Windows End Point Security – Part 3
Assigning unwanted permissions for a user in a shared directory will guide the attacker to carry out numerous ways of accessing the shares.
It is our responsibility to secure the Active Directory Shares by restricting the Permission.
Let's do it.
Here I have an Active Directory Controller set up with a Domain ready.
Open Server Manager
Click on File and Storage Services
Click on Shares in the Left pan
You can see shares if you have one already, otherwise, we will create one.
Click on Tasks–> New Share.
Click on SMB Share-Quick option and click Next
Select the Server name and the Volume that you want to share here am selecting D.
Give a share Name, here it is FinanceData, and click Next.
Enable access-based Enumeration in the configure share settings window.
Click on Customize permissions button
In the Advanced Security Settings for Finance Data wind
ow. Click Disable Inheritance.
Here we are disabling the Inheritance that came with administrator permission on folders and subfolders and we will give explicit permissions.
Click on Convert Inherited Permissions into Explicit permissions on this Object.
The purpose of this option is to apply explicit permission for the share.
You can see that CND\Users has permissions to read, write, and Special permissions. Will remove it by selecting them.
Click on Apply and Ok
Click Next and click on Create.
Share has been created successfully, click on Close.
Go to the Tools menu from the main menu, then select Active Directory Users and Computers.
Select Finance OU –> FinanceUsers and Right Click on it and Select New –> Group
Assign the Name: Finance Data
Group Scope: Global
Group Type: Security
We have successfully added the FinanceData Security Group\
Next, we will add the users to the security group