Re: Default NTFS permissions too liberal on newly created volumes

A rule of thumb that I use is when making a new folder off the root of the drive, to be used as a share, I remove the inheritance
flag and set the permissions as I want.

--
--
Steven

May you have the peace and freedom that come from abandoning all hope of having a better past.
--- - --- - - - - - - - -- - - - --- - ------ - - --- - - -- - - - -- - - -
"Mike M" <nospam@xxxxxxxxxx> wrote in message news:OxMXcj8HGHA.140@xxxxxxxxxxxxxxxxxxxxxxx
> Windows 2003 SP1 server here...
>
> I created a folder called "public" under the z:\ drive, shared it as "public", and verified that all users in my department had
> read-only permissions via a certain group. All seemed well until I saw legit data folders popping up in this shared folder that
> was allegedly read-only save for the admins. The user was able to create folders and files in the public share that was supposed
> to be read-only!!!
>
> Well...
>
> It seems to me that configuring a secondary volume, named as Drive Z:, brings liberal permissions to the root of the drive for the
> USERS group. Drilling down into the advanced security settings window shows 3 separate entries for the local-server\USERS group:
>
> --Read & Execute, This folder, subfolders and files
> --Create Folders/Append Data, This folder and subfolders
> --Create Files / Write Data, Subfolders only
>
> I looked at the other servers that we've built and all have the same all-too-liberal permission settings for the USERS group. It
> seems to me that USERS can do everything but delete files by default.
>
> Why is Microsoft allowing the USERS group such liberal permissions by default? It was a no-brainer to remove the EVERYONE group
> to tighten things up, but this issue seems to make things more difficult to lock-down security on file servers. Am I missing
> something???
>
>
> TIA,
> Mike
>
>
>


.

Relevant Pages

  • Re: Authentication!!
    ... the admin group isn't your primary ... The application folders defaults are to allow writing by root ... I'd suggest checking to see of the OP's permissions are the same. ... Applications folder to incorrect permissions too...not sure what. ...
    (comp.sys.mac.apps)
  • Re: File Permissions problem
    ... and enable propagation of inheritable permissions". ... Execute, List Folder Contents, and Read. ... > Hi Roy. ... Try this - set appropriate users permissions for root, ...
    (microsoft.public.win2000.security)
  • Re: Default NTFS permissions too liberal on newly created volumes
    ... The disk root is secured exactly you have found. ... own folders and files and to their own object they have full control. ... Restrict the root folder permissions either manually or by GPO. ... > brings liberal permissions to the root of the drive for the USERS group. ...
    (microsoft.public.windows.server.security)
  • Re: Folder/Share security question
    ... Ok, permissions were set exactly as you listed below, but still weren't ... Then I noticed the local Users group had special ... turn had Create Folder & Create File permissions set. ... Read & Execute, List Folder Contents, Read ...
    (microsoft.public.windows.server.security)
  • Re: Setting folder permissions
    ... I have made the parent folder Users group have Full Control permissions on ... These permissions are being copied into the newly created folder, ... I changed it to my admin account and got everything working. ...
    (microsoft.public.dotnet.languages.csharp)