Re: NTFS default special permissions



On 2007-08-22 Robert McIntyre wrote:
On my Windows 2003 servers we create a data partition and format it
with NTFS. The default permissions for Users are Read & Execute, List
Folder Contents, and Read. This is what we want. But the Users
account also gets the special permissions Create Folders\Append Data
and Create Files\Write Data.

From the articles that I have seen on TechNet, the special permissions
are not needed if we only want read access. So why are they there by
default? What purpose do they serve? If we remove the special
permissions will it cause problems?

The only thing that I could think of is that maybe it is needed to
create a temporary file when you open a document for reading.

If you remove those ACEs your users will be unable to create files and
folders on that partition. That may cause problems e.g. in cases when
they need to open files with progams like MS Word, because Word creates
temp files in the same directory as the document.

Regards
Ansgar Wiechers
--
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq



Relevant Pages

  • Re: Minimum NTFS Permissions - Theres such a thing???
    ... ?2001 Microsoft Corporation. ... HOW TO: Set Minimum NTFS Permissions Required for IIS 5.0 to Work WGID:198 ... " List Folder Contents" ...
    (microsoft.public.inetserver.iis.security)
  • Re: Unable to delete orphaned 1.5 GB System Restore folder
    ... The fact that the tech support is based in India has nothing to do with the ... If so you may want to leave this folder alone. ... down to all children folders because i can set those permissions to ... try deleting from the command line using system by using the AT ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Unable to delete orphaned 1.5 GB System Restore folder
    ... The only computers i fix are my own. ... If so you may want to leave this folder alone. ... it includes all subdirectories with inherited permissions. ... try deleting from the command line using system by using the AT ...
    (microsoft.public.windowsxp.security_admin)
  • Re: share folder permissions
    ... B Group -> Read only permissions over ALL the sub-folders and files ... List Folder Contents, Read, and Write. ... Usually we just add Domain Admins FC, and Authenticated Users, Change. ... Then whatever is set in the folder structure using NTFS will dicate their effective permissions. ...
    (microsoft.public.windows.server.networking)
  • Re: Word mail merge data source
    ... "Peter Jamieson" wrote: ... Word on it) then there may be a problem if the folder containing the data ... Word builds a connection string. ... superset of other users' permissions - for example, ...
    (microsoft.public.word.vba.general)