Re: The default privillage of Windows Server 2000

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 12/07/04

  • Next message: Roger Abell [MVP]: "Re: DCOM Access Permissions"
    Date: Mon, 6 Dec 2004 20:20:25 -0600
    
    

    It is a great idea to lock down the root/drive folder. I would suggest you
    change it to full control for system and administrators and give users
    read/list/execute. If you have the guest account disabled [as default] and
    are using strong passwords for at least administrator accounts the risk of a
    hack is not high but regular users can write to that directory which is
    something to avoid. I also suggest you run the Microsoft Baseline Security
    Analyzer on your server to further check for vulnerabilities such as
    unneeded services. IIS is installed and enabled on all installs of W2K and
    in a vulnerable state which would be a much bigger risk. --- Steve

    http://support.microsoft.com/?scid=327522 -- KB on ntfs recommendations.
    Note creator owner permissions are for subfolder and files only.
    http://www.microsoft.com/technet/security/tools/mbsahome.mspx -- MBSA link.

    "ad" <ad@wfes.tcc.edu.tw> wrote in message
    news:%23H2qe2$2EHA.924@TK2MSFTNGP14.phx.gbl...
    > After I install Windows Server 2000, The default privillage of C: disk is
    > everyone whole control
    > Is that a leak for hacker?
    > How can I modify it for safe?
    >
    >


  • Next message: Roger Abell [MVP]: "Re: DCOM Access Permissions"

    Relevant Pages

    • Re: Oracle memory allocation on Linux 2.6
      ... direct I/O should lower memory consumption simply because it ... bypasses buffer cache over which we have no control. ... With Linux, I really have a problem with the ... as well as system administrators are ...
      (comp.databases.oracle.server)
    • Re: Delegation dilemma
      ... That will spread the security control over a group of people ... your SMS and MOM servers are going to be member servers. ... SMSAdmins in the local administrators group of the SMS Primary and Secondary ...
      (microsoft.public.windows.server.active_directory)
    • Re: Restricting Certain Binaries - Steve?
      ... ntfs/share permissions, eliminating unnecessary services, etc. ... administrators group from the "access this computer from the network" user right ... I don't know exactly how an attacker or worm gets system control. ... > execute any of these binaries from my desktop. ...
      (microsoft.public.win2000.security)
    • RE: software to control domain administrators
      ... "Does anyone know any software to control, audit, or restrict access or privileges to domain administrators." ... I will restate my mantra differently, If you can not trust someone to be in a position of complete un-adulterated control of your network, then they should not be in that position. ... >(assuming we are talking about NT/AD Domain Admins) ...
      (Security-Basics)
    • Re: What Would Deactivate Hosts File?
      ... Administrators: Full Control ... The file is owned by the administrators group. ... then reboot, then hosts mysteriously ... Users group affect this feature, which should be implemented by a SYSTEM ...
      (microsoft.public.windows.server.networking)