I am doing a review of permissions on a file server. There is a file share crated for a specific department for arguments sake we can say this is \\fileserver\department - when analysing permissions, at share ACL the admin has granted the NT AUTHORITY\Authenticated Users 'Full' permissions, and on the directory ACL they have given NT AUTHORITY\Authenticated Users Read, Write, Execute and the concerning one being "Delete". These are taken from an MBSA scan of the server.
Within \\fileserver\department\ there are numerous sub-directories, e.g. \\fileserver\department\team1 \\fileserver\department\team2 - a quick scan of permissions set at this child levels show they don't inherit the permissions set at \\fileserver\department - which is good from a data security perspective, as they are configured in such a way that they restrict access to only specific groups.
Where my concern is, that I am trying to determine if I am correct or not to be alarmed, is if NT AUTHORITY\Authenticated Users has delete permissions at the root level, e.g. \\fileserver\department level – could they just delete the sub-directories, e.g \\fileserver\department\team1 \\fileserver\department\team2 - or not? Does the fact the permissions on folders such as \\fileserver\department\team1 are more restrictive make my concerns that the NT AUTHORITY\Authenticated Users group has delete permissions at the root level less of an issue.