.microsoft.com/kb/310399
For more information please refer to following MS articles:
Managing Permissions for Shared Folders
http://technet.microsoft.com/en-us/library/cc753731.aspx
Set Permissions for Shared Folders
http://technet.microsoft.com/en-us/library/cc726004.aspxLawrence
TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
July 19th, 2012 2:29am
Hi,
Share permissions apply to users who connect to a shared folder over the network. Share permissions do not affect users who log on locally, or log on using Remote Desktop.
To set permissions for users who log on locally or using Remote Desktop, set NTFS file permissions using the options on the
Security tab instead of the
Share Permissions tab. If both share permissions and file system permissions are set for a shared folder, the more restrictive permissions apply when connecting to the shared folder.
You can set file system level permissions (as opposed to shared folder permissions) at the command line by using the operating system tool iCacls.exe or Cacls.exe. The tools run only on an NTFS volume.
To enable access-based enumeration on a shared folder, you must use Share and Storage Management. Access-based enumeration allows users to see only the files and folders in a shared folder to which they have permission to access. For more information, see
http://go.microsoft.com/fwlink/?LinkId=141539
> how to generate log for shared folders so that we can keep watch
You should enable Audit object access policy and configure Auditing for your shared resource.
Audit object access policy determines whether to audit the event of a user accessing an object (for example, file, folder, registry key, printer, and so forth) which has its own system access control list (SACL) specified.
Please refer to this article to configure auditing:
How to audit user access of files, folders, and printers
http://support.microsoft.com/kb/310399
For more information please refer to following MS articles:
Managing Permissions for Shared Folders
http://technet.microsoft.com/en-us/library/cc753731.aspx
Set Permissions for Shared Folders
http://technet.microsoft.com/en-us/library/cc726004.aspxLawrence
TechNet Community Support
July 19th, 2012 2:34am