This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject

The Community is now in read-only mode to prepare for the launch of the new Flexera Community. During this time, you will be unable to register, log in, or access customer resources. Click here for more information.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

What security have users placed around the ManageSoftRET$ and mgsRET$ network shares ?

Jump to solution
malderton
By Level 5 Flexeran
Level 5 Flexeran
Hi, We have heard that a number of companies security teams have added extra security around the network shares ManageSoftRET$ and mgsRET$ . We are not of the opinion that this is strictly necessary. In order to improve our understanding can I ask the user group, if you do add anything to the standard build, can you tell us what you do about these shares ?

‎Apr 24, 2019 09:15 AM - edited ‎Apr 25, 2019 01:22 AM

(1) Solution

Jump to solution
DAWN
By Level 5 Flexeran
Level 5 Flexeran
The "default" entry for this is "Everyone" AND "Anonymous Logon" with "Read-only". Since the typical use case is utilizing a Discovery and Inventory Task to target Remote Devices for Adoption or FlexNet Inventory utilized by Windows Machines - there are 2 common scenarios. 1) If this methodology isn't utilized, some customers remove the share 2) If it is utilized, it is common to change the security to remove Anonymous Logon at a minimum - and occasionally Everyone and only allow "Authenticated Users" - forcing that an actual Domain login occur.

View solution in original post

‎Apr 26, 2019 12:30 PM

(3) Replies

Jump to solution
DAWN
By Level 5 Flexeran
Level 5 Flexeran
The "default" entry for this is "Everyone" AND "Anonymous Logon" with "Read-only". Since the typical use case is utilizing a Discovery and Inventory Task to target Remote Devices for Adoption or FlexNet Inventory utilized by Windows Machines - there are 2 common scenarios. 1) If this methodology isn't utilized, some customers remove the share 2) If it is utilized, it is common to change the security to remove Anonymous Logon at a minimum - and occasionally Everyone and only allow "Authenticated Users" - forcing that an actual Domain login occur.

‎Apr 26, 2019 12:30 PM

Jump to solution
ChrisG
By Level 20 Flexeran
Level 20 Flexeran
In response to DAWN

@DAWN - Do you have any insight into the type of threat or attack that people are trying to guard against by removing the shares or requiring authentication to access them?

(Did my reply solve the question? Click "ACCEPT AS SOLUTION" to help others find answers faster. Liked something? Click "KUDO". Anything expressed here is my own view and not necessarily that of my employer, Flexera.)

‎Apr 27, 2019 12:05 AM

0 Kudos

Jump to solution
DAWN
By Level 5 Flexeran
Level 5 Flexeran
In response to ChrisG
Typically, this is reducing the ability of a hacker to push some sort of executable file that could be accessed through any user login to elevate privs. Readonly is good - but you usually don't want to allow anonymous login to the Windows Shares unless absolutely necessary. This would be a multi-prong attack scenario - but you want to close every avenue of access that's not needed. Or at least reduce the users that can have any access to that share. It's a typical sysadmin hardening task to ensure least privs.

‎Apr 29, 2019 08:36 AM