Solved

Harden User Group and System Folder

Posted on 2011-03-11
5
284 Views
Last Modified: 2013-11-05
I want to harden the security settings at a member server. Domain trusts are applied.

At the Users local group except domain users, I have:
NT Authority/INTERACTIVE
NT Authority/Authenticated Users
Can I remove these groups? There will be a problem?

Finally, Creator Owner has Full Control at the %systemroot%\repair folder.
As far as i know this is a default setting. Can I also remove it? What this perimssion does at the above folder?
0
Comment
Question by:darkbluegr
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 30

Accepted Solution

by:
Randy Downs earned 20 total points
ID: 35108921
I wouldn't remove any of those. Just make sure that only specific users have access to your shares. Try accessing them with someone not it the group you grant access to.

You could also deny access to users which would override any other privileges.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 35109024
Both of these groups should stay:

NT Authority/INTERACTIVE
NT Authority/Authenticated Users


Creator Owner should stay as well this allows whoever created a file and\or folder in the folder to access that data including the system.
0
 

Author Comment

by:darkbluegr
ID: 35112252
1. All the users that I want to login locally and physically belong to a group, Domain Users and that group is assigned to the Users local group. So what's the need to also have NT Authority/INTERACTIVE?

2. NT Authority/Authenticated Users from this group are assigned in order to login to the domain, users from the trust domain? I'm I right?

3.BULTIN\Administrators have already Full Control to the %systemroot%\repair folder. So what's the need to also have Creator Owner?
0
 
LVL 30

Expert Comment

by:Randy Downs
ID: 35112328
Those are generated by the system. It's not users that you are trying to lock out. If you lock out NT the system could quit working.
http://technet.microsoft.com/en-us/library/bb457115.aspx

For example, on a clean installation of Windows XP Professional, whoami used with the /GROUPS option reveals that an Administrator user belongs to the following default groups:

Everyone
Builtin/Administrators
NT Authority/Users
Local
NT Authority/Interactive
NT Authority/Authenticated Users
0
 

Author Closing Comment

by:darkbluegr
ID: 35157282
Provided solution didn't covered the full scope of the question
0

Featured Post

SharePoint Admin?

Enable Your Employees To Focus On The Core With Intuitive Onscreen Guidance That is With You At The Moment of Need.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
GPO Access denied in AD 12 72
Best practices power settings GPO Win 10 4 124
File Server Migration from 2003 to 2008R2 3 102
Unexpected Windows system folders on D drive 16 112
I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question