Re: The default privillage of Windows Server 2000

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 12/07/04

  • Next message: Roger Abell [MVP]: "Re: DCOM Access Permissions"
    Date: Mon, 6 Dec 2004 20:20:25 -0600
    
    

    It is a great idea to lock down the root/drive folder. I would suggest you
    change it to full control for system and administrators and give users
    read/list/execute. If you have the guest account disabled [as default] and
    are using strong passwords for at least administrator accounts the risk of a
    hack is not high but regular users can write to that directory which is
    something to avoid. I also suggest you run the Microsoft Baseline Security
    Analyzer on your server to further check for vulnerabilities such as
    unneeded services. IIS is installed and enabled on all installs of W2K and
    in a vulnerable state which would be a much bigger risk. --- Steve

    http://support.microsoft.com/?scid=327522 -- KB on ntfs recommendations.
    Note creator owner permissions are for subfolder and files only.
    http://www.microsoft.com/technet/security/tools/mbsahome.mspx -- MBSA link.

    "ad" <ad@wfes.tcc.edu.tw> wrote in message
    news:%23H2qe2$2EHA.924@TK2MSFTNGP14.phx.gbl...
    > After I install Windows Server 2000, The default privillage of C: disk is
    > everyone whole control
    > Is that a leak for hacker?
    > How can I modify it for safe?
    >
    >


  • Next message: Roger Abell [MVP]: "Re: DCOM Access Permissions"