Re: Permissions on C:\WINNT

From: Shawn (greyhat@attbi.com)
Date: 05/30/02


From: "Shawn" <greyhat@attbi.com>
Date: Thu, 30 May 2002 02:46:08 GMT


> Following a security review it was reported that our NT 4 servers have the
> Everybody, Full Control permissions set on C:\WINNT. This was considered
as
> a security risk even though users cannot connect to this admin share.

Are you running IIS from this server? They can't connect to the admin share,
what about IPC$?

> The servers were built with a standard install, hence, these permissions
> were set by the OS at install time?? Are these permissions correct? If
> not, what should they be?

Yes, these permissions are set during the default install of the os. You
might try here: http://www.users.fast.net/~lmahmud/index4.html. That should
get you started. Unless special circumstances apply, I'd remove EVERYONE
from these directories period. Hope that gets you started.

--
Shawn
www.intrusiondefense.com



Relevant Pages

  • Re: Error "The system cannot find the file specified" on files
    ... I will see if my customer can do this for me as I cannot easily get physical ... both of these servers are domain controllers. ... command line utilities and GUI tools, tried to set permissions. ... Security tab in Windows Explorer doesn't appear. ...
    (microsoft.public.windows.file_system)
  • Re: Cant Mount Public Store
    ... Edit to the Exchange Domain Servers group to the servers that own the public ... This sounds like a permissions problem. ...
    (microsoft.public.exchange.setup)
  • Cant Mount the Public Store
    ... Edit to the Exchange Domain Servers group to the servers that own the public ... This sounds like a permissions problem. ...
    (microsoft.public.exchange.admin)
  • Re: Testing configurations
    ... Let say you are using shares. ... Read" then Any user will have read permissions while if DC2 share only has ... > Users are created on both servers. ... >> Microsoft MVP - Windows Security ...
    (microsoft.public.windows.server.networking)
  • Re: What built in group will allow users to restart services on a
    ... You need to either use a utility like NTrights from the reskit, ... > Is ther another place to add permissions for them. ... >> large farms of servers needing this change. ... >>> We have a help desk that from time to time needs access to restart ...
    (microsoft.public.win2000.security)