System Permissions

Archived from groups: microsoft.public.win2000.security (More info?)

Is there a best practice for NTFS permissions on the WINNT directory, the
Everyone group? If someone could lead me to a resource that would be great.
3 answers Last reply
More about system permissions
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    Assuming you do not need guest access to the computer or are using ancient
    legacy applications you can remove everyone group from the \winnt folder or
    at best give it read permissions. The link below is to NSA security guide
    and downloads. If you view their security templates [ .inf file downloads ]
    for workstation or server you will see that the everyone group is not
    included for permissions to the \winnt folder. --- Steve

    http://nsa1.www.conxion.com/win2k/download.htm

    "Rob" <Rob@discussions.microsoft.com> wrote in message
    news:8F47A5ED-0FCE-4336-B7AC-E4B41068CF25@microsoft.com...
    > Is there a best practice for NTFS permissions on the WINNT directory, the
    > Everyone group? If someone could lead me to a resource that would be
    > great.
  2. Archived from groups: microsoft.public.win2000.security (More info?)

    Is there any reason why the Users group is added to the systemroot
    permissions? It is only read and execute but I was just curious why that
    group is even included.

    Thanks

    "Steven L Umbach" wrote:

    > Assuming you do not need guest access to the computer or are using ancient
    > legacy applications you can remove everyone group from the \winnt folder or
    > at best give it read permissions. The link below is to NSA security guide
    > and downloads. If you view their security templates [ .inf file downloads ]
    > for workstation or server you will see that the everyone group is not
    > included for permissions to the \winnt folder. --- Steve
    >
    > http://nsa1.www.conxion.com/win2k/download.htm
    >
    > "Rob" <Rob@discussions.microsoft.com> wrote in message
    > news:8F47A5ED-0FCE-4336-B7AC-E4B41068CF25@microsoft.com...
    > > Is there a best practice for NTFS permissions on the WINNT directory, the
    > > Everyone group? If someone could lead me to a resource that would be
    > > great.
    >
    >
    >
  3. Archived from groups: microsoft.public.win2000.security (More info?)

    Because they need access to files in that folder structure to logon, have
    policies applied, and run applications. Explorer.exe for instance is
    located in the \winnt folder. If you use the free filemon utility from
    SysInternals you can see what files are accessed by a user. Taskmanger can
    show processes owned by the user and the associated executable. --- Steve


    "Rob" <Rob@discussions.microsoft.com> wrote in message
    news:50F5BD55-97F6-4F70-ACF6-59B9090658DF@microsoft.com...
    > Is there any reason why the Users group is added to the systemroot
    > permissions? It is only read and execute but I was just curious why that
    > group is even included.
    >
    > Thanks
    >
    > "Steven L Umbach" wrote:
    >
    >> Assuming you do not need guest access to the computer or are using
    >> ancient
    >> legacy applications you can remove everyone group from the \winnt folder
    >> or
    >> at best give it read permissions. The link below is to NSA security guide
    >> and downloads. If you view their security templates [ .inf file
    >> downloads ]
    >> for workstation or server you will see that the everyone group is not
    >> included for permissions to the \winnt folder. --- Steve
    >>
    >> http://nsa1.www.conxion.com/win2k/download.htm
    >>
    >> "Rob" <Rob@discussions.microsoft.com> wrote in message
    >> news:8F47A5ED-0FCE-4336-B7AC-E4B41068CF25@microsoft.com...
    >> > Is there a best practice for NTFS permissions on the WINNT directory,
    >> > the
    >> > Everyone group? If someone could lead me to a resource that would be
    >> > great.
    >>
    >>
    >>
Ask a new question

Read More

Security Microsoft Permissions Windows