Solved

Harden User Group and System Folder

Posted on 2011-03-11
5
287 Views
Last Modified: 2013-11-05
I want to harden the security settings at a member server. Domain trusts are applied.

At the Users local group except domain users, I have:
NT Authority/INTERACTIVE
NT Authority/Authenticated Users
Can I remove these groups? There will be a problem?

Finally, Creator Owner has Full Control at the %systemroot%\repair folder.
As far as i know this is a default setting. Can I also remove it? What this perimssion does at the above folder?
0
Comment
Question by:darkbluegr
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 30

Accepted Solution

by:
Randy Downs earned 20 total points
ID: 35108921
I wouldn't remove any of those. Just make sure that only specific users have access to your shares. Try accessing them with someone not it the group you grant access to.

You could also deny access to users which would override any other privileges.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 35109024
Both of these groups should stay:

NT Authority/INTERACTIVE
NT Authority/Authenticated Users


Creator Owner should stay as well this allows whoever created a file and\or folder in the folder to access that data including the system.
0
 

Author Comment

by:darkbluegr
ID: 35112252
1. All the users that I want to login locally and physically belong to a group, Domain Users and that group is assigned to the Users local group. So what's the need to also have NT Authority/INTERACTIVE?

2. NT Authority/Authenticated Users from this group are assigned in order to login to the domain, users from the trust domain? I'm I right?

3.BULTIN\Administrators have already Full Control to the %systemroot%\repair folder. So what's the need to also have Creator Owner?
0
 
LVL 30

Expert Comment

by:Randy Downs
ID: 35112328
Those are generated by the system. It's not users that you are trying to lock out. If you lock out NT the system could quit working.
http://technet.microsoft.com/en-us/library/bb457115.aspx

For example, on a clean installation of Windows XP Professional, whoami used with the /GROUPS option reveals that an Administrator user belongs to the following default groups:

Everyone
Builtin/Administrators
NT Authority/Users
Local
NT Authority/Interactive
NT Authority/Authenticated Users
0
 

Author Closing Comment

by:darkbluegr
ID: 35157282
Provided solution didn't covered the full scope of the question
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
In this video, viewers will be given step by step instructions on adjusting mouse, pointer and cursor visibility in Microsoft Windows 10. The video seeks to educate those who are struggling with the new Windows 10 Graphical User Interface. Change Cu…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question