Re: Permissions on C:\WINNT

From: Shawn (greyhat@attbi.com)
Date: 05/30/02


From: "Shawn" <greyhat@attbi.com>
Date: Thu, 30 May 2002 02:46:08 GMT


> Following a security review it was reported that our NT 4 servers have the
> Everybody, Full Control permissions set on C:\WINNT. This was considered
as
> a security risk even though users cannot connect to this admin share.

Are you running IIS from this server? They can't connect to the admin share,
what about IPC$?

> The servers were built with a standard install, hence, these permissions
> were set by the OS at install time?? Are these permissions correct? If
> not, what should they be?

Yes, these permissions are set during the default install of the os. You
might try here: http://www.users.fast.net/~lmahmud/index4.html. That should
get you started. Unless special circumstances apply, I'd remove EVERYONE
from these directories period. Hope that gets you started.

--
Shawn
www.intrusiondefense.com