Default NTFS permissions too liberal on newly created volumes

Windows 2003 SP1 server here...

I created a folder called "public" under the z:\ drive, shared it as
"public", and verified that all users in my department had read-only
permissions via a certain group. All seemed well until I saw legit data
folders popping up in this shared folder that was allegedly read-only save
for the admins. The user was able to create folders and files in the public
share that was supposed to be read-only!!!

Well...

It seems to me that configuring a secondary volume, named as Drive Z:,
brings liberal permissions to the root of the drive for the USERS group.
Drilling down into the advanced security settings window shows 3 separate
entries for the local-server\USERS group:

--Read & Execute, This folder, subfolders and files
--Create Folders/Append Data, This folder and subfolders
--Create Files / Write Data, Subfolders only

I looked at the other servers that we've built and all have the same
all-too-liberal permission settings for the USERS group. It seems to me
that USERS can do everything but delete files by default.

Why is Microsoft allowing the USERS group such liberal permissions by
default? It was a no-brainer to remove the EVERYONE group to tighten
things up, but this issue seems to make things more difficult to lock-down
security on file servers. Am I missing something???


TIA,
Mike



.

Relevant Pages

  • Re: New User Account
    ... Users that are just members of the Users Group should be able to logon w/out ... \Documents and Settings\Default User folder. ... Default security settings on the \Documents and Settings folder would be: ...
    (microsoft.public.win2000.security)
  • Re: Windows 2003 file sharing and NTFS right
    ... department for so many shared folder, ... who is under IT Team group and users group. ... server served as file server, I have some problem of the file access ... Bob is put in Both Group1 and users group. ...
    (microsoft.public.windows.file_system)
  • Re: Power User rights vs. User rights
    ... > We have a application that runs correctly if the user is part of the power ... > users group but will not correctly if the use is part of the users group. ... Start Menu folder and Desktop folder shortcuts from the user profile ... limited accounts, you can fix it to allow limited users to access the ...
    (microsoft.public.windowsxp.security_admin)
  • Re: WLANMON
    ... Try giving the users group modify ntfs permissions to the Dlink Airplus folder ... > the users access the NIC without giving them Administrator privileges. ...
    (microsoft.public.win2000.security)
  • Re: Folder/Share security question
    ...  Then I noticed the local Users group had special ... turn had Create Folder & Create File permissions set. ... Read & Execute, List Folder Contents, Read ...
    (microsoft.public.windows.server.security)
Quantcast