Nested Shares - Security Implications

Discussion in 'MCSA' started by Guest, Apr 4, 2005.

  1. Guest

    Guest Guest

    Hey,

    Assuming I have the following directorty structure:

    X:\sub1\sub2

    I share X:\ and use NTFS permission to allow access to
    sub1 across my network.

    However, I wish to share sub2 and not grant access to all
    who have acces to sub1 (inheritance) BUT also give access
    to some users who do not have access to sub1.

    I can think of two ways to do this:

    1) Grant 'List and Traverse' NTFS permissions to those
    users who need access to sub2 so allow them to get through
    sub1. Grant these users appropratie permissions (RWXD) to
    sub2.

    Block inheritance on sub2 (maybe deny permissions to users
    of sub1?).

    OR

    2) Remove all permissions on sub2.

    Create a separate network share on the sub2 folder (DFS??).

    Grant permissions to users to access the sub2 share.

    My question is about the security implications of the
    network for each of these solutions ie is the the second
    solution secure (I'm under the impression nesting shares
    is not a good idea from a network security standpoint) or
    does it create a possible security hole?

    Solution one will however allow users to look at the
    contents of sub1 (though not do anything to them) - though
    may be more time consuming to set up and manage due to the
    complexity of permissions....

    Or is there another solution that I haven't thought of?

    Thanks in advance,

    Scott.
    Guest, Apr 4, 2005
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. R Siffredi

    IPSEC/GRE VPN nested

    R Siffredi, May 12, 2004, in forum: Cisco
    Replies:
    0
    Views:
    568
    R Siffredi
    May 12, 2004
  2. Steve
    Replies:
    1
    Views:
    3,459
    Steve
    Nov 30, 2005
  3. AM

    Nested groups PIX.

    AM, Jan 31, 2006, in forum: Cisco
    Replies:
    1
    Views:
    1,215
    Walter Roberson
    Feb 1, 2006
  4. AM
    Replies:
    0
    Views:
    346
  5. Replies:
    7
    Views:
    572
    Moe Trin
    Feb 7, 2006
Loading...

Share This Page