Re: Everyone permissions

From: Steven L Umbach (n9rou_at_nsattbi.com)
Date: 06/14/03 

Date: Sat, 14 Jun 2003 12:23:20 GMT

         It can be a security risk because the everyone group for W2K
contains consists of users, guests, and anonymous user [infamous null
session - not IIS anonoymous log on]. Some applications still require
everyone permisions. However many times if you do not use the guests group
[not a good idea] and do not have any applications that need everyone group
permissions, you can remove everyone group and replace it with the
authenticated users group which does not have the guests and anonymous users
in it on the root folder, or at very least change the permissions to
read/list/execute for the everyone group on the root folder. Folders on a
default installation other that the root already have limited permissions
for the everyone group. It is NOT a good idea however to change the
permissions on or remove the everyone group from the winnt folder or you may
have problems - the everyone group on that folder has no more that
list/read/execute anyhow. To get a better idea of how MS has tightened ntfs
permissions on the everyone group, take a look at the permissions on the
root folder of a XP or W2003 default installation. XP/2003 do not include
the anonoymous user in the everyone group anymore, though it can be added
for backwards compatability if necessary in security policy. See link to KB
article for an exapmle about how NT4.0 is dependent on everyone group. ---
Steve

http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B247900
http://support.microsoft.com/?kbid=246261

"adam" <chihai@charter.net> wrote in message
news:0b8d01c33208$667c86b0$a001280a@phx.gbl...
> I am aware that WIN2K comes with the default persmissions
> set to everyone. What type of security risk is this? Does
> it allow for just anyone to have access to the computer
> even if the domain requires a user name and password?

"adam" <chihai@charter.net> wrote in message
news:0b8d01c33208$667c86b0$a001280a@phx.gbl...
> I am aware that WIN2K comes with the default persmissions
> set to everyone. What type of security risk is this? Does
> it allow for just anyone to have access to the computer
> even if the domain requires a user name and password?

Relevant Pages

  • Re: Everyone permissions
    ... However many times if you do not use the guests group ... and do not have any applications that need everyone group ... in it on the root folder, or at very least change the permissions to ... read/list/execute for the everyone group on the root folder. ...
    (microsoft.public.win2000.security)
  • Re: recurring 1058/1030 USERENV events every 5 mins
    ... the everyone group is not listed in the "c:\windows folder permissions. ... Root folder is the highest folder so "windows" ... group's NTFS permissions on the root folder by granting "Everyone" the ...
    (microsoft.public.windows.server.general)
  • Re: Hidden folders with NTFS
    ... For example, all users can access a root folder, but only ... Here is a link to Microsoft explaining Access-based Enumeration. ... System Engineer / Education Services / Professional Services ...
    (microsoft.public.windows.file_system)
  • File sharing in W2k3
    ... I have a directory which is shared on a Windows 2k3 standard box. ... I shared the root folder on the drive using everyone giving them read ... I then set the permissions on the specific ... Andrew Hodgson in Bromyard, Herefordshire, UK. ...
    (microsoft.public.windows.server.general)
  • Re: pfdavadmin to add permissions
    ... It is possible with SP2 to now propagate permissions, ... did not create one root folder at the top then you're stuck since you ... Note also that if apply SP2 to Exchange, ...
    (microsoft.public.exchange.admin)