?
Solved

NTFS Permissions

Posted on 2004-09-01
5
Medium Priority
?
353 Views
Last Modified: 2013-12-04
Hello,  I have windows xp formatted to ntfs.  I am setting the permissions on the C: drive and came across a few user groups I didn't recognize  "system" and "interactive".  I am looking to eliminate any back door access through my workgroup and through an IIS connection.  Do I need to leave these groups for my system to function properly?  If I do leave them will it provide an account someone can log into through IIS when the username and password box appears?  Also, is there someewhere I can look on my computer to view these groups I've never seen before?  Thanks!
0
Comment
Question by:firemanrob
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 8

Expert Comment

by:anil_u
ID: 11949889
Taken from
http://www.techtutorials.com/tutorials/xp/managing_groups.shtml

Built-In System Groups

Built-in system groups exist on Windows XP Professional systems and while they do have specific memberships that you can modify, you cannot administer the groups directly, they are available for modification when you assign user rights and permissions to resources. Built-in system group membership is based on how the computer is accessed, not on who uses the computer. The list below shows the primary built-in system groups and their default properties and characteristics. - This is not a group, just a name to group groups :) (hope that makes sense)
eg
Everyone, Created Owner, Interactive... this collectively is the systems group


Interactive - Members of the Interactive Built-in System group are "added" as they log on locally to the system. . - I suggest you leave this one alone :)
0
 

Author Comment

by:firemanrob
ID: 11957217
so if the "system" group is shown on the drive permissions you are saying it includes the everyone group and the owner group?  So having System group is allowing everyone on the permissions?
0
 
LVL 8

Expert Comment

by:anil_u
ID: 11957785
Apologies, I have looked further into this and the above info on the 'system' is incorrect.

the system group is used to manage accounts that provide system services such as the webserver

for your information, you can check what permissions each group has is by
Right clicking on a file eg a .gif -> properties -> 'security' tab -> 'advanced' button -> if 'SYSTEM' is not in the permission entries then click on 'Add' and add it -> then click on 'view/edit'
here you can see all the permission assigned to the 'SYSTEM' group.
0
 
LVL 20

Accepted Solution

by:
Debsyl99 earned 2000 total points
ID: 11965730
Hi
These two are built-in accounts and generally you don't really want to mess with them as changing permissions or access can seriously affect the correct functioning of your operating system and applications,
How the System Account Is Used in Windows
http://support.microsoft.com/default.aspx?scid=kb;en-us;120929
Windows 2000/XP - Built-in Users and Default Groups
http://www.ss64.com/ntsyntax/security_groups.html

However if you're concerned about security - have a look at the tools/links below. The Baseline analyzer will work with XP and apparently takes a good look at iis setup and config. Ensure that you have a firewall in place to help prevent unauthorised external access.
Microsoft Baseline Security Analyzer V1.2.1
http://www.microsoft.com/technet/security/tools/mbsahome.mspx

Some further useful links,

Hardening Windows NT/2000/XP Information Systems
http://www.windowsecurity.com/articles/Hardening_Windows_NT2000XP_Information_Systems.html
Checklist for Securing a Windows XP IIS 5.1 Webserver
http://www.nthelp.com/NT6/Securing%20an%20XP%20web%20server.htm
Secure an IIS Web server with these 10 steps
http://techrepublic.com.com/5100-6264_11-5226103.html

Deb :))
0
 
LVL 3

Expert Comment

by:Gargantubrain
ID: 11969139
The SYSTEM group refers to most of the services that are running. Go to Control Panel, Administrative Tools, Services and look at all the accounts that Log On As "Local System". Those are the things that need permission to areas, and the SYSTEM group gives them permission.

The INTERACTIVE group refers to anyone logged in at the console, therefore "Interactively".

I would avoid giving any permissions to the Everyone group. Start with no permissions and give it carefully, rather than starting with Everyone or lots of permissions and trying to lock it down more.


0

Featured Post

Ransomware Attacks Keeping You Up at Night?

Will your organization be ransomware's next victim?  The good news is that these attacks are predicable and therefore preventable. Learn more about how you can  stop a ransomware attacks before encryption takes place with our Ransomware Prevention Kit!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
OfficeMate Freezes on login or does not load after login credentials are input.
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
Suggested Courses
Course of the Month14 days, 20 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question