Re: Allow ONLY "Administrator" and "System" groups full control to
- From: "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx>
- Date: Wed, 15 Feb 2006 23:19:11 -0700
Just only give out user right to Log on locally to only the absolutely
necessary persons. Others can be gated to folders with Log on over
the network user right grant and share level + NTFS permissions on
the areas specifically selected to be shared (including the DFS skeleton
structures for the replica sets).
"Ed Flecko" <EdFlecko@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:80EE5072-5AB1-465E-A838-460560588542@xxxxxxxxxxxxxxxx
Hi Allen,
O.K. We're a small company with about 50 end users. I run a single domain
model with 3 sites and all 3 sites will are connected via T-1 lines. All
sites have their own server(s). All 3 servers will be "primarily" DNS
servers
for their sites and will all be DFS relication partners. THIS particular
server will also host and maintain our corporate anti-virus console, and
be a
file server for a few odds and ends applications.
I hope that helps.
Ed
"AllenM" wrote:
Before I can tell you what is wrong with it in detail tell me what you
plan
on using this server for?
"Ed Flecko" <EdFlecko@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:3D71E849-A6A8-413D-B721-9A1013CDB313@xxxxxxxxxxxxxxxx
Hi Allen,
Thanks for your input. :-)
Forgive me; I'm not trying to sound flippant. What's wrong with doing
this?
When you say "it's not a godd idea"...why not? Do you think I will
encounter
some form of difficulties?
I'm, of course, just "thinking out loud", but I can't see why anyone
other
than these two groups would need ANY access (even read permissions) to
the
default directories and their subdirectories.
Ed
"AllenM" wrote:
Well you will accomplish what you're trying to do and that is it will
be
secured. However no one will be able to use it other than the
Administrator.
Not a good idea. Leave the root permissions alone and apply your NTFS
permissions at the folder level.
"Ed Flecko" <EdFlecko@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:6BA55846-612C-494B-9B6D-95485031FDEC@xxxxxxxxxxxxxxxx
Hi folks,
I'm setting up a new Server 2003-R2 server. I have added the
Administrators
and System groups full control of the C:\ drive, and removed
everyone
else. I
see, by default, the C:\ drive has a few other directories and
subdirectories, i.e., "Windows", "Program Files", etc.
Since I'm setting this server up from scratch, in an effort to be as
secure
as possible, is there's anything wrong with selecting the little
check
box
"Replace permission entries on all child objects with entries shown
here
that
apply to child objects." I know this will reset all pemissions from
the
root
of C:\ down through all directories, I'm just wondering if I can
expect
headaches or if this might be smart to do? I think it sounds like a
smart
idea.
Comments? Suggestions?
Thank you,
Ed
.
- References:
- Prev by Date: Re: Allow ONLY "Administrator" and "System" groups full control to
- Next by Date: Re: Windows Explorer changes user account during connection to share folder
- Previous by thread: Re: Allow ONLY "Administrator" and "System" groups full control to
- Next by thread: Re: Allow ONLY "Administrator" and "System" groups full control to
- Index(es):
Relevant Pages
|
