What should be the permissions at the root level of W2K and W2K3 Servers?

Posted on 2005-04-15
Last Modified: 2010-04-18
It is frustrating to me that I can not get a clear answer from Microsoft on what the default permissions should be at the root volume of any of there OS's. After a volume is formatted as NTFS, the everyone group is given full rights. I know this is not good security. What should it be? I have added the Administrator's group and given them full rights and reduce the Everyone Group to Read & Execute, List Folder Contents and Read. Should this group be removed and replaced with Authenticated Users group, or Users or Domain Users. What is the BEST Practice?
Question by:habanagold
    LVL 9

    Expert Comment

    Personally i do what you have done. I do try to eliminate the everyone group.
    LVL 1

    Author Comment

    Do you know of a best practice for this. Would you remove the everyone group and use the Authenticated Users?
    LVL 9

    Accepted Solution

    To make changes in security is always a tricky thing since there are so many things that can play a role in what you do. As I said earlier I try to eliminate permissions for the everyone group wherever possible, but I would not remove the group. As you suggested to put Authenticated users instead of everyone is a good choice unless it is an area where you know you want to be more restrictive.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    It is a known fact that servers reach the end of their lives. Some get there quicker than others, based on age, manufacturer, usage and several other factors. However, if your organization has spent time deploying Microsoft's Active Directory server…
    Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
    This video is in connection to the article "The case of a missing mobile phone (". It will help one to understand clearly the steps to track a lost android phone.
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now