Re: Converting FAT32 to NTFS resetting permissions

From: Karl Levinson [x y] mvp (levinson_k@despammed.com)
Date: 03/08/03 

From: "Karl Levinson [x y] mvp" <levinson_k@despammed.com>
Date: Fri, 7 Mar 2003 20:25:50 -0500

"Steve" <ste@nospam.com> wrote in message
news:OjSnEAJ5CHA.2424@TK2MSFTNGP09.phx.gbl...
> Hi NG,
>
> Question 1:
>
> I have a few PC's that have Windows2000 installed on them the file system
is
> FAT32 so i converted them to NTFS. I just wanted to know if anybody has a
> list/document of folder permissions for the hard drive because when you
> convert the drive it just adds the everyone group to each folder including
> the WINNT and system32 folders. Or maybe a best practice guide to locking
> down the local hard drive.

The permissions are contained in the security templates setup security.inf
plus basicwk.inf [for a workstation]. You can either edit those templates
using NOTEPAD or MMC [Security Templates snapin] or better yet, just apply
those templates. Note that just applying the setup security.inf template
alone does NOT do what you need. For links to further instructions, search
the FAQ for "basicwk"

http://securityadmin.info/faq.htm

> Question 2:
>
> I want to disable users running scripts but still be able logon scripts to
> execute i tried removing security but this wouldnt execute the logon
scripts
> then.

I"m not aware of an NTFS permission to do this per folder [unless you remove
read and/or execute permission from specific folders containing scripts].
You could attempt to do this per computer... for example, to prevent someone
from accidentally double-clicking to run an infected .SHS or .WSH file,
remove the Registry value or key for .SHS from the registry. You can use a
.REG file to delete these registry values using the command REGEDIT /s
X:\FILENAME.REG Note that someone determined to run a script could still
run a script by invoking the script engine used to run the script, such as
CSCRIPT.EXE SCRIPTNAME.VBS 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.459 / Virus Database: 258 - Release Date: 2/25/2003

Relevant Pages

  • Re: Default permissions for the "Default User" account folder
    ... > I gather that Windows uses the permissions from this ... > folder when adding new user accounts. ... > Full - Administrators - This folder, subfolders, and files ... and have created several templates ...
    (microsoft.public.windowsxp.security_admin)
  • Default permissions for the "Default User" account folder
    ... I gather that Windows uses the permissions from this ... folder when adding new user accounts. ... Full - Administrators - This folder, subfolders, and files ... are there any additional security templates ...
    (microsoft.public.windowsxp.security_admin)
  • File permissions question
    ... You can apply NTFS permisions on the "folder" where all ... your scripts and will not be able to change them. ... Please note that with NTFS permissions always the LESS ... Inside of NETSHARE$ I've put a VBscript, ...
    (microsoft.public.win2000.security)
  • Re: PHP 5.0.1 IIS 5 Win 2K AS
    ... IUSR has full control of the c:\php folder as permissions to the processor ... folder for the scripts. ... Norton's blocking the scripts as far as I know. ... Anyway, there's av, sure, but if it was blocking the php scripts, there ...
    (microsoft.public.inetserver.iis)
  • Re: File permissions question
    ... > the scripts reside in. ... > group READ access to this folder. ... > Please note that with NTFS permissions always the LESS ... Inside of NETSHARE$ I've put a VBscript, ...
    (microsoft.public.win2000.security)