Windows Server Security Question

[JimmyConway]

Hey everyone, I have a little problem. At my company we have 7 employees who all have dedicated work stations that are connected to a windows based server that has company wide docs stored. We've had issues with a particular employees workstation being hacked for the second time. We have taken care of the employee misconduct but the issue is that as the server is accessible via "My Computer" the files on the server were also hacked as well. I was wondering if there is a way to possibly password protect the Server Drive that is located in the "My Computer" window to prevent unauthorized people from gaining access to the server even during a possible workstation hack? Any ideas? Thanks!

[NumLock21]

What OS is your server running?

[JimmyConway]

It's Windows based, not sure of the exact version I didn't set up the system.

[Joshua]

On 10/13/2020 at 11:43 PM, JimmyConway said:

Hey everyone, I have a little problem. At my company we have 7 employees who all have dedicated work stations that are connected to a windows based server that has company wide docs stored. We've had issues with a particular employees workstation being hacked for the second time. We have taken care of the employee misconduct but the issue is that as the server is accessible via "My Computer" the files on the server were also hacked as well. I was wondering if there is a way to possibly password protect the Server Drive that is located in the "My Computer" window to prevent unauthorized people from gaining access to the server even during a possible workstation hack? Any ideas? Thanks!

For a network location to appear under "My Computer", it will have had to have been mapped by the user. When a user does this, by default Windows will store their username and password for this mapping in the Credential Manager. Each time they go to access the location, it queries the server with the saved credentials and the server decides if the user should be granted access to this location. If the server is appearing under "Network", turn off Network Discovery for all users or disable the "Function Discovery Provider Host" service on the server.

 

There should be no reason why any organisation should want the user to have to be prompted for credentials each time they map a drive - if a hacker has the user's credentials, then they can also access the share (assuming permissions are granted on a user account basis) 

 

If you have group policy control enabled, e.g. in a domain setting you can turn this off, but I promise you it will make everyone's life hell:

Computer Configuration>Windows Settings>Security Settings>Local Policies>Security Options

3* Find the policy: Network access: Do not allow storage of passwords and credentials for network authentication

The above change WILL solve exactly what you've asked. You could set up the file share to only allow whatever accounts you choose to have access, be they user accounts or specific accounts for this. Have a look at NTFS shares and permissions. 

 

Your question is asking to bandage up a side-effect of gaping security flaws. Nobody should be being hacked. If your users are working physically on machines, have 2-factor. If they are working remotely, the gateway should have 2-factor. If there is TeamViewer or similar enabled, it needs to be protected. It sounds like a business is being run without due care and attention to cyber security, and is also being targeted. It sounds like the IT is being run by people without experience. My best piece of advice: hire an IT Security consultant.