Some users may experience issues accessing the case portal. For more information, please click here.

This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
malderton
Level 5 Flexeran
Level 5 Flexeran
‎Apr 24, 2019 09:15 AM

What security have users placed around the ManageSoftRET$ and mgsRET$ network shares ?

Jump to solution
Hi, We have heard that a number of companies security teams have added extra security around the network shares ManageSoftRET$ and mgsRET$ . We are not of the opinion that this is strictly necessary. In order to improve our understanding can I ask the user group, if you do add anything to the standard build, can you tell us what you do about these shares ?
1 Solution
DAWN
Level 5 Flexeran
Level 5 Flexeran
‎Apr 26, 2019 12:30 PM

Jump to solution
The "default" entry for this is "Everyone" AND "Anonymous Logon" with "Read-only". Since the typical use case is utilizing a Discovery and Inventory Task to target Remote Devices for Adoption or FlexNet Inventory utilized by Windows Machines - there are 2 common scenarios. 1) If this methodology isn't utilized, some customers remove the share 2) If it is utilized, it is common to change the security to remove Anonymous Logon at a minimum - and occasionally Everyone and only allow "Authenticated Users" - forcing that an actual Domain login occur.

View solution in original post

This thread has been automatically locked due to inactivity.

To continue the discussion, please start a new thread.
3 Replies
DAWN
Level 5 Flexeran
Level 5 Flexeran
‎Apr 26, 2019 12:30 PM

Jump to solution
The "default" entry for this is "Everyone" AND "Anonymous Logon" with "Read-only". Since the typical use case is utilizing a Discovery and Inventory Task to target Remote Devices for Adoption or FlexNet Inventory utilized by Windows Machines - there are 2 common scenarios. 1) If this methodology isn't utilized, some customers remove the share 2) If it is utilized, it is common to change the security to remove Anonymous Logon at a minimum - and occasionally Everyone and only allow "Authenticated Users" - forcing that an actual Domain login occur.
ChrisG
Community Manager Community Manager
Community Manager
In response to DAWN
‎Apr 27, 2019 12:05 AM

Jump to solution

@DAWN - Do you have any insight into the type of threat or attack that people are trying to guard against by removing the shares or requiring authentication to access them?

(Did my reply solve the question? Click "ACCEPT AS SOLUTION" to help others find answers faster. Liked something? Click "KUDO". Anything expressed here is my own view and not necessarily that of my employer, Flexera.)
0 Kudos
DAWN
Level 5 Flexeran
Level 5 Flexeran
In response to ChrisG
‎Apr 29, 2019 08:36 AM

Jump to solution
Typically, this is reducing the ability of a hacker to push some sort of executable file that could be accessed through any user login to elevate privs. Readonly is good - but you usually don't want to allow anonymous login to the Windows Shares unless absolutely necessary. This would be a multi-prong attack scenario - but you want to close every avenue of access that's not needed. Or at least reduce the users that can have any access to that share. It's a typical sysadmin hardening task to ensure least privs.