/blogs/michael
Monitoring Exchange w/OpsMgr now available http://snurl.com/45ppf
From: Scott Kaufman at HQ [skauf...@ittesi.com]
Sent: Wednesday, April 01, 2009 11:59 AM
To: NT System Admin Issues
Subject: RE: File Server Security; Best Practice.
+1 on not using
+1 on not using Everyone & replacing it with Authenticated Users
Scott Kaufman
Lead Network Analyst
ITT ESI, Inc.
From: James Rankin [mailto:kz2...@googlemail.com]
Sent: Wednesday, April 01, 2009 10:51 AM
To: NT System Admin Issues
Subject: Re: File Server Security; Best Prac
I must be extra anal - I set the share permissions to Authenticated
Users/Full Control :-)
2009/4/1 Ben Scott
> On Wed, Apr 1, 2009 at 7:32 AM, Stephen Wimberly
> wrote:
> > I now have two coworkers that insist on adding user objects rather than
> > security groups directly to the file shares a
On Wed, Apr 1, 2009 at 7:32 AM, Stephen Wimberly wrote:
> I now have two coworkers that insist on adding user objects rather than
> security groups directly to the file shares as well as specific folders
> under the file share.
As everyone else said, they're wrong. Microsoft's best practices
d
From: Stephen Wimberly [mailto:riverside...@gmail.com]
Sent: Wednesday, April 01, 2009 3:12 PM
To: NT System Admin Issues
Subject: Re: File Server Security; Best Practice.
This sounds like what I needed, I'm like you, I don't keep up with the small
stuff and keep things as simple as
This sounds like what I needed, I'm like you, I don't keep up with the small
stuff and keep things as simple as possible.
Here it sounds like it's not only wasted CPU, but it stores more in RAM
(more SIDs). On a server that is already experiencing some resource issues,
we need to cut corners ever
I never ever use user objects added directly to ACLs. It just creates a
royal pain in the ass. If you've ever worked as an outsourcer and taken over
an IT infrastructure where everything is added to the ACLs in this way, you
will know just how awful it can be. Aside from the fact that when user
obj
I agree with you - use groups.
Your security token is built when you log on to a workstation and once each 10
hours after that (with a bit of randomness thrown in - I'm sure Ken can tell us
how Kerberos does that - I don't keep up with those details). :-)
That includes the groups of which you a