System Permissions
Last response: in Windows 2000/NT
Archived from groups: microsoft.public.win2000.security (More info?)
Is there a best practice for NTFS permissions on the WINNT directory, the
Everyone group? If someone could lead me to a resource that would be great.
Is there a best practice for NTFS permissions on the WINNT directory, the
Everyone group? If someone could lead me to a resource that would be great.
More about : system permissions
Archived from groups: microsoft.public.win2000.security (More info?)
Assuming you do not need guest access to the computer or are using ancient
legacy applications you can remove everyone group from the \winnt folder or
at best give it read permissions. The link below is to NSA security guide
and downloads. If you view their security templates [ .inf file downloads ]
for workstation or server you will see that the everyone group is not
included for permissions to the \winnt folder. --- Steve
http://nsa1.www.conxion.com/win2k/download.htm
"Rob" <Rob@discussions.microsoft.com> wrote in message
news:8F47A5ED-0FCE-4336-B7AC-E4B41068CF25@microsoft.com...
> Is there a best practice for NTFS permissions on the WINNT directory, the
> Everyone group? If someone could lead me to a resource that would be
> great.
Assuming you do not need guest access to the computer or are using ancient
legacy applications you can remove everyone group from the \winnt folder or
at best give it read permissions. The link below is to NSA security guide
and downloads. If you view their security templates [ .inf file downloads ]
for workstation or server you will see that the everyone group is not
included for permissions to the \winnt folder. --- Steve
http://nsa1.www.conxion.com/win2k/download.htm
"Rob" <Rob@discussions.microsoft.com> wrote in message
news:8F47A5ED-0FCE-4336-B7AC-E4B41068CF25@microsoft.com...
> Is there a best practice for NTFS permissions on the WINNT directory, the
> Everyone group? If someone could lead me to a resource that would be
> great.
Archived from groups: microsoft.public.win2000.security (More info?)
Is there any reason why the Users group is added to the systemroot
permissions? It is only read and execute but I was just curious why that
group is even included.
Thanks
"Steven L Umbach" wrote:
> Assuming you do not need guest access to the computer or are using ancient
> legacy applications you can remove everyone group from the \winnt folder or
> at best give it read permissions. The link below is to NSA security guide
> and downloads. If you view their security templates [ .inf file downloads ]
> for workstation or server you will see that the everyone group is not
> included for permissions to the \winnt folder. --- Steve
>
> http://nsa1.www.conxion.com/win2k/download.htm
>
> "Rob" <Rob@discussions.microsoft.com> wrote in message
> news:8F47A5ED-0FCE-4336-B7AC-E4B41068CF25@microsoft.com...
> > Is there a best practice for NTFS permissions on the WINNT directory, the
> > Everyone group? If someone could lead me to a resource that would be
> > great.
>
>
>
Is there any reason why the Users group is added to the systemroot
permissions? It is only read and execute but I was just curious why that
group is even included.
Thanks
"Steven L Umbach" wrote:
> Assuming you do not need guest access to the computer or are using ancient
> legacy applications you can remove everyone group from the \winnt folder or
> at best give it read permissions. The link below is to NSA security guide
> and downloads. If you view their security templates [ .inf file downloads ]
> for workstation or server you will see that the everyone group is not
> included for permissions to the \winnt folder. --- Steve
>
> http://nsa1.www.conxion.com/win2k/download.htm
>
> "Rob" <Rob@discussions.microsoft.com> wrote in message
> news:8F47A5ED-0FCE-4336-B7AC-E4B41068CF25@microsoft.com...
> > Is there a best practice for NTFS permissions on the WINNT directory, the
> > Everyone group? If someone could lead me to a resource that would be
> > great.
>
>
>
Archived from groups: microsoft.public.win2000.security (More info?)
Because they need access to files in that folder structure to logon, have
policies applied, and run applications. Explorer.exe for instance is
located in the \winnt folder. If you use the free filemon utility from
SysInternals you can see what files are accessed by a user. Taskmanger can
show processes owned by the user and the associated executable. --- Steve
"Rob" <Rob@discussions.microsoft.com> wrote in message
news:50F5BD55-97F6-4F70-ACF6-59B9090658DF@microsoft.com...
> Is there any reason why the Users group is added to the systemroot
> permissions? It is only read and execute but I was just curious why that
> group is even included.
>
> Thanks
>
> "Steven L Umbach" wrote:
>
>> Assuming you do not need guest access to the computer or are using
>> ancient
>> legacy applications you can remove everyone group from the \winnt folder
>> or
>> at best give it read permissions. The link below is to NSA security guide
>> and downloads. If you view their security templates [ .inf file
>> downloads ]
>> for workstation or server you will see that the everyone group is not
>> included for permissions to the \winnt folder. --- Steve
>>
>> http://nsa1.www.conxion.com/win2k/download.htm
>>
>> "Rob" <Rob@discussions.microsoft.com> wrote in message
>> news:8F47A5ED-0FCE-4336-B7AC-E4B41068CF25@microsoft.com...
>> > Is there a best practice for NTFS permissions on the WINNT directory,
>> > the
>> > Everyone group? If someone could lead me to a resource that would be
>> > great.
>>
>>
>>
Because they need access to files in that folder structure to logon, have
policies applied, and run applications. Explorer.exe for instance is
located in the \winnt folder. If you use the free filemon utility from
SysInternals you can see what files are accessed by a user. Taskmanger can
show processes owned by the user and the associated executable. --- Steve
"Rob" <Rob@discussions.microsoft.com> wrote in message
news:50F5BD55-97F6-4F70-ACF6-59B9090658DF@microsoft.com...
> Is there any reason why the Users group is added to the systemroot
> permissions? It is only read and execute but I was just curious why that
> group is even included.
>
> Thanks
>
> "Steven L Umbach" wrote:
>
>> Assuming you do not need guest access to the computer or are using
>> ancient
>> legacy applications you can remove everyone group from the \winnt folder
>> or
>> at best give it read permissions. The link below is to NSA security guide
>> and downloads. If you view their security templates [ .inf file
>> downloads ]
>> for workstation or server you will see that the everyone group is not
>> included for permissions to the \winnt folder. --- Steve
>>
>> http://nsa1.www.conxion.com/win2k/download.htm
>>
>> "Rob" <Rob@discussions.microsoft.com> wrote in message
>> news:8F47A5ED-0FCE-4336-B7AC-E4B41068CF25@microsoft.com...
>> > Is there a best practice for NTFS permissions on the WINNT directory,
>> > the
>> > Everyone group? If someone could lead me to a resource that would be
>> > great.
>>
>>
>>
Related ressources:
- Forum[SOLVED] MSI/Installshield Permissions Issues
- ForumCannot Edit Permissions for Windows 8 Registry Key
- ForumFolder permissions - I want to do what I want with my files!
- ForumRestore default security permissions for the hard disk partitions
- ForumFile System permissions
- ForumCan permissions on the Local System account be changed?
- ForumHow to allow user permissions over system folders
- Forumsystem administrator by default in permissions ?
- ForumMS Access and System DSN permissions
- ForumSystem 32 permissions
- ForumSetting up GPO to assign file system permissions
- ForumHome networking with different permissions
- ForumPermissions , ownership and an undeletable folder
- ForumPermissions
- ForumAuthenticated Users' NTFS Permissions
- ForumAre External Drives Affected by Write Permissions ?
- ForumInstall/uninstall failing, some MS Updates fail. Permissions issue
- ForumParallel and com ports not appearing in device manager
- ForumPermissions on a removable media
- ForumSystem Administrator access to domain controllers
- More resources
!
