.

open share vulnerability

<<

manju_salian

User avatar

Jr. Member
Jr. Member

Posts: 89

Joined: Mon Apr 09, 2007 1:31 am

Post Tue Jan 19, 2010 8:06 am

open share vulnerability

Hi,
Happy new year... :)

I am loking for the solution for share folder configured for Authenticated user & every one access . By default we have our corporate requirement to unblock the share access for some official reason. :(We ha ve multiple domains and we dont wont the shared folder to be enabled for entire domain or other domains by appying Authenticated user or every one access on shared folders. Is there any way to disable the authenticated users or everyone access through registry tweak? ??? on system.
Kindly help ......
<<

bamed

Newbie
Newbie

Posts: 48

Joined: Thu Mar 19, 2009 7:05 pm

Location: Joplin, MO

Post Tue Jan 19, 2010 10:02 am

Re: open share vulnerability

Maybe I'm missing something here.  What I gather is that you have a file share (or shares?) that currently have permission set so that "Authenticated Users" and "Everyone" have access (read and write?).  You want to limit access to these shares.  So, is there a reason you can't simply remove these groups and add only the users/groups you want to have access?
Also, could you define the "corporate requirements"?  If your company requires everyone access on all shares, you need to rethink your security policy.  Also, if you're not in IT, you should NOT be messing with the registry, or your security settings  AT ALL!  If you have security concerns, discuss them with IT.  If you are IT, I'm still missing what the issue is here.
Are you maybe trying to prevent users from creating shares with default permissions for "Everyone"?
Please clarify.
chown -R bamed ./base
<<

manju_salian

User avatar

Jr. Member
Jr. Member

Posts: 89

Joined: Mon Apr 09, 2007 1:31 am

Post Tue Jan 19, 2010 10:51 pm

Re: open share vulnerability

Bieng an IT guy I am looking to prevent users from creating shares with default permissions for "Everyone" or "Authendticated users" write access..
Last edited by manju_salian on Tue Jan 19, 2010 10:54 pm, edited 1 time in total.
<<

termight

User avatar

Newbie
Newbie

Posts: 26

Joined: Tue Aug 21, 2007 5:50 pm

Location: MARS

Post Wed Jan 20, 2010 3:09 am

Re: open share vulnerability

Hi,
    if it's your aim to prevent write access for everyone group and auth user then you need to uncheck the write access and give them read, also you can block inheritance form the main folder. if this is not the answer you expect then clearify your quetion.

termight
............
MCSE+security
>>There Is Always A Blind Spot In
>>Every Software, It's Up To Us To Find It
<<

manju_salian

User avatar

Jr. Member
Jr. Member

Posts: 89

Joined: Mon Apr 09, 2007 1:31 am

Post Wed Jan 20, 2010 5:32 am

Re: open share vulnerability

I m looking for the solution for about 12000 machines.
Looking for any mechanism for discontinuing the access for authenticated users and everyone grou on shared folders.
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Wed Jan 20, 2010 8:10 am

Re: open share vulnerability

How about a logon script that removes the Shares or changes the Permissions?  You can do this with plain old "net share" command or use a more advanced scripting language, such as VBScript or PowerShell. 
~~~~~~~~~~~~~~
Ketchup
<<

bamed

Newbie
Newbie

Posts: 48

Joined: Thu Mar 19, 2009 7:05 pm

Location: Joplin, MO

Post Wed Jan 20, 2010 8:29 am

Re: open share vulnerability

I found a vbscript at http://www.tek-tips.com/viewthread.cfm? ... 235&page=1 that looks like it does what you want.  Give it a try.
chown -R bamed ./base
<<

manju_salian

User avatar

Jr. Member
Jr. Member

Posts: 89

Joined: Mon Apr 09, 2007 1:31 am

Post Mon Feb 08, 2010 11:38 pm

Re: open share vulnerability

hi Bemed,
    The below script has been working for specified shared folder.
Still looking for the script which will scan and remove the share configured for authenticated users and Everyone group.



Thanks in advance

Return to Other

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software