Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1676
  • Last Modified:

Everyone group in Windows 2003 server

Hello there,

I have a Windows 2003 file server that has a shared folder for users' access.
We have multiple users and they login to their local Windows with the same name ( HRUser) and password.
Each window(XP) has a mapped network drive to the shared folder of the server.
We do not have a Domain Controller.

My question is regarding 'Everyone' Group.
If I remove Everyone group from the share permission of the shared folder in the server, will it be safer?

Thanks for your time.
0
JOSHUABT
Asked:
JOSHUABT
  • 3
  • 2
  • 2
  • +1
1 Solution
 
Jay_Jay70Commented:
your life will get extremely hard!
0
 
Jay_Jay70Commented:
though saying that, yes its more secure, as you can just add users you want   - best practice is share permissions = everyone full control then narrow down the NTFS permissions on sub folders
0
 
JOSHUABTAuthor Commented:
May I ask why my life will get extremely hard?
0
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

 
resourcepcCommented:
May I ask why you haven't made the Windows 2003 server a DC and then have everyone log into it?
0
 
Kevin HaysIT AnalystCommented:
Oh boy, amen on that Jay!

What Jay means is that if you take away the everyone group then you will have to have the users on the clients with passwords and the same clients on the server with the same passwords essentialy.  That is way too much overhead IMHO.  You could possibly use the "guest" account, but I still wouldn't do that.  My philosophy is that if people are not in my domain then I don't want them to get any network access to my main network.  This is a totally different situation though.

If you have more than 10 workstations then I would suggest moving to a domain if possible.
0
 
JOSHUABTAuthor Commented:
To ResourcePc : We don't have a Domain Controller because of the extra cost for the license. We do have CAL for all 50 users but I think Domain User License is more expensive than regular Windows CAL. Please correct me if I'm wrong.

TO kshays : All the client PCs use the same user name to login their Windows. So I don't have to create so many user accounts in the server.

Now, will my life be still extremely hard if I remove "Everyone" group from the share permission?

Thanks for your responses.
0
 
Kevin HaysIT AnalystCommented:
Ok.

I would just test it and see.  For what may be hard or easy for me might be different for you.  Honestly I would just remove the group from the share and put in authenticated users instead and then lock them down or modify the ntfs permissions then test, test test :)

Kevin
0
 
Jay_Jay70Commented:
Thanks kev,

you should still be able to just add the one user to that share, but honestly, i would leave as is, security obviously isnt a huge thing for you or you would have a domain
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now