Re: Permissions on C:\WINNT

From: Shawn (
Date: 05/30/02

From: "Shawn" <>
Date: Thu, 30 May 2002 02:46:08 GMT

> Following a security review it was reported that our NT 4 servers have the
> Everybody, Full Control permissions set on C:\WINNT. This was considered
> a security risk even though users cannot connect to this admin share.

Are you running IIS from this server? They can't connect to the admin share,
what about IPC$?

> The servers were built with a standard install, hence, these permissions
> were set by the OS at install time?? Are these permissions correct? If
> not, what should they be?

Yes, these permissions are set during the default install of the os. You
might try here: That should
get you started. Unless special circumstances apply, I'd remove EVERYONE
from these directories period. Hope that gets you started.