Re: drive and %systemfolder%

From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 11/22/04


Date: Mon, 22 Nov 2004 22:02:32 GMT

No they should not have full access. At best they should have
read/list/execute for the root and system folder. You may be able to remove
them as long as users group has the needed permissions and no legacy
applications or downlevel clients [W9X/NT4.0] require the use of everyone
permissions . The NSA security guide suggests removing them and using
authenticated users in place of everyone and users. If you remove everyone
you may have to give users from trusted domains explicit access FYI to ACL
and user rights such as logon locally or access this computer from the
network. Do NOT however give everyone group deny permissions. The link below
is for several security guides that should be of help. By default XP Pro and
W2003 Server have fairly secure ntfs permissions/user rights if you want to
check one of those operating systems as a guideline. --- Steve

"KJ" <KJ@discussions.microsoft.com> wrote in message
news:5C69C178-58BF-4761-8A3B-99E067BCA642@microsoft.com...
> What are best permissions to use on file server? Should everyone have full
> access to C: drive? Should evereyone be removed from default anywhere on
> sytem folder? Will Group Policy and Terminal Services work if you remove
> them? How do you lock yours down?



Relevant Pages

  • Re: Is every user a member of Users?
    ... I don't like fiddling with permissions ... the system folder and other folders on the computer. ... book on configuring Windows security the Microsoft Windows Security Resource ...
    (microsoft.public.win2000.security)
  • Re: installation failure
    ... Nothing short of a clean install of OS10.3.x has seemed to resolve ... Permissions repair, disk utils, command line deletion of prefs ... I also checked the permissions on the OS9 System Folder, ... The account I am logged on with is an admin. ...
    (microsoft.public.outlook.mac)
  • Re: Is every user a member of Users?
    ... Along this line is a relatively advance technique where ... normally has Change permissions is added, e.g., for the ... > the system folder and other folders on the computer. ... > book on configuring Windows security the Microsoft Windows Security ...
    (microsoft.public.win2000.security)
  • Re: Org. Forms.
    ... I actually had already done that and the permissions ... on my account are set to allow everything. ... Matt ... > forms system folder are too restrictive. ...
    (microsoft.public.exchange.admin)
  • Re: drive and %systemfolder%
    ... I have 2000 file server with settings as you say except for C: ... > them as long as users group has the needed permissions and no legacy ... > W2003 Server have fairly secure ntfs permissions/user rights if you want to ...
    (microsoft.public.win2000.security)