NTFS & Share permissions

Archived from groups: microsoft.public.win2000.security (More info?)

Hi everybody,

When a logical drive is setup, by default the Everyone group has full
control (NTFS). I read somewhere that it was best to remove the Everyone
group and replace with the Authenticated Users group. Before I go romping
around and making this change on all my servers logical drives, can someone
confirm this or otherwise make recommendations? I also read that when
creating a security structure with share & ntfs permissions, to use share
permissions sparingly, but use ntfs to secure folders.

Any input would be appreciated.

Chris
3 answers Last reply
More about ntfs share permissions
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    Share and ntfs permissions work together to restrict network user access to
    a share. Both should be no more than is needed. Of course ntfs permissions
    are much more granular. If a user needs to write to a share you have no
    choice but to give that user/group change permissions to the share but if
    you don't want them to delete files you can give them
    read/list/execute/write ntfs permissions.

    It is generally safe to replace everyone with authenticated users and to
    change permissions for either down from full control. Everyone access can be
    more convenient if you need to give permissions to users in a trusted domain
    also. The big danger with everyone permissions is if both the share and ntfs
    permissions include the everyone group and the guest account is enabled then
    everyone indeed [without authentication] can access the share. The NSA
    security guides use authenticated users instead of everyone for users for
    access permissions. --- Steve


    "C Hall" <someone@novell.com> wrote in message
    news:OcTtXpt3EHA.4028@TK2MSFTNGP15.phx.gbl...
    > Hi everybody,
    >
    > When a logical drive is setup, by default the Everyone group has full
    > control (NTFS). I read somewhere that it was best to remove the Everyone
    > group and replace with the Authenticated Users group. Before I go romping
    > around and making this change on all my servers logical drives, can
    > someone
    > confirm this or otherwise make recommendations? I also read that when
    > creating a security structure with share & ntfs permissions, to use share
    > permissions sparingly, but use ntfs to secure folders.
    >
    > Any input would be appreciated.
    >
    > Chris
    >
    >
  2. Archived from groups: microsoft.public.win2000.security (More info?)

    Remember that NT Share permissions only work if accessed via the network. In
    combination with NTFS permissions, you should be able to achieve what you
    need (both access locally and remotely).


    "C Hall" wrote:

    > Hi everybody,
    >
    > When a logical drive is setup, by default the Everyone group has full
    > control (NTFS). I read somewhere that it was best to remove the Everyone
    > group and replace with the Authenticated Users group. Before I go romping
    > around and making this change on all my servers logical drives, can someone
    > confirm this or otherwise make recommendations? I also read that when
    > creating a security structure with share & ntfs permissions, to use share
    > permissions sparingly, but use ntfs to secure folders.
    >
    > Any input would be appreciated.
    >
    > Chris
    >
    >
    >
  3. Archived from groups: microsoft.public.win2000.security (More info?)

    Thanks everyone for the posts. For whatever reason, after I posted the
    message never showed up in Outlook Express.
Ask a new question

Read More

Security NTFS Permissions Windows