Re: Access Control to Drives

From: Arek Iskra [MVP] (
Date: 09/25/05

Date: Sun, 25 Sep 2005 18:52:30 +0800

"Steven L Umbach" <> wrote in message
> Just to clarify in Windows 2000 if you dig further you should see that
> everyone has full control only to the root/drive folder for the system
> drive. If you look under the \winnt folder for instance that should not be
> the case. MS did change that behavior in XP/2003 and I agree with what
> Arek suggests though you may want to remove everyone and users and replace
> with authenticated users for read/list/execute. The mysterious sid is a
> user or group that the operating system no longer has a name to map to.
> For a non domain computer you could safely remove the sid from permissions
> lists. Usually this happens when a user or group was created and then
> deleted from users and groups but still remains in permissions and/or user
> rights lists. The link below is to a KB article that discusses the root
> folder excessive permissions in Windows 2000. --- Steve

Thanks a lot Steve for clarification. Yup, adding Authenticated Users is yet
another way to deal with this scenario.

Arek Iskra
MVP for Windows Server - Software Distribution