Re: Everyone has access to change sharing & security assignments

From: Xaos Flux (xaosflux@bellsouth.net)
Date: 08/15/02 

From: "Xaos Flux" <xaosflux@bellsouth.net>
Date: Wed, 14 Aug 2002 23:02:07 -0400

Sounds like no security was ever set up. The machine drives and the shares
are probably set up as default with the EVERYONE group having full SHARING
and PERMISSIONS. Assuming youre using NTFS drives (if not, convert!) it's
generally OK to leave the everyone on the share permissions, but change the
ntfs permissions to be more restrictive. WARNING: make sure you don't
remove all permissions to the root drives, you should make the administrator
account, the SYSTEM account and the domain admins group at least have FULL
CONTROL. Then set your users to read only, you can then add write rights to
the subfolders they will need.

Good Luck,.

Brian Mulrooney
Network Administrator
Riverside Bank

"Guillermo Zavala" <gte577q@mail.gatech.edu> wrote in message
news:OlENfavQCHA.2752@tkmsftngp10...
> i dont know much about domain administrator groups, but for sure everyone
> have access to everything because of the fact that all of them are domain
> administrators. Once you chnage that they shouldnt have access to
> everything. I dont know how to cange it though
> .
>
>
> "mercedes" <mercedes_king@ureach.com> wrote in message
> news:0dc201c241fc$1ffeee00$35ef2ecf@TKMSFTNGXA11...
> I am not a network administrator and know little about
> networking but we&#8217;re in a situation where we have no
> choice but to have me administer the network and I could
> really do with some help.
> Whoever first set up the network did not create any
> Organizational Units and created all User Accounts as
> members of the Domain Administrators group!
> From what I understand, there really isn&#8217;t a great need to
> create Ous as we only have 6 employees and this will not
> change in the near future.
> I have now put everyone into the Domain Users group.
> Is this a logical move?
> I&#8217;m also very confused as to why any user on any computer
> is able to access the properties of all objects whether
> printers, folders, drives&#8230;etc&#8230; and is able to change the
> sharing and security for the object!!!
> Is this a function of the group they are in?
> How do I prevent them from being able to do this?
> Thanks
> mercedes
>
>
>

Relevant Pages

  • Re: Sharing a computer versus its drives?
    ... administrator can access the "hidden" shares on the remote computer ... hidden administrative shares can be accessed only by administrators. ... separate drives in a peer-to-peer network ... administrator to the connected laptop, including all its drives, rather ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Sharing a computer versus its drives?
    ... administrator can access the "hidden" shares on the remote computer ... hidden administrative shares can be accessed only by administrators. ... administrative rights and network access to. ... connected laptop, including all its drives, rather than having to create ...
    (microsoft.public.windowsxp.security_admin)
  • Is this a true statement
    ... For the network and all computers on the network at ROSS ... ADMINISTRATOR 'C' drive sharing to be turned off. ... the ADMINISTRATIVE Share on all drives are to be left on. ... other software devices can not access these ...
    (microsoft.public.win2000.setup)
  • IS this true
    ... For the network and all computers on the network at ROSS ... ADMINISTRATOR 'C' drive sharing to be turned off. ... the ADMINISTRATIVE Share on all drives are to be left on. ... other software devices can not access these ...
    (microsoft.public.win2000.active_directory)
  • Re: I need Job Blobb
    ... > Windows and Network administratation. ... > In a job I would like to administrate servers, ... > Title: ISP Network Administrator ... > o Building, installation, configuration and tuning ...
    (microsoft.public.cert.exam.mcse)