Solved

Everyone Full Control

Posted on 2004-09-20
6
334 Views
Last Modified: 2010-04-14
I know the default in win2k is to have 'Everyone - Full Control' as the default for NTFS permissions, even on the system partition. I'd like to tighten this up and was wondering if anyone could provide links to some best practices papers, etc, with some recommendations for tightening this up. I'm not interested in using any of the default templates.

Thanks,
Kris.
0
Comment
Question by:kristinaw
  • 3
  • 2
6 Comments
 
LVL 15

Expert Comment

by:Yan_west
ID: 12102809
First of all, you got Share permission, and folder security.

Share permission= WHo can see the share.. You should remove everyone from there, and only put domain users.. you can even restrict it more.. but the minimum is domain users. Only administrators if you want the shares to be seen by admins..

Folder security is all depending on you.. Basicly,  for shared folders (by everyone), the security should be set at Modify.. not full control.. and you put the Domain users group in there.. You should also create groups for each department for further security fragmentation. Only the admin must have full control. All users should only have modify.. of even less. Depending on the desired security..
0
 
LVL 20

Expert Comment

by:Debsyl99
ID: 12102886
Hi
The key to this is being clear as to who needs access to which files and folders on the server.
NTFS Permissions
http://www.windowsitlibrary.com/Content/592/toc.html
Windows 2000 Permissions
http://www.comptechdoc.org/os/windows/win2k/win2kpermissions.html
Windows 2000 Security Checklist
http://labmice.techtarget.com/articles/securingwin2000.htm
0
 
LVL 22

Author Comment

by:kristinaw
ID: 12103069
thanks all, but i'm quite familiar with ntfs vs share permissions, how they work, etc.

Debs, the labmice article is a bit more ontrack with what i'm looking for. i'm not talking about a file server, so i'm not assigning permissions to resources. Physical security to the box is locked down, so there really isn't much of a threat that security will be breached, this is more out of sheer curiosity, and the 'just in case' method of administration. there must be some other default that can be applied to the system partition, as far as NTFS goes, other than 'Everyone - Full Control'. I have my own ideas, but would like to see something that documents it. i'm sure i've run across such before but just didn't bookmark it.

Thanks for everyone's input, hope this clarifies a little.

Kris.
0
Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

 
LVL 20

Accepted Solution

by:
Debsyl99 earned 500 total points
ID: 12103524
Hi Kris

I think I understand now:

This is maybe what you're after

See Table 4.12 File and Folder Permission Settings id the following large document,
Microsoft Windows 2000 Security Hardening Guide
http://www.microsoft.com/technet/Security/prodtech/win2000/win2khg/05sconfg.mspx

Deb :))
0
 
LVL 22

Author Comment

by:kristinaw
ID: 12127625
ya, that one's pretty good Deb. Thanks!
0
 
LVL 20

Expert Comment

by:Debsyl99
ID: 12127680
No probs - Glad to help :))
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
In case you ever have to remove a faulty web part from a page , add the following to the end of the page url ?contents=1
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question