RE: Windows 2000's Everyone permission
From: Michael R. White (michael.white@lmscae.com)Date: 08/23/01
- Previous message: Skinner, Kit: "RE: NT4 User List"
- In reply to: Matthew.van.Eerde@hbinc.com: "RE: Windows 2000's Everyone permission"
- Next in thread: Ayers, Diane: "RE: Windows 2000's Everyone permission"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Michael R. White" <michael.white@lmscae.com> To: <FOCUS-MS@securityfocus.com> Subject: RE: Windows 2000's Everyone permission Date: Thu, 23 Aug 2001 09:05:56 -0500 Message-ID: <NEBBKFNEMKHLMEOEHJPMAEGMDNAA.michael.white@lmscae.com>
This will be my last comment on this subject.
Paul Schmehl,
Great comment by you...I post here to pass on my knowledge and
understanding; not opinions. I subscribe to gain more knowledge and better
understanding.
Jerry Roy,
Thanks for your support...always good to have someone on your side in all of
this.
Deji,
To make this more believable for you, my exerpt was from the MSPress Win2k
Pro Training Kit, Ch 15: Administering Shared Folders, Lesson 4: Combining
Shared Folder Permissions and NTFS Permissions, pg 361-362.
Final comment:
I understand reasons for feeling it necessary to remove Everyone from both
Share and NTFS permissions. However, Microsoft's recommendation comes from
the premise of attempting to simplify administration tasks while minimizing
confusion. It is true that standard users shouldn't have interactive access
to a server, but unfortunately, it is common for small companies to have
multiple people capable of accessing a server for whatever reason. I see it
all the time, and upon recommending to the company owner or office manager,
more often than not, they prefer to leave it as it is. At any rate, if you
set up permissions on your servers through share perms and it works for you,
great. If you use NTFS permissions, great. The bottom line is securing the
resources so users get the level of access required. As long as you're
meeting that goal, you're succeeding.
BTW - Please don't take this as bragging, because I certainly know I'm not a
guru in this field, and I have so much more to learn, but I've been an MCSE
for almost 3 years, and an MCSE Instructor at a local college for two years.
As I enjoy passing on knowledge, I try my best to only respond to those
things I've researched and feel comfortable answering. I leave the rest to
the experts.
God Bless you all!!!
Michael
LMSCADSI
That wouldn't seem to be practical in a file server where each user had a
personal drive. Users would expect to be able to drag a file from their
private drive to a shared location and have anybody else be able to open the
file, but under Microsoft's recommendation they would have the additional
step of editing the permissions on the file (which is maybe too much to
expect of users.)
-----Original Message-----
From: Michael R. White [mailto:michael.white@lmscae.com]
Sent: Wednesday, August 22, 2001 14:40
To: akomolafe; 'FOCUS-MS@SECURITYFOCUS.COM'
Subject: RE: Windows 2000's Everyone permission
Deji,
You can find information on my previouse comment in the Win2K & NT 4
Resource Kits and the MCSE training kits.
I'll find some exerpts and post later if I have time.
Michael
LMSCADSI
From: akomolafe [mailto:deji@prontomail.com]
"leave share perms as they stand"? Which Microsoft document says that?
Deji
----- Original Message -----
From: "Michael R. White" <michael.white@lmscae.com>
To: "'FOCUS-MS@SECURITYFOCUS.COM'" <FOCUS-MS@securityfocus.com>
Sent: Wednesday, August 22, 2001 11:09 AM
Subject: RE: Windows 2000's Everyone permission
> You have be careful where you make the permissions modifications, share
> perms (sharing tab) and/or NTFS perms (security tab). Mixing the perms
will
> create problems remotely. Microsoft's recommendation is to leave share
> perms as they stand, and modify NTFS perms as you see fit. This covers
> remote and local access without confusing your perms.
>
> Regards,
>
> Michael
> LMSCADSI
>
>
> -----Original Message-----
> From: Damon Brinkley [mailto:damon@betcoinc.com]
> Sent: Wednesday, August 22, 2001 9:58 AM
> To: 'phoebe'; 'FOCUS-MS@SECURITYFOCUS.COM'
> Subject: RE: Windows 2000's Everyone permission
>
>
> The first thing I do when I install a Windows 2000 OS is to remove the
> permissions Everyone has to everything on the system. I then go back and
> create users and groups and give them permissions as needed. I don't know
> why Microsoft has the default giving the Everyone group those permissions
> but I think they should be removed upon installing for obvious security
> reasons.
>
> -----Original Message-----
> From: phoebe [mailto:phoebe@tollon.net]
> Sent: Wednesday, August 22, 2001 7:02 AM
> To: 'FOCUS-MS@SECURITYFOCUS.COM'
> Subject: Windows 2000's Everyone permission
>
>
> Hi all,
>
> Could someone give me some advice if I remove the permission as below,
>
> - Everyone at root c:\
> - Everyone at c:\winnt\system\*.exe
> - Everyone and Users at c:\winnt\system32\*.cpl
> - Everyone and Users at c:\winnt\system32\*.msc
> - Everyone and Users at c:\winnt\system32\*.msi
>
> But, I will assign "Administrators" and "System" with Full Control to all
> those files which took "Everyone" out.
>
> Please advice.
>
> Thanks,
>
> Regards,
> Phoebe
>
> ---
> Incoming mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.273 / Virus Database: 143 - Release Date: 8/16/2001
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.273 / Virus Database: 143 - Release Date: 8/16/2001
>
- Previous message: Skinner, Kit: "RE: NT4 User List"
- In reply to: Matthew.van.Eerde@hbinc.com: "RE: Windows 2000's Everyone permission"
- Next in thread: Ayers, Diane: "RE: Windows 2000's Everyone permission"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
