Re: The default privillage of Windows Server 2000
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: Mon, 6 Dec 2004 20:20:25 -0600
It is a great idea to lock down the root/drive folder. I would suggest you
change it to full control for system and administrators and give users
read/list/execute. If you have the guest account disabled [as default] and
are using strong passwords for at least administrator accounts the risk of a
hack is not high but regular users can write to that directory which is
something to avoid. I also suggest you run the Microsoft Baseline Security
Analyzer on your server to further check for vulnerabilities such as
unneeded services. IIS is installed and enabled on all installs of W2K and
in a vulnerable state which would be a much bigger risk. --- Steve
http://support.microsoft.com/?scid=327522 -- KB on ntfs recommendations.
Note creator owner permissions are for subfolder and files only.
http://www.microsoft.com/technet/security/tools/mbsahome.mspx -- MBSA link.
"ad" <email@example.com> wrote in message
> After I install Windows Server 2000, The default privillage of C: disk is
> everyone whole control
> Is that a leak for hacker?
> How can I modify it for safe?