Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Everyone Full Control

Posted on 2004-09-20
6
Medium Priority
?
338 Views
Last Modified: 2010-04-14
I know the default in win2k is to have 'Everyone - Full Control' as the default for NTFS permissions, even on the system partition. I'd like to tighten this up and was wondering if anyone could provide links to some best practices papers, etc, with some recommendations for tightening this up. I'm not interested in using any of the default templates.

Thanks,
Kris.
0
Comment
Question by:kristinaw
  • 3
  • 2
6 Comments
 
LVL 15

Expert Comment

by:Yan_west
ID: 12102809
First of all, you got Share permission, and folder security.

Share permission= WHo can see the share.. You should remove everyone from there, and only put domain users.. you can even restrict it more.. but the minimum is domain users. Only administrators if you want the shares to be seen by admins..

Folder security is all depending on you.. Basicly,  for shared folders (by everyone), the security should be set at Modify.. not full control.. and you put the Domain users group in there.. You should also create groups for each department for further security fragmentation. Only the admin must have full control. All users should only have modify.. of even less. Depending on the desired security..
0
 
LVL 20

Expert Comment

by:Debsyl99
ID: 12102886
Hi
The key to this is being clear as to who needs access to which files and folders on the server.
NTFS Permissions
http://www.windowsitlibrary.com/Content/592/toc.html
Windows 2000 Permissions
http://www.comptechdoc.org/os/windows/win2k/win2kpermissions.html
Windows 2000 Security Checklist
http://labmice.techtarget.com/articles/securingwin2000.htm
0
 
LVL 22

Author Comment

by:kristinaw
ID: 12103069
thanks all, but i'm quite familiar with ntfs vs share permissions, how they work, etc.

Debs, the labmice article is a bit more ontrack with what i'm looking for. i'm not talking about a file server, so i'm not assigning permissions to resources. Physical security to the box is locked down, so there really isn't much of a threat that security will be breached, this is more out of sheer curiosity, and the 'just in case' method of administration. there must be some other default that can be applied to the system partition, as far as NTFS goes, other than 'Everyone - Full Control'. I have my own ideas, but would like to see something that documents it. i'm sure i've run across such before but just didn't bookmark it.

Thanks for everyone's input, hope this clarifies a little.

Kris.
0
Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

 
LVL 20

Accepted Solution

by:
Debsyl99 earned 2000 total points
ID: 12103524
Hi Kris

I think I understand now:

This is maybe what you're after

See Table 4.12 File and Folder Permission Settings id the following large document,
Microsoft Windows 2000 Security Hardening Guide
http://www.microsoft.com/technet/Security/prodtech/win2000/win2khg/05sconfg.mspx

Deb :))
0
 
LVL 22

Author Comment

by:kristinaw
ID: 12127625
ya, that one's pretty good Deb. Thanks!
0
 
LVL 20

Expert Comment

by:Debsyl99
ID: 12127680
No probs - Glad to help :))
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Hello there! As a developer I have modified and refactored the unit tests which was written by fellow developers in the past. On the course, I have gone through various misconceptions and technical challenges when it comes to implementation. I would…
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …

824 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question