Everyone Full Control

I know the default in win2k is to have 'Everyone - Full Control' as the default for NTFS permissions, even on the system partition. I'd like to tighten this up and was wondering if anyone could provide links to some best practices papers, etc, with some recommendations for tightening this up. I'm not interested in using any of the default templates.

Thanks,
Kris.
LVL 22
kristinawAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Debsyl99Connect With a Mentor Commented:
Hi Kris

I think I understand now:

This is maybe what you're after

See Table 4.12 File and Folder Permission Settings id the following large document,
Microsoft Windows 2000 Security Hardening Guide
http://www.microsoft.com/technet/Security/prodtech/win2000/win2khg/05sconfg.mspx

Deb :))
0
 
Yan_westCommented:
First of all, you got Share permission, and folder security.

Share permission= WHo can see the share.. You should remove everyone from there, and only put domain users.. you can even restrict it more.. but the minimum is domain users. Only administrators if you want the shares to be seen by admins..

Folder security is all depending on you.. Basicly,  for shared folders (by everyone), the security should be set at Modify.. not full control.. and you put the Domain users group in there.. You should also create groups for each department for further security fragmentation. Only the admin must have full control. All users should only have modify.. of even less. Depending on the desired security..
0
 
Debsyl99Commented:
Hi
The key to this is being clear as to who needs access to which files and folders on the server.
NTFS Permissions
http://www.windowsitlibrary.com/Content/592/toc.html
Windows 2000 Permissions
http://www.comptechdoc.org/os/windows/win2k/win2kpermissions.html
Windows 2000 Security Checklist
http://labmice.techtarget.com/articles/securingwin2000.htm
0
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
kristinawAuthor Commented:
thanks all, but i'm quite familiar with ntfs vs share permissions, how they work, etc.

Debs, the labmice article is a bit more ontrack with what i'm looking for. i'm not talking about a file server, so i'm not assigning permissions to resources. Physical security to the box is locked down, so there really isn't much of a threat that security will be breached, this is more out of sheer curiosity, and the 'just in case' method of administration. there must be some other default that can be applied to the system partition, as far as NTFS goes, other than 'Everyone - Full Control'. I have my own ideas, but would like to see something that documents it. i'm sure i've run across such before but just didn't bookmark it.

Thanks for everyone's input, hope this clarifies a little.

Kris.
0
 
kristinawAuthor Commented:
ya, that one's pretty good Deb. Thanks!
0
 
Debsyl99Commented:
No probs - Glad to help :))
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.