Re: Users accessing C$
From: Chris Hagon (ChrisHagon_at_discussions.microsoft.com)
Date: 07/15/05
- Next message: Karl Levinson, mvp: "Re: Any IDS Recommendations?"
- Previous message: The Poster: "Re: Any IDS Recommendations?"
- In reply to: Chris Hagon: "Re: Users accessing C$"
- Next in thread: Steven L Umbach: "Re: Users accessing C$"
- Reply: Steven L Umbach: "Re: Users accessing C$"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 15 Jul 2005 01:37:01 -0700
On checking Steven I noticed our rights were set as you mentioned, however,
if I checked the security on the root and went to 'Advanced' then the 'Users'
group had Allow rights to 'Create folders & append data' on this root.
I have now Denied this and tested creating a folder with a user with
standard privileges and this has worked. Would someone have enabled this by
default and what are the possible ramifications of me denying this option?
-------
Tech Admin
West Midlands, England
Stressed and Tired!
--------
"Chris Hagon" wrote:
> Thanks for your help Steven; I feel I should have known this, but we learn by
> asking I believe. I am beginning to put your advice into practise, thanks
> once again
>
> -------
> Tech Admin
> West Midlands, England
> Stressed and Tired!
> --------
>
>
> "Steven L Umbach" wrote:
>
> > A user will not need write/modify/full control permissions to logon to a TS
> > or other computer with the possible exception of their user profile if they
> > are allowed to save and manage files there. So what I would do is to make
> > sure that users have no more then read/list/execute permissions to any
> > folder where you do not want them to store files to. Other then the system
> > folders, root folder, user profiles, and folders that they need to write to
> > or run applications from they need no permissions on other folders. The link
> > below may help. --- Steve
> >
> > http://support.microsoft.com/default.aspx?scid=kb;EN-US;308419
> > http://support.microsoft.com/?scid=327522
> >
> > WORKAROUND
> > To work around this issue, reset the permissions for the root directory on
> > the system drive. The default permissions for Windows XP can serve as a
> > guide for a set of permissions that have been thoroughly designed and
> > tested. The following are the default permissions for the root directory on
> > the system drive for Windows XP: . Administrators: Full (This Folder,
> > Subfolders, and Files)
> > . Creators Owners: Full (Subfolders and Files)
> > . System: Full (This Folder, Subfolders, and Files)
> > . Everyone: Read and Execute (This Folder Only)
> >
> >
> > "Chris Hagon" <ChrisHagon@discussions.microsoft.com> wrote in message
> > news:A15D2BDF-11E0-4C37-9E38-9E4759E0B070@microsoft.com...
> > > I've recently discovered one user saving files while in a Terminal Server
> > > session to the 'C:' drive - which is the server root. Obviously users
> > > have
> > > files on other servers but should not be saving anything to our Terminal
> > > Server.
> > >
> > > I'm a little hazy on how the permissions should be set-up to allow people
> > > to
> > > log in but not access the actual server HDD itself
> > >
> > > Any ideas? Thanks!
> > >
> > > -------
> > > Tech Admin
> > > West Midlands, England
> > > Stressed and Tired!
> > > --------
> >
> >
> >
- Next message: Karl Levinson, mvp: "Re: Any IDS Recommendations?"
- Previous message: The Poster: "Re: Any IDS Recommendations?"
- In reply to: Chris Hagon: "Re: Users accessing C$"
- Next in thread: Steven L Umbach: "Re: Users accessing C$"
- Reply: Steven L Umbach: "Re: Users accessing C$"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
