malderton
Flexera
Flexera

What security have users placed around the ManageSoftRET$ and mgsRET$ network shares ?

Jump to solution
Hi, We have heard that a number of companies security teams have added extra security around the network shares ManageSoftRET$ and mgsRET$ . We are not of the opinion that this is strictly necessary. In order to improve our understanding can I ask the user group, if you do add anything to the standard build, can you tell us what you do about these shares ?
1 Solution
DAWN
Flexera
Flexera
The "default" entry for this is "Everyone" AND "Anonymous Logon" with "Read-only". Since the typical use case is utilizing a Discovery and Inventory Task to target Remote Devices for Adoption or FlexNet Inventory utilized by Windows Machines - there are 2 common scenarios. 1) If this methodology isn't utilized, some customers remove the share 2) If it is utilized, it is common to change the security to remove Anonymous Logon at a minimum - and occasionally Everyone and only allow "Authenticated Users" - forcing that an actual Domain login occur.

View solution in original post

3 Replies
DAWN
Flexera
Flexera
The "default" entry for this is "Everyone" AND "Anonymous Logon" with "Read-only". Since the typical use case is utilizing a Discovery and Inventory Task to target Remote Devices for Adoption or FlexNet Inventory utilized by Windows Machines - there are 2 common scenarios. 1) If this methodology isn't utilized, some customers remove the share 2) If it is utilized, it is common to change the security to remove Anonymous Logon at a minimum - and occasionally Everyone and only allow "Authenticated Users" - forcing that an actual Domain login occur.

View solution in original post

ChrisG
Community Manager Community Manager
Community Manager

@DAWN - Do you have any insight into the type of threat or attack that people are trying to guard against by removing the shares or requiring authentication to access them?

(Did my reply solve the question? Click "ACCEPT AS SOLUTION" to help others find answers faster. Liked something? Click "KUDO". Anything expressed here is my own view and not necessarily that of my employer, Flexera.)
0 Kudos
Typically, this is reducing the ability of a hacker to push some sort of executable file that could be accessed through any user login to elevate privs. Readonly is good - but you usually don't want to allow anonymous login to the Windows Shares unless absolutely necessary. This would be a multi-prong attack scenario - but you want to close every avenue of access that's not needed. Or at least reduce the users that can have any access to that share. It's a typical sysadmin hardening task to ensure least privs.