Quantcast
Channel: File Services and Storage forum
Viewing all articles
Browse latest Browse all 13565

Correct permissions for secure home directory

$
0
0

Let me start off by saying this isn't a question about getting home directories to work properly for multiple users. I am looking for some documentation on securing file servers and shares for home directory use. Situation I am dealing with is this:

Our CEO does not like the fact that anybody in the admins group can see her home folder and its contents.  I have restricted the Local System account down to read/write permissions so I can back up her directory and removed all of the permissions of Domain Admins down to read/write attributes and read/write/change permission entries on the top (root of the share) directory and below.

My issue mainly is that my understanding of things leads me to think that if I pull Domain Admins off of that directory security I make it harder to manage at the root level and her level and to do anything later I would have to take ownership of the folder or have her walk through adding a proper user or group back in to then give us correct permssions, while not really effectively increasing the security because I can still take ownership and break my way back in if I or anybody in domain admins wanted to.

So, does anybody know of the proper way to secure the server and share?  There has to be a way.  I have thrown out the idea of EFS on her home directory but there has to be downsides to that I am not aware of it seems.  Also talked about RMS (Rights Management Services) but that only works on Office files, not PDF's and such.  I have googled and searched bing about this but I am only turning up articles on fixing permissions for general home directory setup, nothing in depth.


Viewing all articles
Browse latest Browse all 13565

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>