Home Directory Permissions Changed

Posted on 2012-09-13
Last Modified: 2012-10-31
We have restarted the Windows 2008 Storage based NAS we have last night and one of the folders with personal files in has had the everyone group added with permissions to read/write/etc.

The top level folder obviously has this right so people can see the top level folder, while only the user and the administrator have rights to the individual folders.

So now, the everyone group has been added with the same rights to each private folder.  We now have to manually go through and remove this right as doing at the top level and inheriting down the tree means the individual's rights are then removed.

Any ideas what could have caused this?
Question by:CaringIT
    LVL 21

    Expert Comment

    Sounds like someone did something they were not supposed to.
    Are there any other admins that have rights to change NTFS permission?
    This does not just happen automatically.
    LVL 5

    Accepted Solution


    Talking about groups, Everyone group is actually part of the Active Directory on a server that Exchange connects to. As Everyone group contains the Guest account, and several other Built-in security identifiers like LOCAL_SERVICE, NETWORK_SERVICE, etc. it is generally considered the least secure.

    When you grant the read or write permission to the Everyone group, all users and computer accounts, including domain controllers and anonymous users are able to enjoy that permission by default.

     If a user is part of the Everyone group and the Everyone group has administrator privileges, you can only restrict their rights, not their permissions. In this case, if the user is part of the Everyone group, they will have full (administrator) permissions. To avoid this situation, make another user or group an administrator and remove the administrator setting from the Everyone group. Then only the user or group specified will have full permissions and rights and Everyone else will have no permissions and Viewer rights, unless otherwise specified.

    Hope this information may help you.

    Kernel Recovery Tools

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    Installing a printer using group policy preferences is not that hard let’s take a look at it. First lets open up your group policy console and edit the policy you want to add it to. I recommend creating a new policy for each printer makes it a l…
    We recently had an issue where out of nowhere, end users started indicating that their logins to our terminal server were just showing a "blank screen." After checking the usual suspects -- profiles, shell=explorer.exe in the registry, userinit.exe,…
    This tutorial will give a short introduction and overview of Backup Exec 2014 and the additional features that have been added over its predecessor Backup Exec 2012. As with Backup Exec 2012, the Backup Exec button in the upper left corner. From her…
    This tutorial will walk an individual through the process of upgrading their existing Backup Exec 2012 to 2014. Either install the CD\DVD into the drive and let it auto-start, or browse to the drive and double-click the Browser file: Select the ap…

    758 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now