Re: Everyone permissions

From: Alaa Abdelhalim [MSFT] (alaa_at_online.microsoft.com)
Date: 06/14/03

• Next message: Phil: "Re: workstation administrator password"
• Previous message: Steven L Umbach: "Re: permission problems"
• In reply to: adam: "Everyone permissions"
• Next in thread: Matt Smith: "Re: Everyone permissions"
• Reply: Matt Smith: "Re: Everyone permissions"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 13 Jun 2003 18:27:29 -0700

The permissions you see only apply to users who already managed to log on to
your computer. This says that any local user who logs on, for example, will
have full control over the folders that have this access control entry.
However, since the folders are not shared out by default,
remote/unauthorized users cannot access them. Moreover, when you do share
out a folder, the permissions on the share can be more restrictive than the
ones on the folder, which will server to restrict access. (Granted rights =
the intersection of share permissions and folder/file permissions)

In the interest of defense in depth, however, this default has changed in
Windows Server 2003 to match the high security template which grants
Everyone only read/execute access.

-- 
Alaa Abdelhalim [MSFT]
-----
This posting is provided "AS IS" with no warranties, and confers no rights.
Please do not send e-mail directly to this alias. This alias is for
newsgroup purposes only.
"adam" <chihai@charter.net> wrote in message
news:0b8d01c33208$667c86b0$a001280a@phx.gbl...
> I am aware that WIN2K comes with the default persmissions
> set to everyone.  What type of security risk is this? Does
> it allow for just anyone to have access to the computer
> even if the domain requires a user name and password?

• Next message: Phil: "Re: workstation administrator password"
• Previous message: Steven L Umbach: "Re: permission problems"
• In reply to: adam: "Everyone permissions"
• Next in thread: Matt Smith: "Re: Everyone permissions"
• Reply: Matt Smith: "Re: Everyone permissions"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: NTFS Security Question. ... A subordinate object DOES not inherit the PARENT perms (in ... will assume "Nebulous" permissions that refer to the LINK ... The trick is to PROPOGATE to all FILES (not Folders and Files - that would ... Since Windows 2000 deny NTFS permission does not work ... (microsoft.public.windowsxp.security_admin) RE: ISA 2004 REPORT FAILURE ... Did as you suggested and turned auditing on for the system and folders ... that is setting the wrong permissions of the folders ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ... (microsoft.public.windows.server.sbs) RE: ISA 2004 REPORT FAILURE ... the ISA Reports still fail because ... I can change the permissions manually ... on the ISALogs and ISASummaries folders ... Microsoft CSS Online Newsgroup Support ... (microsoft.public.windows.server.sbs) Re: Personal Media Drive ... > much more knowledgeable about Windows than I am. ... You restrict access by assigning permissions to drives, folders and files. ... (microsoft.public.windows.mediacenter) Re: Administrator/User security issues ... i have setup all the accounts, ... folders for testing the security. ... permissions but the admin. ... (microsoft.public.windowsxp.security_admin)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint