Sign in with
Sign up | Sign in
Your question

System Permissions

Last response: in Windows 2000/NT
Share
October 19, 2004 1:49:05 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Is there a best practice for NTFS permissions on the WINNT directory, the
Everyone group? If someone could lead me to a resource that would be great.

More about : system permissions

Anonymous
a b 8 Security
October 19, 2004 10:44:14 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Assuming you do not need guest access to the computer or are using ancient
legacy applications you can remove everyone group from the \winnt folder or
at best give it read permissions. The link below is to NSA security guide
and downloads. If you view their security templates [ .inf file downloads ]
for workstation or server you will see that the everyone group is not
included for permissions to the \winnt folder. --- Steve

http://nsa1.www.conxion.com/win2k/download.htm

"Rob" <Rob@discussions.microsoft.com> wrote in message
news:8F47A5ED-0FCE-4336-B7AC-E4B41068CF25@microsoft.com...
> Is there a best practice for NTFS permissions on the WINNT directory, the
> Everyone group? If someone could lead me to a resource that would be
> great.
October 19, 2004 10:44:15 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Is there any reason why the Users group is added to the systemroot
permissions? It is only read and execute but I was just curious why that
group is even included.

Thanks

"Steven L Umbach" wrote:

> Assuming you do not need guest access to the computer or are using ancient
> legacy applications you can remove everyone group from the \winnt folder or
> at best give it read permissions. The link below is to NSA security guide
> and downloads. If you view their security templates [ .inf file downloads ]
> for workstation or server you will see that the everyone group is not
> included for permissions to the \winnt folder. --- Steve
>
> http://nsa1.www.conxion.com/win2k/download.htm
>
> "Rob" <Rob@discussions.microsoft.com> wrote in message
> news:8F47A5ED-0FCE-4336-B7AC-E4B41068CF25@microsoft.com...
> > Is there a best practice for NTFS permissions on the WINNT directory, the
> > Everyone group? If someone could lead me to a resource that would be
> > great.
>
>
>
Anonymous
a b 8 Security
October 20, 2004 4:22:50 AM

Archived from groups: microsoft.public.win2000.security (More info?)

Because they need access to files in that folder structure to logon, have
policies applied, and run applications. Explorer.exe for instance is
located in the \winnt folder. If you use the free filemon utility from
SysInternals you can see what files are accessed by a user. Taskmanger can
show processes owned by the user and the associated executable. --- Steve



"Rob" <Rob@discussions.microsoft.com> wrote in message
news:50F5BD55-97F6-4F70-ACF6-59B9090658DF@microsoft.com...
> Is there any reason why the Users group is added to the systemroot
> permissions? It is only read and execute but I was just curious why that
> group is even included.
>
> Thanks
>
> "Steven L Umbach" wrote:
>
>> Assuming you do not need guest access to the computer or are using
>> ancient
>> legacy applications you can remove everyone group from the \winnt folder
>> or
>> at best give it read permissions. The link below is to NSA security guide
>> and downloads. If you view their security templates [ .inf file
>> downloads ]
>> for workstation or server you will see that the everyone group is not
>> included for permissions to the \winnt folder. --- Steve
>>
>> http://nsa1.www.conxion.com/win2k/download.htm
>>
>> "Rob" <Rob@discussions.microsoft.com> wrote in message
>> news:8F47A5ED-0FCE-4336-B7AC-E4B41068CF25@microsoft.com...
>> > Is there a best practice for NTFS permissions on the WINNT directory,
>> > the
>> > Everyone group? If someone could lead me to a resource that would be
>> > great.
>>
>>
>>
!