cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Flexera malderton
Flexera

What security have users placed around the ManageSoftRET$ and mgsRET$ network shares ?

Jump to solution
Hi, We have heard that a number of companies security teams have added extra security around the network shares ManageSoftRET$ and mgsRET$ . We are not of the opinion that this is strictly necessary. In order to improve our understanding can I ask the user group, if you do add anything to the standard build, can you tell us what you do about these shares ?
Tags (1)
1 Solution

Accepted Solutions
Flexera DAWN
Flexera

Re: What security have users placed around the ManageSoftRET$ and mgsRET$ network shares ?

Jump to solution
The "default" entry for this is "Everyone" AND "Anonymous Logon" with "Read-only". Since the typical use case is utilizing a Discovery and Inventory Task to target Remote Devices for Adoption or FlexNet Inventory utilized by Windows Machines - there are 2 common scenarios. 1) If this methodology isn't utilized, some customers remove the share 2) If it is utilized, it is common to change the security to remove Anonymous Logon at a minimum - and occasionally Everyone and only allow "Authenticated Users" - forcing that an actual Domain login occur.
3 Replies
Flexera DAWN
Flexera

Re: What security have users placed around the ManageSoftRET$ and mgsRET$ network shares ?

Jump to solution
The "default" entry for this is "Everyone" AND "Anonymous Logon" with "Read-only". Since the typical use case is utilizing a Discovery and Inventory Task to target Remote Devices for Adoption or FlexNet Inventory utilized by Windows Machines - there are 2 common scenarios. 1) If this methodology isn't utilized, some customers remove the share 2) If it is utilized, it is common to change the security to remove Anonymous Logon at a minimum - and occasionally Everyone and only allow "Authenticated Users" - forcing that an actual Domain login occur.
Community Manager ChrisG Community Manager
Community Manager

Re: What security have users placed around the ManageSoftRET$ and mgsRET$ network shares ?

Jump to solution

@DAWN - Do you have any insight into the type of threat or attack that people are trying to guard against by removing the shares or requiring authentication to access them?

(Anything expressed here is my own view and not necessarily that of my employer, Flexera. If my reply answers a question you have raised, please click "ACCEPT AS SOLUTION".)
0 Kudos
Flexera DAWN
Flexera

Re: What security have users placed around the ManageSoftRET$ and mgsRET$ network shares ?

Jump to solution
Typically, this is reducing the ability of a hacker to push some sort of executable file that could be accessed through any user login to elevate privs. Readonly is good - but you usually don't want to allow anonymous login to the Windows Shares unless absolutely necessary. This would be a multi-prong attack scenario - but you want to close every avenue of access that's not needed. Or at least reduce the users that can have any access to that share. It's a typical sysadmin hardening task to ensure least privs.