+ Post New Thread
Results 1 to 9 of 9
Mac Thread, Mac's and Windows security in Technical; Good Evening, It's just been flagged up to me that a member of staff can view all other members of ...
  1. #1

    Join Date
    Jul 2010
    Posts
    17
    Thank Post
    1
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Mac's and Windows security

    Good Evening,

    It's just been flagged up to me that a member of staff can view all other members of staff's Windows file Server files on our AD integrated macs - Security on the Windows shared are set correctly - why is it that this user can completely 'bypass' windows security and view these files? and how can I stop this happening?

    I'd love to know..

  2. #2

    Join Date
    Jan 2013
    Location
    Romford
    Posts
    174
    Thank Post
    61
    Thanked 34 Times in 27 Posts
    Rep Power
    9
    Is this isolated to the one member of staff or is it every user in that security group?

  3. #3

    seawolf's Avatar
    Join Date
    Jan 2010
    Posts
    969
    Thank Post
    12
    Thanked 283 Times in 217 Posts
    Blog Entries
    1
    Rep Power
    175
    If users on the Macs can access other staff members home drive files then the Windows security permissions are NOT set correctly on the share(s), full stop. The Macs are just revealing an existing security flaw.

    Now, if they can just SEE the top level folders, but have no access to them that's a bit different.

  4. #4

    Join Date
    Jul 2010
    Posts
    17
    Thank Post
    1
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Hi..

    looks like all staff that logon to the macs are given 'read modify' rights in OS X on any folder on our staff shared area - which is a bit of an issue really! Looking at the window server share security in Windows on the folder it reads..

    creator owner has special permissions
    system - full permissions
    domain User whose folder it is (eg BloggsJ) - full permissions
    Local Administrators (server) - full permissions
    Local Users (server) - Read Execute

  5. #5

    Join Date
    Jul 2010
    Posts
    17
    Thank Post
    1
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    I'm connecting using the directory utility mapping the home drive share as specified in AD - I wouldn't doubt that Windows security is the key to this, I'll give the 'effective permissions' tool a go and see what I can find..

  6. #6

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,940
    Thank Post
    886
    Thanked 1,693 Times in 1,472 Posts
    Blog Entries
    12
    Rep Power
    447
    I would remove Local Users from the permissions. Its not needed. Not 100% without checking but i think the group Domain Users is a member of Local Users so that is what could be causing it.

  7. #7

    seawolf's Avatar
    Join Date
    Jan 2010
    Posts
    969
    Thank Post
    12
    Thanked 283 Times in 217 Posts
    Blog Entries
    1
    Rep Power
    175
    Quote Originally Posted by doombadger View Post
    Hi..

    looks like all staff that logon to the macs are given 'read modify' rights in OS X on any folder on our staff shared area - which is a bit of an issue really! Looking at the window server share security in Windows on the folder it reads..

    creator owner has special permissions
    system - full permissions
    domain User whose folder it is (eg BloggsJ) - full permissions
    Local Administrators (server) - full permissions
    Local Users (server) - Read Execute
    You really shouldn't have "Local Users (server)" with permissions to this share. This is the cause of the issue.

    EDIT: @FN-GM beat me to it.
    Last edited by seawolf; 25th March 2014 at 10:05 PM.

  8. #8

    Join Date
    Jul 2010
    Posts
    17
    Thank Post
    1
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Ok.. I've removed permissions for local users for the share - great that clears up the issue of viewing the folders, but I it has highlighted two other issues - one, users in the AD staff group now cannot access their drives at all and that the Windows Server now cannot browse Active Directory for me to add in the staff group to sharing permissions.

  9. #9

    seawolf's Avatar
    Join Date
    Jan 2010
    Posts
    969
    Thank Post
    12
    Thanked 283 Times in 217 Posts
    Blog Entries
    1
    Rep Power
    175

    Mac's and Windows security

    What version of Windows server are you using? We don't have local users permissions set on any shares and do not experience these issues, not have I seen them. We are on 2008 R2.

    Edit: What is the directory structure of your shares? How many levels down from the root of the drive are they?
    Last edited by seawolf; 26th March 2014 at 11:18 AM.

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 6
    Last Post: 8th January 2013, 10:53 AM
  2. Replies: 22
    Last Post: 29th July 2011, 05:54 PM
  3. Help with Mac's and Windows
    By wellscs in forum Mac
    Replies: 1
    Last Post: 21st June 2010, 09:19 AM
  4. Replies: 20
    Last Post: 25th January 2007, 10:28 AM
  5. Macs and Windows 2003 Server
    By pantscat in forum Mac
    Replies: 9
    Last Post: 12th October 2005, 09:12 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •