Restricting network access

Started by DebAmstutz, September 28, 2016, 11:44:29 AM

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

DebAmstutz

What drives on your networks are available to everyone?  We are having a problem with someone here and my thought is restrict everything except the scanning drive and the "community" drive.  Nobody needs to be messing with anything else, unless it's an admin person.  One of the CSRs went "behind the scenes" to the IT guy and wanted scans changed to the H drive - but that one is TAM Data.  Fortunately, the IT guy knew that the HR gal should have been copied on that and forwarded the email from the CSR to HR.  So now, HR wants to limit employee access to only what is necessary. 

So - what do you do?

Thanks!
Deb Amstutz
Missing TAM 5 days a week

Jeff Zylstra

It is possible to "hide" drives and folders.   Network drives are actually shared folders off from your server.  After they are shared, they are "mapped" to assign a more friendly way to access them.  So \\ServerName\Applied is "mapped" on your system to appear as the "H:" drive.   If you add a "$" after the applied like so, \\ServerName\Applied$, that folder is now hidden and will not appear if you search the server. 

You can also hide drives in other ways as well.  I think Applied had a handout on how to do that a while back, while still maintaining access for TAM.  If you're not familiar with Windows Explorer, right click on your "start" button and choose "open windows explorer".  Now click on "computer" and also "network".   This will tell you what is accessible on your system.
"We hang the petty thieves, and appoint the great ones to public office"  -  Aesop

DebAmstutz

Thanks.  This has not been an issue previously.  Some people.... ::)
Deb Amstutz
Missing TAM 5 days a week

Mark

There are options built into windows server/active directory.  Are you talking TAM drives, or what?  You can set permissions that deny users the ability to list folder contents, but still allow them to read/write to files in those folders if they have the direct path.  There are other options as well, but again it depends on what is needed.  You can block read access or write access or completely block access - all based on group or specific user.
Mark Piontek, MBA
Director of Information Systems
BS in Information Systems Security

DebAmstutz

Deb Amstutz
Missing TAM 5 days a week

Jeff Golas

One best practice though, is to make a "security group" based on your needs, and just add the person to that.

You can use them either as a "access" or "deny" rule, so you can create a security group of "restricted" and then for each resource you want to block, you would just say "Deny" the "Restricted" group from accessing this. That way you dont have to bucket your other users, only the minimal ones you want to access.

Sounds to me like this may be more of an HR issue though - I've been talking about workflows all afternoon soo my mind is left-centric at the moment lol.
Jeff Golas
Johnson, Kendall & Johnson, Inc. :: Newtown, PA
Epic Online w/CSR24
http://www.jkj.com

DebAmstutz

Thanks, Jeff. 

(workflows can do that  :o)
Deb Amstutz
Missing TAM 5 days a week