Scanning for unsecure shared folders

J

Jeff

We have significant issues with viruses and worms because users create
shared folders on their machines with Everyone group having the default full
control permissions. Is there a tool available to scan subnets for PCs with
unsecure shared folders? Is there a way to use Active Directory to prevent
users from sharing folders?

Thanks,

Jeff
 
S

Steven L Umbach

Hi Jeff. There is a tool called LanGuard that you can try for free. It has a
lot of options and you may no want to scan all the options as it will slow
the scan down. You may also find the Microsoft Baseline Security Analyzer to
be of help in securing your machines and it can be used on remote machines.

http://www.gfi.com/languard/
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
tools/mbsahome.asp
http://support.microsoft.com/default.aspx?kbid=320454

Keep in mind that in order to create shares a user must be a power user or
local administrator on their local machine. If you can have them be regular
users, then your network will be more secure. If they are local
administrators, you will have a lot of headaches and have much more
difficult time locking them down. For instance if a user has local
administrator powers, they can create a local machine account to log onto
and bypass any Group Policy user configuration and reconfigure the computer.

If their machines do not need to share resources and you do not need to
manage them remotely, then you can use Group Policy computer configuration
to disable the server service. If you want to remotely manage and they
should not be sharing resources you can control smb access via the user
right for "access this computer from the network" in security policy which
can be managed on a large scale with Group Policy. You can also replace the
everyone and users group on the access this computer from the network with
the authenticated users group for those domain members which will prevent
network access by a guest account if they have been enabled.

In a default installation, the everyone group may have full ntfs permissions
to the root/folder which should be reduced to read/list execute. Another
problem could be weak or no passwords. I would recommend implementing a
password policy that requires complex passwords that is configured at the
domain level.

Worms and viruses can also be an indication of improperly configured
firewall, inadequate virus scanning - particularly for emails, poor internet
securing, users connecting unathorized and unsecured computers such as their
laptops to YOUR network, computers/servers running unecessary services, and
a need to review patching with critical updates that may include SUS or
automatic updates. --- Steve

http://securityadmin.info/faq.asp#harden -- From the FAQ.
http://securityadmin.info/faq.asp#virustoc
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

NTFS and Shared Permissions 3
Adding Domain users on my shared folders 2
Shared folders on Xp cannot be found from Vista 6
unauthorized sharing of folders in Outlook 2007 2
Cannot acces shared files over Network 5
Cannot view shared folders, but can access them directly 1
Shared folders issues 7
Can't access shared folders 3

Top