Re: Authenticated users question

From: GRCC (grccnews_at_nospamadelphia.net)
Date: 07/28/04

  • Next message: Joe Richards [MVP]: "Re: passfilt.dll" 
    Date: Wed, 28 Jul 2004 16:25:57 -0400

    Hey Rick,
    Thanks. That helps . I removed the authenticated users from the data folders
    and replaced them with the groups and/or people who need access. We only
    have one server, som I have to use it as the file server.
    Thanks again,
    Frank

    "Rick A. Butler" <orion2634@yahoo.com> wrote in message
    news:%23g9piACdEHA.3392@tk2msftngp13.phx.gbl...
    > GRCC -
    >
    > Assuming the data folders you're talking about are folders you created,
    you
    > are correct. If you have a file folder that's listing 'Authenticated
    Users'
    > for full control rights, that means anyone who can log onto the server,
    > whether it be local or domain, would have FC on that folder. Since this is
    a
    > DC, users logging on through AD apply here. (yeah, there are builtin
    > users/groups, but often, they are not used on a DC)
    >
    > Full Control rights are hardly necessary on data folders. You only need to
    > assign FC if you have people who need to assign permissions or take
    > ownership. If all they need to do is Read, Write, Execute, or Delete, then
    > set their effective permission to modify. In most cases, unless there is a
    > general access need, you should prolly not even assign permissions to
    > Authenticated Users, but rather, specify groups, assign personnel with
    need
    > to know to those groups and give that group the permission it needs.
    >
    > Additionally, unless there is a specific need to share files from your DC,
    > I'd recommend not using your DC for file services, especially if you only
    > have one DC in your domain/forest.
    >
    > HTH -
    >
    > Rick A. Butler
    >
    >
    > "GRCC" <grccnews@nospamadelphia.net> wrote in message
    > news:elKD7JBdEHA.1604@TK2MSFTNGP11.phx.gbl...
    > > Dumb question probably, sorry. Authenticated Users have full control in
    > > some data folders on our w2k domain controller. Is this neccesary?
    > Wouldn't
    > > that mean all users who are auhenticated have full control, which would
    be
    > > all users? Authenticated Users somewhat confusing.
    > > Thanks
    > > GRCC
    > >
    > >
    >
    >

  • Next message: Joe Richards [MVP]: "Re: passfilt.dll"

    Relevant Pages

    • Re: Authenticated users question
      ... If you have a file folder that's listing 'Authenticated Users' ... Full Control rights are hardly necessary on data folders. ... you should prolly not even assign permissions to ...
      (microsoft.public.windows.server.security)
    • Re: whats the difference...
      ... Bill wrote: ... share more secure when given to Authenticated Users as apposed to the ... For your users' data folders, it's best to use neither, in my opinion. ...
      (microsoft.public.windows.server.active_directory)
    • Authenticated users question
      ... some data folders on our w2k domain controller. ... that mean all users who are auhenticated have full control, ... Authenticated Users somewhat confusing. ...
      (microsoft.public.windows.server.security)
    • Microsoft Secure DNS and Authenticated Users group interdependencies
      ... I would really appreciate anyone who considers themselves DNS experts to take a good look at this post. ... Only if Authenticated Users group has a write access will the record update. ... If the a record is set with default permissions and Authenticated Users has elevated permissions set, after the client's successfully updates the record, the client is added to the ACE with WRITE permissions and Authenticated Users permissions get reset. ...
      (microsoft.public.windows.server.dns)
    • Re: Prevent "Authenticated Users" from browsing Active Directory
      ... > properties/security and remove everyone and authenticated users from the ... > permissions - that is why I recommend removing the whole group. ... > enterprise administrator, schema administrator, administrators, and ...
      (microsoft.public.win2000.security)
    • Quantcast