Re: "Everyone group"

From: Daniel Billingsley (dbillingsley@NO.durcon.SPAAMM.com)
Date: 02/24/03 

From: "Daniel Billingsley" <dbillingsley@NO.durcon.SPAAMM.com>
Date: Mon, 24 Feb 2003 09:35:18 -0500

I think a little clarification is in order between these two posts. sgopus,
I think you may have misunderstood a couple things the previous poster said
(or at least you interpreted them differently than I did) and I think your
post could be slightly misleading.

If you're suggesting that the Everyone group itself should not be deleted,
that doesn't mean it needs to be used for a particular folder's share or
ntfs permissions. Two separate things.

Share permissions don't really mean squat on an NTFS volume. Everyone with
full permissions on the share isn't going to allow anything the ntfs
permissions don't. And I think this is one of the basic principles that
every administrator should understand and follow with religious fervor -
ALWAYS use ntfs permissions to control access, including on shares.

"sgopus" <fredd@hotmail.com> wrote in message
news:016601c2db95$25e3a080$a301280a@phx.gbl...
> Chill my man, the everyone group is necessary.
> However a better definition of FULL permissions is in
> order. it already sounds as if this person is not familiar
> with groups/permissions.
>
> If you have checked that all users must enter a password
> to use this computer, (W2K) then everyone is still needed
> for group control and policies.
>
>
>
>
> >-----Original Message-----
> >First of all : Never, for the love of God, ever leave
> >every one in a security or sharing with full access. This
> >only tells Win2k that anybody, who is either on your
> >network or the net, has access to the computer/folder
> >shared.
> >
> >2nd, to remedy this situation, remove Everyone from the
> >security window, then add DomainUsers and DomainAdmins;
> >doing so will only let those 2 groups to access the
> >network ressources, and prevent people from freely coming
> >in.
> >
> >>-----Original Message-----
> >>Hello,
> >>
> >>Is it necessary to leave the Everyone group with full
> >>permissions? What exactly is this group's function, and
> >>can it be removed entirely?
> >>
> >>Thank you,
> >>
> >>Shelton
> >>.
> >>
> >.
> >

Relevant Pages

  • Re: "Everyone group"
    ... two posts. ... >Share permissions don't really mean squat on an NTFS ... >ALWAYS use ntfs permissions to control access, ...
    (microsoft.public.win2000.security)
  • Re: NTFS and shared permissions
    ... > I have a few questions about NTFS permissions and share that I hope ... I know that NTFS permissions are applied to ... NTFS permissions are of course needed for control of accounts ... down from a more broad NTFS grant). ...
    (microsoft.public.security)
  • Re: Need Help on Assigning Specific Permissions to Shares
    ... can not be changed which would leave only ntfs permissions to control ... in groups to have necessary ntfs permissions. ... XP uses simple file sharing by default. ... > XP Pro but it doesn't say it works in Home edition. ...
    (microsoft.public.windowsxp.security_admin)
  • RE: Migrating File servers
    ... shared permissions separately. ... For NTFS permissions, we can use the Windows 2000 Resource Kit tool ... Copy all the data from the old file server to target file server. ...
    (microsoft.public.windows.server.migration)
  • Re: recovering NTFS volumes
    ... If ntfs permissions are not being copied when data is backed up then I believe it ... If the files did not include the administrators group ... but instead a user/group unique to the operating system that is was backed up from, ...
    (microsoft.public.win2000.security)