RE: Windows 2000's Everyone permission

From: Chris Davis (chris.davis@computerjobs.com)
Date: 08/23/01


Message-ID: <9B66343BA96A5D4A9D6FBC00181A747D54C9FB@exchange1>
From: Chris Davis <chris.davis@computerjobs.com>
To: 'John Wienand' <JWienand@bna.com>, "'FOCUS-MS@securityfocus.com'" <FOCUS-MS@securityfocus.com>
Subject: RE: Windows 2000's Everyone permission
Date: Thu, 23 Aug 2001 13:19:20 -0400


"What added security measure do you get from this extra administrative
task?"

This one: If a user cannot connect to a share at all, that user does not
know what's in the share.

If that reason doesn't work for you, how about philosophical: If share
permissions are not to be used, why do they exist?

Lots of documentation is wrong lots of times. This is one of those times.

Let's say your NT file server is attached to the internet and has "Everyone
Full Access" shares defined, but you have perfectly secure NTFS permissions.
You do not run any services other than file sharing. By your logic, you do
not need a firewall. You can leave ports 137-139 and 445 wide open? NTFS
will secure everything, right? A firewall would add no protection, since
NTFS is perfectly secure, right?



Relevant Pages

  • Re: FTP control
    ... > I would like to use NTFS security settings to control who ... I would suggest getting a third party FTP server, ... if you set quota and these permissions for that group you can ... Information Server (IIS) Web site, ...
    (microsoft.public.win2000.security)
  • RE: Any way to remove ADMIN$ only?
    ... Mixing the share permissions and the NTFS permissions generally cause ... which means more groups/people access the same shares. ... Along comes another admin that creates a share at a higher level in the ...
    (Focus-Microsoft)
  • Re: W2k and Front Page Security
    ... >> up now using subweb and setting permissions throgh ... >> with NTFS permissions contolling folders.When I set ... >FrontPage managed content areas you do really need to ... >authorship of every groupX subweb in addition ...
    (microsoft.public.win2000.security)
  • Re: Removing "File and Folder tasks"
    ... You can put the computers you want to enforce the NTFS permissions on into ... create a Group Policy to enforce the NTFS ... folder and user profile folders because if you incorrectly apply NTFS ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Removing "File and Folder tasks"
    ... create a Group Policy to enforce the NTFS ... permissions, and then link it to that OU. ... Do NOT attempt to apply NTFS ... folder and user profile folders because if you incorrectly apply NTFS ...
    (microsoft.public.windowsxp.security_admin)