Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Harden User Group and System Folder

Posted on 2011-03-11
5
Medium Priority
?
288 Views
Last Modified: 2013-11-05
I want to harden the security settings at a member server. Domain trusts are applied.

At the Users local group except domain users, I have:
NT Authority/INTERACTIVE
NT Authority/Authenticated Users
Can I remove these groups? There will be a problem?

Finally, Creator Owner has Full Control at the %systemroot%\repair folder.
As far as i know this is a default setting. Can I also remove it? What this perimssion does at the above folder?
0
Comment
Question by:darkbluegr
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 30

Accepted Solution

by:
Randy Downs earned 40 total points
ID: 35108921
I wouldn't remove any of those. Just make sure that only specific users have access to your shares. Try accessing them with someone not it the group you grant access to.

You could also deny access to users which would override any other privileges.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 35109024
Both of these groups should stay:

NT Authority/INTERACTIVE
NT Authority/Authenticated Users


Creator Owner should stay as well this allows whoever created a file and\or folder in the folder to access that data including the system.
0
 

Author Comment

by:darkbluegr
ID: 35112252
1. All the users that I want to login locally and physically belong to a group, Domain Users and that group is assigned to the Users local group. So what's the need to also have NT Authority/INTERACTIVE?

2. NT Authority/Authenticated Users from this group are assigned in order to login to the domain, users from the trust domain? I'm I right?

3.BULTIN\Administrators have already Full Control to the %systemroot%\repair folder. So what's the need to also have Creator Owner?
0
 
LVL 30

Expert Comment

by:Randy Downs
ID: 35112328
Those are generated by the system. It's not users that you are trying to lock out. If you lock out NT the system could quit working.
http://technet.microsoft.com/en-us/library/bb457115.aspx

For example, on a clean installation of Windows XP Professional, whoami used with the /GROUPS option reveals that an Administrator user belongs to the following default groups:

Everyone
Builtin/Administrators
NT Authority/Users
Local
NT Authority/Interactive
NT Authority/Authenticated Users
0
 

Author Closing Comment

by:darkbluegr
ID: 35157282
Provided solution didn't covered the full scope of the question
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question