Re: Permissions on C:\WINNTFrom: Shawn (firstname.lastname@example.org)
- Next message: HC: "Re: We've been compromised, now what..."
- Previous message: email@example.com: "Re: We've been compromised, now what..."
- In reply to: Mick Smith: "Permissions on C:\WINNT"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Shawn" <firstname.lastname@example.org> Date: Thu, 30 May 2002 02:46:08 GMT
> Following a security review it was reported that our NT 4 servers have the
> Everybody, Full Control permissions set on C:\WINNT. This was considered
> a security risk even though users cannot connect to this admin share.
Are you running IIS from this server? They can't connect to the admin share,
what about IPC$?
> The servers were built with a standard install, hence, these permissions
> were set by the OS at install time?? Are these permissions correct? If
> not, what should they be?
Yes, these permissions are set during the default install of the os. You
might try here: http://www.users.fast.net/~lmahmud/index4.html. That should
get you started. Unless special circumstances apply, I'd remove EVERYONE
from these directories period. Hope that gets you started.
-- Shawn www.intrusiondefense.com