Re: 'Everyone' permissions on C Drive
From: Roger Abell [MVP] (mvpNOSPAM@asu.edu)
Date: 10/05/02
- Next message: Roger Abell [MVP]: "Re: unhandled exception"
- Previous message: Roger Abell [MVP]: "Re: Administrator Password "This is a tough one""
- In reply to: Tomothy Quntington-Flitoris: "'Everyone' permissions on C Drive"
- Next in thread: Tomothy Quntington-Flitoris: "Re: 'Everyone' permissions on C Drive"
- Reply: Tomothy Quntington-Flitoris: "Re: 'Everyone' permissions on C Drive"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Roger Abell [MVP]" <mvpNOSPAM@asu.edu> Date: Sat, 5 Oct 2002 08:50:57 -0700
Hi,
Before you go changing permissions on the WIndows partitions,
notice that while the root, in this case C:\, may have loose looking
permissions, almost all directories under it usually have different
permissions. If you try to change from C:\ on down, you will
very possibly worsen the filesystem security, particularly within
.\Windows, .\Program Files, .\Documents and Settings
Everyone does mean everyone that is able to authenticate to
your machine as some account that it recognizes, or anonymously
if that has been enabled. To limit Everyone to being who you
actually want, make sure that you do not enable the Guest account.
There are policies that control just precisely how Everyone is
related to anonymous accesses. However, AIUI these are not
accessible in Home due to lack of the tool, and not being a Home
version user, I cannot inform you further. I would assume that
they have shipped with some reasonable and safe setting, but . . .
-- Roger Abell MS MVP (Security, Windows), MCDBA, MCSE both Associate Expert - Windows XP ExpertZone http://www.microsoft.com/windowsxp/expertzone "Tomothy Quntington-Flitoris" <IainMcLaren35@spamtwatter.hotmail.com> wrote in message news:Xns929EA34D54D33IainMcLaren35sdpamtw@207.46.239.39... > Using XP Home SP1 (Compaq Presario 6140 OEM install) here, and I've just > noticed that the file permissions on my C drive (single volume hard > drive) are set by default to 'Everyone', with full access! > > Does 'Everyone' mean 'Everyone with a defined account on this machine' or > 'anyone and everyone on the planet if they can get in'? > > I ask because I fear it is the latter. That presumably means that anyone > who is able to access my machine has full access to the drive. I have > taken some precautions - all accounts have strong passwords, I have > NetBIOS over TCP/IP disabled, file and printer sharing turned off, and > Remote Assistance disabled, I run as a limited user day to day, and it is > firewalled via ZoneAlarm Pro. > > However it would seem that these precautions are undermined if anyone can > access the root of my machine (if, say the firewall errors out and I > don't notice). So, I'm sure this still must be an unnecessary security > risk. This machine is not networked locally, except to the interweb via > cable modem. > > I am starting to think that I should remove the 'everyone' permission and > grant the system, admin, and user accounts only individual access - my > reasoning being that access would be denied to anyone else without a > specifically defined account. I am concerned that if I don't do this 100% > correctly my machine's stability will be affected. It's running > flawlessly now, and I don't want to interfere with defaul t settings too > much in case it starts to play up. > > I would appreciate some advice on this. > > Thanks in advance > > Iain
- Next message: Roger Abell [MVP]: "Re: unhandled exception"
- Previous message: Roger Abell [MVP]: "Re: Administrator Password "This is a tough one""
- In reply to: Tomothy Quntington-Flitoris: "'Everyone' permissions on C Drive"
- Next in thread: Tomothy Quntington-Flitoris: "Re: 'Everyone' permissions on C Drive"
- Reply: Tomothy Quntington-Flitoris: "Re: 'Everyone' permissions on C Drive"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
