It is frustrating to me that I can not get a clear answer from Microsoft on what the default permissions should be at the root volume of any of there OS's. After a volume is formatted as NTFS, the everyone group is given full rights. I know this is not good security. What should it be? I have added the Administrator's group and given them full rights and reduce the Everyone Group to Read & Execute, List Folder Contents and Read. Should this group be removed and replaced with Authenticated Users group, or Users or Domain Users. What is the BEST Practice?