RE: Setting up Security on Files and Folder

• Previous message: Lanwench [MVP - Exchange]: "Re: deploying paches"
• In reply to: John: "Setting up Security on Files and Folder"
• Next in thread: Ron Bernier: "Re: Setting up Security on Files and Folder"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 28 Jun 2004 08:54:01 -0700

"John" wrote:

> I am trying to setup Security on Files and Folders on WINNT folder and beneath that, and also on the system root files like Autoexsec.bat, boot.ini, ntldr,config.sys etc...
>
> Scenario:
>
> I want to change the permissions on BOOT.INI file from the existing EVERYONE group which has FULL PERMISSIONS to READ permissions. (Even though this is an NT server but after installing MMC, the permission settings looks like for Windows 2000, so that is the reason I am posting it in this group).
>
> I want to change this to have SPECIAL PERMISSION as READ and not RX. So, when I do change it to READ it does not show as SPECIAL PERMISSION under PERMISSIONS tab in ADVANCED option under Security Tab.
>
> When I click on VIEW/EDIT option, I see the following options under Permissions Enabled.
>
> List folder/Read data - Enabled
> Read Attributes - Enabled
> Read Extended Attributes - Enabled
> Read permissions - Enabled
> Synchronize - Enabled
>
> My question is, is this setting correct, where I have taken of all the permissions under the main permissions window to have only READ Special access.(Again it is not RX).

Adding more info to this - I forgot to add one more thing to this which was my main reason for posting it here. If EVERYONE/USER group has READ permission on this boot.ini file, and if the server is rebooted will the server come up? Cause am afraid that if it has only READ permission whether it will come up. To be cautious, what I am trying to do is to add Domain admin account onto this. Also, this is a BDC.

I want to make sure I am doing the right thing, should I add SYSTEM account also to this boot.ini, config.sys, ntldr, ntdetect.com files. I am kind of reluctant as the security policy determined for these files are to remove EVERYONE/USER group full permissions and give the only RX or Special Access READ and List on some of the folders and files.
>

• Previous message: Lanwench [MVP - Exchange]: "Re: deploying paches"
• In reply to: John: "Setting up Security on Files and Folder"
• Next in thread: Ron Bernier: "Re: Setting up Security on Files and Folder"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Setting up Security on Files and Folder ... Scenario: ... when I do change it to READ it does not show as SPECIAL PERMISSION under PERMISSIONS tab in ADVANCED option under Security Tab. ... (microsoft.public.win2000.security) Re: File/directory permissions ... I don't see that this scenario as being ... When you create the root directory, ... projects will have the right permissions by default. ... Then, create a group corresponding to each project, and set the ACL to allow ... (microsoft.public.win2000.security) Re: File/directory permissions ... I don't see that this scenario as being ... > When you create the root directory, ... > projects will have the right permissions by default. ... >> ntfs, but I need real world examples for complicated setups like mine. ... (microsoft.public.win2000.security) Send As Permissions ... I checked the permissions tab and the 'guest' user is not ... mailbox access on Mailbox Rights button on the Exchange ... (microsoft.public.exchange.misc) Re: Permissions ... > What's the best approach to the following scenario? ... > pertaining to each user under Users, ... > permissions for each user eclusively. ... Would home folders be an option? ... (microsoft.public.windows.file_system)