Re: Best Practices for NTFS Shares

• Previous message: Paul Adare - MVP - Microsoft Virtual PC: "Re: smart card logon: Error: invalid handle"
• In reply to: anonymous_at_discussions.microsoft.com: "Re: Best Practices for NTFS Shares"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 28 Jul 2004 03:06:59 -0700

Microsoft released a "Heads up" a few years ago
about removing the EveryOne group.

This came about the same time as the FBI's
warrning about the PnP on windows also.

<anonymous@discussions.microsoft.com> wrote in message
news:448001c47339$473f08e0$a601280a@phx.gbl...
> Thanks a lot. I needed to find documentation to support my
> assertion that we get rid of the FC on the Everyone
> Group. These links are very helpful.
> >-----Original Message-----
> >The Windows 2000 Security Hardening Guide is a pretty
> good read though I don't know
> >if it has exactly what you are looking for. Generally you
> want to follow the least
> >permissions needed rule to set up folders. By default W2K
> gives everyone full control
> >to a share which you should change to full control for
> administrators and read or
> >modify for the appropriate users group that needs access
> to the share. Read allows
> >execute permissions to a share while modify is needed for
> write and delete.
> >
> >NTFS permissions work in conjunction with share
> permissions for network access and
> >the most restrictive of the two permissions will apply to
> a user. Avoid using
> >everyone/users group in shares or ntfs permissions unless
> you want all users to have
> >access. The links below may be helpful. --- Steve
> >
> >http://support.microsoft.com/?id=301195
> >http://www.windowsitlibrary.com/Content/592/toc.html
> >http://www.microsoft.com/technet/Security/prodtech/win2000
> /win2khg/05sconfg.mspx#XSLTsection129121120120
> >
> >
> >"Rob" <anonymous@discussions.microsoft.com> wrote in
> message
> >news:438b01c4732a$d0d11300$a401280a@phx.gbl...
> >> I am searching for a white paper on best practices for
> >> setting up NTFS Shares in W2K. Can anyone point me in
> the
> >> right direction or have an article number I can search
> on?
> >>
> >> Thanks,
> >> Rob
> >
> >
> >.
> >

• Previous message: Paul Adare - MVP - Microsoft Virtual PC: "Re: smart card logon: Error: invalid handle"
• In reply to: anonymous_at_discussions.microsoft.com: "Re: Best Practices for NTFS Shares"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: full control ... Full control means the ability to read, write, execute, modify, just what ... Modify is ability for others to modify your files. ... Special Permissions Full Control Modify Read & Execute List Folder ... (microsoft.public.win2000.networking) Re: Need Write rights NOT Change or Delete ... I was able to disable inherting of permissions and then: ... Full Control and Modify ... So you should have write, read and exceute, list ... (microsoft.public.win2000.security) Re: NTFS creator/owner property and permissions ... regardless of whether they have full control or modify ... permissions, that user can then modify the permissions of the file or ... In NTFS, the owner of a file or directory can always modify the permissions, ... > If you give the Modify but not Full Control NTFS ... (microsoft.public.win2000.security) RE: Excel 2007 Modify Permissions Problem. ... the file ".xls" I need to have Modify permissions turned on. ... I only need Modify for one file in the top directory. ... the top folder, I end up having modified in all of the sub-folders as well. ... we have around 2000 hyperlinks that all get broken. ... (microsoft.public.excel.misc) Re: Access To Access ... This is usually a filesystem permissions problem. ... file require Modify permissions for the folder containing the file. ... This email account is my spam trap so I ... (microsoft.public.inetserver.asp.db)