|
Title: open share vulnerability Post by: Hack_80 on January 19, 2010, 07:06:20 AM Hi,
Happy new year... :) I am loking for the solution for share folder configured for Authenticated user & every one access . By default we have our corporate requirement to unblock the share access for some official reason. :(We ha ve multiple domains and we dont wont the shared folder to be enabled for entire domain or other domains by appying Authenticated user or every one access on shared folders. Is there any way to disable the authenticated users or everyone access through registry tweak? ??? on system. Kindly help ...... Title: Re: open share vulnerability Post by: bamed on January 19, 2010, 09:02:37 AM Maybe I'm missing something here. What I gather is that you have a file share (or shares?) that currently have permission set so that "Authenticated Users" and "Everyone" have access (read and write?). You want to limit access to these shares. So, is there a reason you can't simply remove these groups and add only the users/groups you want to have access?
Also, could you define the "corporate requirements"? If your company requires everyone access on all shares, you need to rethink your security policy. Also, if you're not in IT, you should NOT be messing with the registry, or your security settings AT ALL! If you have security concerns, discuss them with IT. If you are IT, I'm still missing what the issue is here. Are you maybe trying to prevent users from creating shares with default permissions for "Everyone"? Please clarify. Title: Re: open share vulnerability Post by: Hack_80 on January 19, 2010, 09:51:28 PM Bieng an IT guy I am looking to prevent users from creating shares with default permissions for "Everyone" or "Authendticated users" write access..
Title: Re: open share vulnerability Post by: T3rm1ght on January 20, 2010, 02:09:16 AM Hi,
if it's your aim to prevent write access for everyone group and auth user then you need to uncheck the write access and give them read, also you can block inheritance form the main folder. if this is not the answer you expect then clearify your quetion. termight ............ MCSE+security Title: Re: open share vulnerability Post by: Hack_80 on January 20, 2010, 04:32:17 AM I m looking for the solution for about 12000 machines.
Looking for any mechanism for discontinuing the access for authenticated users and everyone grou on shared folders. Title: Re: open share vulnerability Post by: Ketchup on January 20, 2010, 07:10:11 AM How about a logon script that removes the Shares or changes the Permissions? You can do this with plain old "net share" command or use a more advanced scripting language, such as VBScript or PowerShell.
Title: Re: open share vulnerability Post by: bamed on January 20, 2010, 07:29:59 AM I found a vbscript at http://www.tek-tips.com/viewthread.cfm?qid=1158235&page=1 that looks like it does what you want. Give it a try.
Title: Re: open share vulnerability Post by: Hack_80 on February 08, 2010, 10:38:46 PM hi Bemed,
The below script has been working for specified shared folder. Still looking for the script which will scan and remove the share configured for authenticated users and Everyone group. Thanks in advance
Powered by SMF 1.1.18 |
SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com |