Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Harden User Group and System Folder

Posted on 2011-03-11
5
Medium Priority
?
289 Views
Last Modified: 2013-11-05
I want to harden the security settings at a member server. Domain trusts are applied.

At the Users local group except domain users, I have:
NT Authority/INTERACTIVE
NT Authority/Authenticated Users
Can I remove these groups? There will be a problem?

Finally, Creator Owner has Full Control at the %systemroot%\repair folder.
As far as i know this is a default setting. Can I also remove it? What this perimssion does at the above folder?
0
Comment
Question by:darkbluegr
  • 2
  • 2
5 Comments
 
LVL 30

Accepted Solution

by:
Randy Downs earned 40 total points
ID: 35108921
I wouldn't remove any of those. Just make sure that only specific users have access to your shares. Try accessing them with someone not it the group you grant access to.

You could also deny access to users which would override any other privileges.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 35109024
Both of these groups should stay:

NT Authority/INTERACTIVE
NT Authority/Authenticated Users


Creator Owner should stay as well this allows whoever created a file and\or folder in the folder to access that data including the system.
0
 

Author Comment

by:darkbluegr
ID: 35112252
1. All the users that I want to login locally and physically belong to a group, Domain Users and that group is assigned to the Users local group. So what's the need to also have NT Authority/INTERACTIVE?

2. NT Authority/Authenticated Users from this group are assigned in order to login to the domain, users from the trust domain? I'm I right?

3.BULTIN\Administrators have already Full Control to the %systemroot%\repair folder. So what's the need to also have Creator Owner?
0
 
LVL 30

Expert Comment

by:Randy Downs
ID: 35112328
Those are generated by the system. It's not users that you are trying to lock out. If you lock out NT the system could quit working.
http://technet.microsoft.com/en-us/library/bb457115.aspx

For example, on a clean installation of Windows XP Professional, whoami used with the /GROUPS option reveals that an Administrator user belongs to the following default groups:

Everyone
Builtin/Administrators
NT Authority/Users
Local
NT Authority/Interactive
NT Authority/Authenticated Users
0
 

Author Closing Comment

by:darkbluegr
ID: 35157282
Provided solution didn't covered the full scope of the question
0

Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
Learn about cloud computing and its benefits for small business owners.
this video summaries big data hadoop online training demo (http://onlineitguru.com/big-data-hadoop-online-training-placement.html) , and covers basics in big data hadoop .
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question