Re: drive and %systemfolder%
From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 11/22/04
- Next message: KJ: "virii, ftp and iirc"
- Previous message: KJ: "C: drive and %systemfolder%"
- In reply to: KJ: "C: drive and %systemfolder%"
- Next in thread: KJ: "Re: drive and %systemfolder%"
- Reply: KJ: "Re: drive and %systemfolder%"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 22 Nov 2004 22:02:32 GMT
No they should not have full access. At best they should have
read/list/execute for the root and system folder. You may be able to remove
them as long as users group has the needed permissions and no legacy
applications or downlevel clients [W9X/NT4.0] require the use of everyone
permissions . The NSA security guide suggests removing them and using
authenticated users in place of everyone and users. If you remove everyone
you may have to give users from trusted domains explicit access FYI to ACL
and user rights such as logon locally or access this computer from the
network. Do NOT however give everyone group deny permissions. The link below
is for several security guides that should be of help. By default XP Pro and
W2003 Server have fairly secure ntfs permissions/user rights if you want to
check one of those operating systems as a guideline. --- Steve
"KJ" <KJ@discussions.microsoft.com> wrote in message
news:5C69C178-58BF-4761-8A3B-99E067BCA642@microsoft.com...
> What are best permissions to use on file server? Should everyone have full
> access to C: drive? Should evereyone be removed from default anywhere on
> sytem folder? Will Group Policy and Terminal Services work if you remove
> them? How do you lock yours down?
- Next message: KJ: "virii, ftp and iirc"
- Previous message: KJ: "C: drive and %systemfolder%"
- In reply to: KJ: "C: drive and %systemfolder%"
- Next in thread: KJ: "Re: drive and %systemfolder%"
- Reply: KJ: "Re: drive and %systemfolder%"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
