Solved

Harden User Group and System Folder

Posted on 2011-03-11
5
282 Views
Last Modified: 2013-11-05
I want to harden the security settings at a member server. Domain trusts are applied.

At the Users local group except domain users, I have:
NT Authority/INTERACTIVE
NT Authority/Authenticated Users
Can I remove these groups? There will be a problem?

Finally, Creator Owner has Full Control at the %systemroot%\repair folder.
As far as i know this is a default setting. Can I also remove it? What this perimssion does at the above folder?
0
Comment
Question by:darkbluegr
  • 2
  • 2
5 Comments
 
LVL 29

Accepted Solution

by:
Randy Downs earned 20 total points
ID: 35108921
I wouldn't remove any of those. Just make sure that only specific users have access to your shares. Try accessing them with someone not it the group you grant access to.

You could also deny access to users which would override any other privileges.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 35109024
Both of these groups should stay:

NT Authority/INTERACTIVE
NT Authority/Authenticated Users


Creator Owner should stay as well this allows whoever created a file and\or folder in the folder to access that data including the system.
0
 

Author Comment

by:darkbluegr
ID: 35112252
1. All the users that I want to login locally and physically belong to a group, Domain Users and that group is assigned to the Users local group. So what's the need to also have NT Authority/INTERACTIVE?

2. NT Authority/Authenticated Users from this group are assigned in order to login to the domain, users from the trust domain? I'm I right?

3.BULTIN\Administrators have already Full Control to the %systemroot%\repair folder. So what's the need to also have Creator Owner?
0
 
LVL 29

Expert Comment

by:Randy Downs
ID: 35112328
Those are generated by the system. It's not users that you are trying to lock out. If you lock out NT the system could quit working.
http://technet.microsoft.com/en-us/library/bb457115.aspx

For example, on a clean installation of Windows XP Professional, whoami used with the /GROUPS option reveals that an Administrator user belongs to the following default groups:

Everyone
Builtin/Administrators
NT Authority/Users
Local
NT Authority/Interactive
NT Authority/Authenticated Users
0
 

Author Closing Comment

by:darkbluegr
ID: 35157282
Provided solution didn't covered the full scope of the question
0

Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Preface Having the need * to contact many different companies with different infrastructures * do remote maintenance in their network required us to implement a more flexible routing solution. As RAS, PPTP, L2TP and VPN Client connections are no…
I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question