Everyone group in Windows 2003 server

Hello there,

I have a Windows 2003 file server that has a shared folder for users' access.
We have multiple users and they login to their local Windows with the same name ( HRUser) and password.
Each window(XP) has a mapped network drive to the shared folder of the server.
We do not have a Domain Controller.

My question is regarding 'Everyone' Group.
If I remove Everyone group from the share permission of the shared folder in the server, will it be safer?

Thanks for your time.
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

Jay_Jay70Connect With a Mentor Commented:
though saying that, yes its more secure, as you can just add users you want   - best practice is share permissions = everyone full control then narrow down the NTFS permissions on sub folders
your life will get extremely hard!
JOSHUABTAuthor Commented:
May I ask why my life will get extremely hard?
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

May I ask why you haven't made the Windows 2003 server a DC and then have everyone log into it?
Kevin HaysIT AnalystCommented:
Oh boy, amen on that Jay!

What Jay means is that if you take away the everyone group then you will have to have the users on the clients with passwords and the same clients on the server with the same passwords essentialy.  That is way too much overhead IMHO.  You could possibly use the "guest" account, but I still wouldn't do that.  My philosophy is that if people are not in my domain then I don't want them to get any network access to my main network.  This is a totally different situation though.

If you have more than 10 workstations then I would suggest moving to a domain if possible.
JOSHUABTAuthor Commented:
To ResourcePc : We don't have a Domain Controller because of the extra cost for the license. We do have CAL for all 50 users but I think Domain User License is more expensive than regular Windows CAL. Please correct me if I'm wrong.

TO kshays : All the client PCs use the same user name to login their Windows. So I don't have to create so many user accounts in the server.

Now, will my life be still extremely hard if I remove "Everyone" group from the share permission?

Thanks for your responses.
Kevin HaysIT AnalystCommented:

I would just test it and see.  For what may be hard or easy for me might be different for you.  Honestly I would just remove the group from the share and put in authenticated users instead and then lock them down or modify the ntfs permissions then test, test test :)

Thanks kev,

you should still be able to just add the one user to that share, but honestly, i would leave as is, security obviously isnt a huge thing for you or you would have a domain
All Courses

From novice to tech pro — start learning today.