Data Center Security

Hi there,

End goal: I need to put a file access block on particular shared folder/files  such that the can only be modified by a particular application on a remote server.

Present state: I am using a target policy (fully open template). Initially I had it configured as I thought was correct but it did not work in that local access was blocked but the remote access still allowed modify.  

I rolled back to the situation where I only have the file access block access in the global policy options.  However I am still able to modify the files when browsing from remote server.

I only apply the policy to the server that has the target files.

What am I missing here? Do I need to apply the policy to the remote server also?

I attach a pic of the policy summary.

I'd appreciate any advice.

John

Update:

I have since found that I needed to add the file block to the "Remote File Access Options" sandbox.

This only became available after ticking the "show options normally hidden in the policy" and then going to sandboxes.

So I added the similar block in this sandbox and now the remote access is blocked to the specified file to all users.

However the "Allow modifications to these files"  file rule therein does not give the ability to specify the program or user that is to be allowed.

So it appears that the block is either total or none.

Has anyone a suggestion on how to allow a particular user/app to modify the file while blocking everyone else.

John

Add the application to its own pset/sandbox.

In that new sandbox's general setttings, add the paths of the things that you dont want to be touched in the "Sandbox Application Data Protection" section.

What this means is that NOTHING can touch those resources unless it is in that pset/sandbox.

[Edit:  words]