Call 1 (201) 549-9007 (US) | +91 - 931-062-4042 (WhatsApp) Email: [email protected]

Windows End Point Security – Part 3

Welcome Everyone,

It is the 3rd Part of the Blog in our Series of Windows Endpoint Security, Today we will discuss Securing the Windows Share in Active Directory.

Assigning unwanted permissions for a user in a shared directory will guide the attacker to carry out numerous ways of accessing the shares.

It is our responsibility to secure the Active Directory Shares by restricting the Permission.

Let's do it.

Here I have an Active Directory Controller set up with a Domain ready.

Open Server Manager

Click on File and Storage Services

Click on Shares in the Left pan

You can see shares if you have one already, otherwise we will create one.

Click on Tasks–> New Share.

Click on SMB Share-Quick option and click Next

Select the Server name and the Volume that you want to share here am selecting D.

Give a share Name, here it is FinanceData and click Next.

Enable access based Enumeration in the configure share settings window.

Click on Customize permissions button

In the Advanced Security Settings for Finance Data wind

ow. Click Disable Inheritance.

Here we are disabling the Inheritance that came with administrator permission on folders and subfolders and we will give explicit permissions.

Click on Convert Inherited Permissions into Explicit permissions on this Object.
The purpose of this option is to apply explicit permission for the share.

You can see that CND\Users has permissions to read, write, and Special permissions. Will remove it by selecting them.

Click on Apply and Ok

Click Next and Click on Create.

Share has been created successfully, click on Close.

Go to Tools menu from the main menu, then select Active Directory Users and Computers.

Select Finance OU –> FinanceUsers and Right Click on it and Select New –> Group

Assign the Name: Finance Data
Group Scope: Global
Group Type: Security

We have successfully added the FinanceData Security Group\

Next, we will add the users to the security group

SHARE

8 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

X