Intranet/Extranet, Folder security and Authenticated users group

From: Darren Thorley (dthorley_at_intellesys.com)
Date: 12/09/03

• Next message: techroom: "Re: can't log on to server"
• Previous message: Jason: "Active Directory"
• Next in thread: Steven L Umbach: "Re: Intranet/Extranet, Folder security and Authenticated users group"
• Reply: Steven L Umbach: "Re: Intranet/Extranet, Folder security and Authenticated users group"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: 9 Dec 2003 10:53:00 -0800

We are looking at developing an intranet/extranet on our SBS2K box to
allow access to certain files to our travelling users. They will not
always be able to establish a VPN due to certain offsite restrictions.

One of the directories that we want certain stuff to be available is
in the Company directory. By default this directory has full control
set for the everyone group.

Although there is nothing major in here I would like to secure it from
unauthenticated prying eyes.

We need all the domain users (excluding the guest and anonymous
accounts) to retain full control of all the files in this directory
structure.

I have set IIS to only allow SSL and enabled pass-through
authentication. The default of Read and Execute are the only
permissions enabled in the Virtual Directory.

Is there any benefit from changing the default NTFS permission from
the Everyone group having full control to the Authenticated Users
group and removing Everyone?

Would it be better practise creating a new group and making sure all
users are made members when I think Authenticated Users will cover it?

I know this may sound dense but I am trying to get my facts right
before I make a change and possibly regret it later.

Thanks in advance for any advice given.

Darren

---

• Next message: techroom: "Re: can't log on to server"
• Previous message: Jason: "Active Directory"
• Next in thread: Steven L Umbach: "Re: Intranet/Extranet, Folder security and Authenticated users group"
• Reply: Steven L Umbach: "Re: Intranet/Extranet, Folder security and Authenticated users group"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Intranet/Extranet, Folder security and Authenticated users group ... If for some reason say the guest ... By default this directory has full control ... > I have set IIS to only allow SSL and enabled pass-through ... > the Everyone group having full control to the Authenticated Users ... (microsoft.public.win2000.security) Re: CDOSYS Send method fails first time ... Permission: Authenticated Users - Read Control, ... > fails on the Send method if I access the web page with a non-admin user. ... (microsoft.public.exchange.development) Re: \domainname.comSYSVOL is not browseable ... Administrators> Full Control ... Authenticated Users> Read & Execute ... (microsoft.public.windows.server.dns) Re: Outlook2003 error "bookmark not valid" ... We're having really annoying problems with Outlook 2003 and Exchange server 2003 enterprise edition.. ... the other is simply "The bookmark is not valid." ... I have tried the security on the GAL - such as giving Authenticated Users full control of the GAL, i've even given that specific user full control of the GAL as well. ... (microsoft.public.exchange.setup) Re: Authenticated users question ... If you have a file folder that's listing 'Authenticated Users' ... Full Control rights are hardly necessary on data folders. ... you should prolly not even assign permissions to ... (microsoft.public.windows.server.security)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(12)