Re: Access Control to Drives

From: Arek Iskra [MVP] (NoSpam_arek_at_arekiskra.com)
Date: 09/25/05


Date: Sun, 25 Sep 2005 18:52:30 +0800


"Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
news:OWwinhRwFHA.624@TK2MSFTNGP11.phx.gbl...
> Just to clarify in Windows 2000 if you dig further you should see that
> everyone has full control only to the root/drive folder for the system
> drive. If you look under the \winnt folder for instance that should not be
> the case. MS did change that behavior in XP/2003 and I agree with what
> Arek suggests though you may want to remove everyone and users and replace
> with authenticated users for read/list/execute. The mysterious sid is a
> user or group that the operating system no longer has a name to map to.
> For a non domain computer you could safely remove the sid from permissions
> lists. Usually this happens when a user or group was created and then
> deleted from users and groups but still remains in permissions and/or user
> rights lists. The link below is to a KB article that discusses the root
> folder excessive permissions in Windows 2000. --- Steve
>
> http://support.microsoft.com/?scid=327522
>

Thanks a lot Steve for clarification. Yup, adding Authenticated Users is yet
another way to deal with this scenario.

-- 
Arek Iskra
MVP for Windows Server - Software Distribution