Hello, I wondered if you could help me with putting into place a secure source share with the correct Share and NTFS permissions.
The reason I ask is the permissions currently are a bit of a mess and I have picked up this project.
So what am i talking about?
The content source share that holds OSD content such as Images, Drivers, Applications such as Dell CCTK & Bios Updates. (This IS NOT any of the default SCCM folders (SMS***, Content Library etc) that are created during installation)
We have a Primary Site Server with MP and DP roles and a remote server with MP and DP roles.
From my understanding this folder is used as a source location for package creation and adding Images etc into SCCM and obviously has no relation to client distribution.
Share is \\Primarysiteserver\Source
Within this share we have an Application folders (Contains Dell CCTK and BIOS upgrades), OSD Folder which contains Images, Boot images, DriverSources, DriverPackages (during driver import you create a driver package and specify the package path)
What i need to know is what permissions should be on the actual share and then what permissions should be set via NTFS?
So for example, We will have a group of users who will administrate ConfigMgr (adding & updating packages, images, drivers etc)
What permissions on the actual share need to be there for (administrator users, and for Sccm site servers to be able to read this source content location and then what permissions for NTFS.
Source (share) (\\Primarysiteserver\Source)
---- Dell CCTK
---- BIOS (within this we have sub folders for each model)
---- Boot Images
I just need to know at the share level what needs granting and what needs granting at the NYFS granular level. Hoping to get this sorted by Monday. :)
Everyone = Full
Local Admins = Full
System = Full (because the source directory is on the primary site server?)
SCCM Admins = Full (users who work on sccm)
Network Accesss Account = Read
I do I need to add the primary site servers AD computer account to this aswell?
Would this stop everyone except those stated in NTFS from being able to see the contents within the subfolders of the source share?
Any help is greatly appreciated.