RE: Windows 2000's Everyone permission
From: Michael R. White (michael.white@lmscae.com)Date: 08/23/01
- Previous message: akomolafe: "Re: Windows 2000's Everyone permission"
- In reply to: Douglas Cohn: "RE: Windows 2000's Everyone permission"
- Next in thread: Laura A. Robinson: "Re: Windows 2000's Everyone permission"
- Next in thread: Jerry Roy: "RE: Windows 2000's Everyone permission"
- Next in thread: akomolafe: "Re: Windows 2000's Everyone permission"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Michael R. White" <michael.white@lmscae.com> To: "FOCUS-MS@SECURITYFOCUS.COM" <FOCUS-MS@securityfocus.com> Subject: RE: Windows 2000's Everyone permission Date: Wed, 22 Aug 2001 17:26:43 -0500 Message-ID: <NEBBKFNEMKHLMEOEHJPMCEGGDNAA.michael.white@lmscae.com>
Here ya go, guys.
This is straight out of the MSPress Win2K Pro
Training Kit.
"Strategies for Combining Shared Folder Permissions
and NTFS Permissions
One strategy for providing access to resources on an
NTFS volume is to share folders with the default shared
folder permissions and then control access by assigning
NTFS permissions. When you share a folder on an NTFS
volume, both shared folder permissions and NTFS
permissions combine to secure file resources.
Shared folder permissions provide limited security for
resources. You gain the greatest flexibility by using
NTFS permissions to control access to shared folders.
Also, NTFS permissions apply whether the resource is
accessed locally or over the network.
When you use shared folder permissions on an NTFS volume,
the following rules apply:
You can apply NTFS permissions to files and subfolders in
the shared folder. You can apply different NTFS permissions
to each file and subfolder that a shared folder contains.
In addition to shared folder permissions, users must have
NTFS permissions for the files and subfolders that shared
folders contain to gain access to those files and
subfolders. This is in contrast to FAT volumes where
permissions for a shared folder are the only permissions
protecting files and subfolders in the shared folder.
When you combine shared folder permissions and NTFS
permissions, the more restrictive permission is always
the overriding permission."
Have a Blessed day!!
Michael
LMSCADSI
I would like to see this information as well. We have always used the
share permissions only since there should be no way to gain direct
access to the drives remotely and none of our servers have physical
access available.
Doug
-----Original Message-----
From: akomolafe
Sent: Wed 8/22/2001 2:45 PM
To: michael.white@lmscae.com; 'FOCUS-MS@SECURITYFOCUS.COM'
Cc:
Subject: Re: Windows 2000's Everyone permission
"leave share perms as they stand"? Which Microsoft document says
that?
Deji
----- Original Message -----
From: "Michael R. White" <michael.white@lmscae.com>
To: "'FOCUS-MS@SECURITYFOCUS.COM'" <FOCUS-MS@securityfocus.com>
Sent: Wednesday, August 22, 2001 11:09 AM
Subject: RE: Windows 2000's Everyone permission
> You have be careful where you make the permissions
modifications, share
> perms (sharing tab) and/or NTFS perms (security tab). Mixing
the perms
will
> create problems remotely. Microsoft's recommendation is to
leave share
> perms as they stand, and modify NTFS perms as you see fit.
This covers
> remote and local access without confusing your perms.
>
> Regards,
>
> Michael
> LMSCADSI
>
>
> -----Original Message-----
> From: Damon Brinkley [mailto:damon@betcoinc.com]
> Sent: Wednesday, August 22, 2001 9:58 AM
> To: 'phoebe'; 'FOCUS-MS@SECURITYFOCUS.COM'
> Subject: RE: Windows 2000's Everyone permission
>
>
> The first thing I do when I install a Windows 2000 OS is to
remove the
> permissions Everyone has to everything on the system. I then
go back and
> create users and groups and give them permissions as needed.
I don't know
> why Microsoft has the default giving the Everyone group those
permissions
> but I think they should be removed upon installing for obvious
security
> reasons.
>
> -----Original Message-----
> From: phoebe [mailto:phoebe@tollon.net]
> Sent: Wednesday, August 22, 2001 7:02 AM
> To: 'FOCUS-MS@SECURITYFOCUS.COM'
> Subject: Windows 2000's Everyone permission
>
>
> Hi all,
>
> Could someone give me some advice if I remove the permission
as below,
>
> - Everyone at root c:\
> - Everyone at c:\winnt\system\*.exe
> - Everyone and Users at c:\winnt\system32\*.cpl
> - Everyone and Users at c:\winnt\system32\*.msc
> - Everyone and Users at c:\winnt\system32\*.msi
>
> But, I will assign "Administrators" and "System" with Full
Control to all
> those files which took "Everyone" out.
>
> Please advice.
>
> Thanks,
>
> Regards,
> Phoebe
>
> ---
> Incoming mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.273 / Virus Database: 143 - Release Date:
8/16/2001
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.273 / Virus Database: 143 - Release Date:
8/16/2001
>
- Previous message: akomolafe: "Re: Windows 2000's Everyone permission"
- In reply to: Douglas Cohn: "RE: Windows 2000's Everyone permission"
- Next in thread: Laura A. Robinson: "Re: Windows 2000's Everyone permission"
- Next in thread: Jerry Roy: "RE: Windows 2000's Everyone permission"
- Next in thread: akomolafe: "Re: Windows 2000's Everyone permission"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
