Best practice ACLs to prepare for auditors?

Posted by Nic on Server Fault See other posts from Server Fault or by Nic
Published on 2011-01-15T20:59:28Z Indexed on 2011/01/15 21:55 UTC
Read the original article Hit count: 136

Filed under:

windows-server-2008

|

ntfs

|

acl

|

audit

An auditor will be visiting our office soon, and they will require read-only access to our data. I have already created a domain user account and placed them into a group called "Auditors".

We have a single fileserver (Windows Server 2008) with about ten shared folders. All of the shares are set up to allow full access to authenticated users, and access restrictions are implemented with NTFS ACL's. Most folders allow full access to the "Domain Users" group, but the auditor won't need to make any changes. It takes several hours to update NTFS ACL's since we have about one million files. Here are the options that I am currently considering.

Create a "staff" group to assign read/write instead of "Domain Users" at the share level
Create a "staff" group to assign read/write instead of "Domain Users" at the NTFS level
Deny access to the "Auditors" group at the share level
Deny access to the "Auditors" group at the NTFS level
Accept the status quo and trust the auditor.

I will probably need to configure similar users in the future, as some of our contractors require a domain account but shouldn't be able to modify our client data. Is there a best practice for this?

© Server Fault or respective owner

Related posts about windows-server-2008

Password policy problem windows server 2008

as seen on Server Fault - Search for 'Server Fault'
Hi, I'm creating a domain and I need to make users that can have an empty password but administrators have to comply with password complexity how to I solve this problem? Thanks in advance >>> More
SAP DCOM Connector on Windows Server 2008

as seen on Stack Overflow - Search for 'Stack Overflow'
Does anybody know, if it is possible to use the "old" SAP DCOM Connector on a Windows Server 2008 ? I want to migrate a old ASP Web Solution with DCOM Connection to SAP from Windows 2000 Server to Windows 2008 Server. When I try to install the DCOM Connector I get the Error Message: "Setup could… >>> More
Windows Server 2008 R2: AD Module for Windows PowerShell

as seen on Internet.com - Search for 'Internet.com'
Windows Server 2008 R2 includes a new Active Directory module for Windows PowerShell, a consolidated group of 76 cmdlets that can perform a host of tasks against Active Directory's various services. >>> More
Windows Server 2008 Directory Services, Group Policy Preferences - More Control Panel Settings

as seen on Internet.com - Search for 'Internet.com'
In Windows Server 2008, Group Policy Preferences makes it possible to reap the chief benefits of an Active Directory environment by simplifying client management. Control Panel Settings nodes in the Group Policy Management Editor makes this possible. >>> More
Windows Server 2008 R2: Introducing the AD Administrative Center

as seen on Internet.com - Search for 'Internet.com'
The Active Directory Administrative Center in Windows Server 2008 R2 is a significant improvement over its predecessor. Although not without limitations, it offers beefed-up management of AD objects, new navigation capabilities, better task-based management options, and improvements to the properties… >>> More

Related posts about ntfs

NTFS and NTFS-3G

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I have a netbook with Ubuntu Netbook 10.04 and a desktop with Mint 10 (~ Ubuntu Desktop 10.10) Both of them have read/write NTFS partitions mounted via /etc/fstab. And it works fine. Ive read on net, google, forums, and several posts here, that NTFS-3G is the driver that allows you to have full… >>> More
NTFS partitions hidden under EXT4 file system / partition...want to recover files from NTFS

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I am new to ubuntu, but very impressed with the system. so one day i tried installing ubuntu 10.10 along with windows in dual boot first place it didnt get installed properly and during second attempt i could do it right but oh...i lost my windows 7 , here is my problem and what i have done till… >>> More
Kernel NTFS driver vs NTFS-3G

as seen on Super User - Search for 'Super User'
A more comprehensive phrased question since I lost access to the other one. I would ask that the other one be deleted, not this one, as it should not have been migrated in the first place. There are currently two NTFS drivers available for Linux. The NTFS driver included in the kernel, and the… >>> More
NTFS partitions hidden under EXT4 file system / partion...want to recover files from NTFS

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
Hi all, I am new to ubuntu, but very impressed with the system. so one day i tried installing ubuntu 10.10 along with windows in dual boot first place it didnt get installed properly and during second attempt i could do it right but oh...i lost my windows 7 , here is my problem and what i have done… >>> More
Can't write to NTFS formatted drives

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I'm not sure what has happened, but I've all of a sudden lost write access to any of my NTFS external drives. I installed a few games and apps from the software center, and now I can't make new folders or copy and paste files to anything that is NTFS. Everything is now read only, and I've tried… >>> More