How to secure my MSI mapped folder as a drive letter...
Hoping someone can advise.
I map a drive letter viewable by "everyone" on the network as the V:\ drive.
This is a folder on one of my servers where I create sub-folders to store any MSI's that are deployed using active directory.
Everyones login script contains the line : net use v: \\servername\ShApps
The actual locaton of ShApps being D:\server_apps\utilities
The permissions on this folder are: Administrators & Domain Admins = Full Control; Everyone = Read & Execute, List Folder Contents, Read
Examples of things that get deployed out via AD are Flash, Tarsia, Shockwave, InPrint etc.
I've suddenly realized this location is not locked down by our security policies which restrict which drives allow software to run from & that everyone can view the folders and contents - and obviously run the installations.
If I was to either add the V:\ drive to the security policy or remove the Everyone = Read & Execute, List Folder Contents, Read permissions would the software still install OK when the relevant GPO was applied.
I am thinking yes as it's done before a "user" logs on - unless the "Everyone" element also means the "system" can have permission to execute.