Aleksa Pavletic
New Member
How to limit anybody on server to change file types ranaming if it is possible in shared directories on internal network?
Cryptolocker
- Thread starter Aleksa Pavletic
- Start date
A. File structure: fat32 supports; Administrator, guest and Anonymous… for windows (after Vista) you need at least NTFS,
B. Accounts:
1. Anonymous = any one and in todays world is only used on the internet… even then, its considered dangerous and being fazed out.
2. Everyone = all accounts currently stored on the server have the same rights and restrictions which are specified as needed… typically only used as a tool to unlock stubborn files.
3. Trusted installer (windows 8 and above) = Microsoft… yes you can take control away from them but Microsoft only "trusts" themselves now-days so things like windows updates can be buggered by removing this setting.
4. Owner = the account which created the file or first installed the program/ roll… this is dangerous to use in business and should be avoided.
Scenarios: where the owner has moved on/ been sacked can become a problem when someone else is hired/ contracted to adjust servers weeks (sometimes years) later.
5. "Built in"= after xp the administrator was broken up into smaller accounts eg, dns administrator, domain administrator etc… this system is a mess to administer beyond 5-10 accounts and largely ignored by everyone not currently working for Microsoft.
6. Group policy (security) accounts = custom made account structure which can be tailored to fit the business scenario.
Eg, All_stuff is a group that everyone in the company belongs to and used to send out flyers/ general emails or allows read access to things such as help and safety information.
Department_admin and [insert]department_staff groups allows read/ wright access to files stored in their shared dives… the decision to allow the bosses more control over files than other members of staff is debatable because (at least ime) the boss is often there to administer the staff and has no real clue what happens at the technical level.
B. Accounts:
1. Anonymous = any one and in todays world is only used on the internet… even then, its considered dangerous and being fazed out.
2. Everyone = all accounts currently stored on the server have the same rights and restrictions which are specified as needed… typically only used as a tool to unlock stubborn files.
3. Trusted installer (windows 8 and above) = Microsoft… yes you can take control away from them but Microsoft only "trusts" themselves now-days so things like windows updates can be buggered by removing this setting.
4. Owner = the account which created the file or first installed the program/ roll… this is dangerous to use in business and should be avoided.
Scenarios: where the owner has moved on/ been sacked can become a problem when someone else is hired/ contracted to adjust servers weeks (sometimes years) later.
5. "Built in"= after xp the administrator was broken up into smaller accounts eg, dns administrator, domain administrator etc… this system is a mess to administer beyond 5-10 accounts and largely ignored by everyone not currently working for Microsoft.
6. Group policy (security) accounts = custom made account structure which can be tailored to fit the business scenario.
Eg, All_stuff is a group that everyone in the company belongs to and used to send out flyers/ general emails or allows read access to things such as help and safety information.
Department_admin and [insert]department_staff groups allows read/ wright access to files stored in their shared dives… the decision to allow the bosses more control over files than other members of staff is debatable because (at least ime) the boss is often there to administer the staff and has no real clue what happens at the technical level.
