RE: File Server Security; Best Practice.

2009-04-01 Thread Michael B. Smith
/blogs/michael Monitoring Exchange w/OpsMgr now available http://snurl.com/45ppf From: Scott Kaufman at HQ [skauf...@ittesi.com] Sent: Wednesday, April 01, 2009 11:59 AM To: NT System Admin Issues Subject: RE: File Server Security; Best Practice. +1 on not using

RE: File Server Security; Best Practice.

2009-04-01 Thread Scott Kaufman at HQ
+1 on not using Everyone & replacing it with Authenticated Users Scott Kaufman Lead Network Analyst ITT ESI, Inc. From: James Rankin [mailto:kz2...@googlemail.com] Sent: Wednesday, April 01, 2009 10:51 AM To: NT System Admin Issues Subject: Re: File Server Security; Best Prac

Re: File Server Security; Best Practice.

2009-04-01 Thread James Rankin
I must be extra anal - I set the share permissions to Authenticated Users/Full Control :-) 2009/4/1 Ben Scott > On Wed, Apr 1, 2009 at 7:32 AM, Stephen Wimberly > wrote: > > I now have two coworkers that insist on adding user objects rather than > > security groups directly to the file shares a

Re: File Server Security; Best Practice.

2009-04-01 Thread Ben Scott
On Wed, Apr 1, 2009 at 7:32 AM, Stephen Wimberly wrote: > I now have two coworkers that insist on adding user objects rather than > security groups directly to the file shares as well as specific folders > under the file share. As everyone else said, they're wrong. Microsoft's best practices d

RE: File Server Security; Best Practice.

2009-04-01 Thread René de Haas
From: Stephen Wimberly [mailto:riverside...@gmail.com] Sent: Wednesday, April 01, 2009 3:12 PM To: NT System Admin Issues Subject: Re: File Server Security; Best Practice. This sounds like what I needed, I'm like you, I don't keep up with the small stuff and keep things as simple as

Re: File Server Security; Best Practice.

2009-04-01 Thread Stephen Wimberly
This sounds like what I needed, I'm like you, I don't keep up with the small stuff and keep things as simple as possible. Here it sounds like it's not only wasted CPU, but it stores more in RAM (more SIDs). On a server that is already experiencing some resource issues, we need to cut corners ever

Re: File Server Security; Best Practice.

2009-04-01 Thread James Rankin
I never ever use user objects added directly to ACLs. It just creates a royal pain in the ass. If you've ever worked as an outsourcer and taken over an IT infrastructure where everything is added to the ACLs in this way, you will know just how awful it can be. Aside from the fact that when user obj

RE: File Server Security; Best Practice.

2009-04-01 Thread Michael B. Smith
I agree with you - use groups. Your security token is built when you log on to a workstation and once each 10 hours after that (with a bit of randomness thrown in - I'm sure Ken can tell us how Kerberos does that - I don't keep up with those details). :-) That includes the groups of which you a