Hello,
I have a file server on a domain on which is stored individual shares for each user. I have a coworker who changes the permissions and adds, what I believe to be, unnecessary users and groups to the security list.
I need a ‘best practices’ answer on what the security settings should be for the shares.
There is one folder which contains all of the individual shares. One of the first things he does is share that root folder which I think is completely unnecessary, and all the subfolders, the actual shares, inherret all the crap from this.
For each individual share, he shares the folder with the following permissions:
The domain user name in question
Authenticated Users
The following are in the security list from him entering it manually and from the aforementioned root security settings:
Domain Administrators
Local machine administrators
Creator Owner
Domain Admins
Domain Users
System
Local machine users
This seems like a bloated, unsecured, shotgun approach to me.
My thoughts are as follows…
The share permissions:
The domain user name in question.
The security list, I would think, should take care of itself? The problem is that it inherits all the crap he has on the unnecessary root share, so I need to clean that up first.
Thanks in advance,
-Travis