Solved

Everyone Full Control

Posted on 2004-09-20
6
336 Views
Last Modified: 2010-04-14
I know the default in win2k is to have 'Everyone - Full Control' as the default for NTFS permissions, even on the system partition. I'd like to tighten this up and was wondering if anyone could provide links to some best practices papers, etc, with some recommendations for tightening this up. I'm not interested in using any of the default templates.

Thanks,
Kris.
0
Comment
Question by:kristinaw
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 15

Expert Comment

by:Yan_west
ID: 12102809
First of all, you got Share permission, and folder security.

Share permission= WHo can see the share.. You should remove everyone from there, and only put domain users.. you can even restrict it more.. but the minimum is domain users. Only administrators if you want the shares to be seen by admins..

Folder security is all depending on you.. Basicly,  for shared folders (by everyone), the security should be set at Modify.. not full control.. and you put the Domain users group in there.. You should also create groups for each department for further security fragmentation. Only the admin must have full control. All users should only have modify.. of even less. Depending on the desired security..
0
 
LVL 20

Expert Comment

by:Debsyl99
ID: 12102886
Hi
The key to this is being clear as to who needs access to which files and folders on the server.
NTFS Permissions
http://www.windowsitlibrary.com/Content/592/toc.html
Windows 2000 Permissions
http://www.comptechdoc.org/os/windows/win2k/win2kpermissions.html
Windows 2000 Security Checklist
http://labmice.techtarget.com/articles/securingwin2000.htm
0
 
LVL 22

Author Comment

by:kristinaw
ID: 12103069
thanks all, but i'm quite familiar with ntfs vs share permissions, how they work, etc.

Debs, the labmice article is a bit more ontrack with what i'm looking for. i'm not talking about a file server, so i'm not assigning permissions to resources. Physical security to the box is locked down, so there really isn't much of a threat that security will be breached, this is more out of sheer curiosity, and the 'just in case' method of administration. there must be some other default that can be applied to the system partition, as far as NTFS goes, other than 'Everyone - Full Control'. I have my own ideas, but would like to see something that documents it. i'm sure i've run across such before but just didn't bookmark it.

Thanks for everyone's input, hope this clarifies a little.

Kris.
0
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

 
LVL 20

Accepted Solution

by:
Debsyl99 earned 500 total points
ID: 12103524
Hi Kris

I think I understand now:

This is maybe what you're after

See Table 4.12 File and Folder Permission Settings id the following large document,
Microsoft Windows 2000 Security Hardening Guide
http://www.microsoft.com/technet/Security/prodtech/win2000/win2khg/05sconfg.mspx

Deb :))
0
 
LVL 22

Author Comment

by:kristinaw
ID: 12127625
ya, that one's pretty good Deb. Thanks!
0
 
LVL 20

Expert Comment

by:Debsyl99
ID: 12127680
No probs - Glad to help :))
0

Featured Post

How Blockchain Is Impacting Every Industry

Blockchain expert Alex Tapscott talks to Acronis VP Frank Jablonski about this revolutionary technology and how it's making inroads into other industries and facets of everyday life.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
There are times when I have encountered the need to decompress a response from a PHP request. This is how it's done, but you must have control of the request and you can set the Accept-Encoding header.
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question