Security on Y:

Is there a way to make the Y: more secure. The Y: is a shared folder and everyone has access to it. So everyone can go through the Y: in the explorer and see everything.

When i try to secure it by share access, when ever I reboot the server they change.

When some of the Developers are uploading many files they need to acces to the Y:.

So can anyone suggest how your making this Y: more secure.

Thanks

Find more posts tagged with

Comments

Migrateduser

You can remove read access from branch directories (in IFS) for any groups except those you want to access that branch. This will keep unwanted users out of the entire branch. If you do this on main/, it will control the entire backing store.

bw

Bob Walden [bob.walden@interwoven.com]
Interwoven Education Group
IM: Yahoo, MSN bob_walden

Sudheer

Even if the user is not in the group. When he maps the Y: drive on this computer, he can see the entire branch structure and each and every file.
When I right click on the Branch I see the
1.Adminstrators
2.TeamSite Web Preview Group
3.Share group for the Branch

The user is a local account on the server box. But he is not in the any of the group also.

Any idea??
Thanks

Migrateduser

No, if you remove all access to main/ except for the group that should have acess to it, then others who are not in that/those group will be able to navigate no further down than y:\default\. They wil see that main\ exists, but won't be able to open it to explore further.

Make sure when you're removing permissions from the main/ branch's directory, that you remove the "everyone" ACE that is always put there by default. Once you remove that, then only the assigned owner, group for sharing, and webserver_group (should be "teamsite web preview") will have access to main/ and its sub-branches.

Also: make sure no ill-informed but well-intentioned sys admins have added anyone to "teamsite web preview". That group should contain only the TSIMP_hostname account and (perhaps) the IUSER_hostname account, but no actual user accounts.

bw

Bob Walden [bob.walden@interwoven.com]
Interwoven Education Group
IM: Yahoo, MSN bob_walden

Sudheer

Migrateduser

So if i have the branch structure like:

default/main

under it

Communications
Callcenter
Payroll

ok ....when I right click on MAIN I see everyone group. When I try to remove it, It says that the permissions are inherited. So I unchecked the box and COPY the permissions. and then removed the EVERYONE GROUP. Is it the right way?.

::BW: Yes.

Suppose I have a share group for the Workareas called
IW_WA_SHARE_Communications
IW_WA_SHARE_CallCenter
IW_WA_SHARE_Payroll

Do I need to add all of them to the SECURITY of the main??

::BW: If you want them to see and [potentially access] access the branches inside main, yes, those groups will need read access.

And regarding the EVERYONE group. Where should i remove it from exactly and when should i remove it. Now it is inherited to the lowest level and that gorup is on the workarea,staging and Editions also
1. Y:
2. default
3.main

::BW: You should remove it from branches that you don't want full access to, such as main (to block non-ts users), and sub-branches (to block ts users who have access to other branches but not all.)

BTW, see admin docs for iw.cfg re branch_security and workarea_security settings. Turning them on blocks branches and WAs from appearing in the TS gui if the current user has no access to them (instead of the default, which is to show them, but with "NA" next to them.)

bw

Bob Walden [bob.walden@interwoven.com]
Interwoven Education Group
IM: Yahoo, MSN bob_walden