Don't know if this will help, but for my web servers I have a list of valid
files that are permitted on the server.
On a scheduled basis, I run a batch file using XCACLS that first removes all
permissions to the file system and then grants appropriate access to the
list of valid files. So if an invalid file is created NTFS permissions will
be removed within 4 hours.
Jack
> -----Original Message-----
> From: Dirk Wierdemann [mailto:d.wierdemann (at) xcellence-mc (dot) com [email concealed]]
> Sent: Friday, June 27, 2003 8:47 AM
> To: focus-ms (at) securityfocus (dot) com [email concealed]
> Subject: Limiting the creation of new files to specific types.
>
> Hi there,
>
> we have a security-policy that claims that users should only create
> links to files in a given folder.
> Experience shows, that even with a memo send in regular intervalls,
> there are individuals, who "forget" the rule.
> The least stress producing procedure would be not to allow users to
> create other filetypes than the explicitly allowed ones.
> Do you know a way to realise this approach with W2k-Server and
> W2k-Pro-Workstations?
>
> TIA Dirk Wierdemann
> Xcellence Management Consultants GmbH
> http://www.xcellence.de
>
>
> ------------------------------------------------------------------------
--
> ---
> ------------------------------------------------------------------------
--
> ----
This email and its contents may be confidential. If it is and you are not
the intended recipient, please do not disclose or use the information within
this email or its attachments. If you have received this email in error,
please delete it immediately. Thank you.
files that are permitted on the server.
On a scheduled basis, I run a batch file using XCACLS that first removes all
permissions to the file system and then grants appropriate access to the
list of valid files. So if an invalid file is created NTFS permissions will
be removed within 4 hours.
Jack
> -----Original Message-----
> From: Dirk Wierdemann [mailto:d.wierdemann (at) xcellence-mc (dot) com [email concealed]]
> Sent: Friday, June 27, 2003 8:47 AM
> To: focus-ms (at) securityfocus (dot) com [email concealed]
> Subject: Limiting the creation of new files to specific types.
>
> Hi there,
>
> we have a security-policy that claims that users should only create
> links to files in a given folder.
> Experience shows, that even with a memo send in regular intervalls,
> there are individuals, who "forget" the rule.
> The least stress producing procedure would be not to allow users to
> create other filetypes than the explicitly allowed ones.
> Do you know a way to realise this approach with W2k-Server and
> W2k-Pro-Workstations?
>
> TIA Dirk Wierdemann
> Xcellence Management Consultants GmbH
> http://www.xcellence.de
>
>
> ------------------------------------------------------------------------
--
> ---
> ------------------------------------------------------------------------
--
> ----
This email and its contents may be confidential. If it is and you are not
the intended recipient, please do not disclose or use the information within
this email or its attachments. If you have received this email in error,
please delete it immediately. Thank you.
------------------------------------------------------------------------
-----
------------------------------------------------------------------------
------
[ reply ]