My manager has always advised us to limit the permissions of non-administrative file shares from "Everyone" to "Domain Users" to help stop the spread of viruses such as W32/Autorun. While its seems logical to restrict access with system and anonymous credentials a I've been asked to produce some documentation on this so we can get an SOP created and approved before a CAB committee.
Does anyone know where I can find documentation on this? Is this something that McAfee recommends?
Thanks for your help.
One potential issue of not using Everyone is that home users that use a VPN and are not using a computer that is using domains (such as just a basic home computer) may not be able to easily connect to the shares. You then need to do something like "Net use \\server\share /user:domain\login" or "net use x: \\server\share /user:domain\login".