Solved

Everyone Full Control

Posted on 2004-09-20
6
332 Views
Last Modified: 2010-04-14
I know the default in win2k is to have 'Everyone - Full Control' as the default for NTFS permissions, even on the system partition. I'd like to tighten this up and was wondering if anyone could provide links to some best practices papers, etc, with some recommendations for tightening this up. I'm not interested in using any of the default templates.

Thanks,
Kris.
0
Comment
Question by:kristinaw
  • 3
  • 2
6 Comments
 
LVL 15

Expert Comment

by:Yan_west
ID: 12102809
First of all, you got Share permission, and folder security.

Share permission= WHo can see the share.. You should remove everyone from there, and only put domain users.. you can even restrict it more.. but the minimum is domain users. Only administrators if you want the shares to be seen by admins..

Folder security is all depending on you.. Basicly,  for shared folders (by everyone), the security should be set at Modify.. not full control.. and you put the Domain users group in there.. You should also create groups for each department for further security fragmentation. Only the admin must have full control. All users should only have modify.. of even less. Depending on the desired security..
0
 
LVL 20

Expert Comment

by:Debsyl99
ID: 12102886
Hi
The key to this is being clear as to who needs access to which files and folders on the server.
NTFS Permissions
http://www.windowsitlibrary.com/Content/592/toc.html
Windows 2000 Permissions
http://www.comptechdoc.org/os/windows/win2k/win2kpermissions.html
Windows 2000 Security Checklist
http://labmice.techtarget.com/articles/securingwin2000.htm
0
 
LVL 22

Author Comment

by:kristinaw
ID: 12103069
thanks all, but i'm quite familiar with ntfs vs share permissions, how they work, etc.

Debs, the labmice article is a bit more ontrack with what i'm looking for. i'm not talking about a file server, so i'm not assigning permissions to resources. Physical security to the box is locked down, so there really isn't much of a threat that security will be breached, this is more out of sheer curiosity, and the 'just in case' method of administration. there must be some other default that can be applied to the system partition, as far as NTFS goes, other than 'Everyone - Full Control'. I have my own ideas, but would like to see something that documents it. i'm sure i've run across such before but just didn't bookmark it.

Thanks for everyone's input, hope this clarifies a little.

Kris.
0
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

 
LVL 20

Accepted Solution

by:
Debsyl99 earned 500 total points
ID: 12103524
Hi Kris

I think I understand now:

This is maybe what you're after

See Table 4.12 File and Folder Permission Settings id the following large document,
Microsoft Windows 2000 Security Hardening Guide
http://www.microsoft.com/technet/Security/prodtech/win2000/win2khg/05sconfg.mspx

Deb :))
0
 
LVL 22

Author Comment

by:kristinaw
ID: 12127625
ya, that one's pretty good Deb. Thanks!
0
 
LVL 20

Expert Comment

by:Debsyl99
ID: 12127680
No probs - Glad to help :))
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Some code to ensure data integrity when using macros within Excel. Also included code that helps secure your data within an Excel workbook.
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now