Sign in with
Sign up | Sign in
Your question

NTFS & Share permissions

Last response: in Windows 2000/NT
Share
Anonymous
a b 8 Security
December 10, 2004 3:04:33 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Hi everybody,

When a logical drive is setup, by default the Everyone group has full
control (NTFS). I read somewhere that it was best to remove the Everyone
group and replace with the Authenticated Users group. Before I go romping
around and making this change on all my servers logical drives, can someone
confirm this or otherwise make recommendations? I also read that when
creating a security structure with share & ntfs permissions, to use share
permissions sparingly, but use ntfs to secure folders.

Any input would be appreciated.

Chris

More about : ntfs share permissions

Anonymous
a b 8 Security
December 11, 2004 3:59:57 AM

Archived from groups: microsoft.public.win2000.security (More info?)

Share and ntfs permissions work together to restrict network user access to
a share. Both should be no more than is needed. Of course ntfs permissions
are much more granular. If a user needs to write to a share you have no
choice but to give that user/group change permissions to the share but if
you don't want them to delete files you can give them
read/list/execute/write ntfs permissions.

It is generally safe to replace everyone with authenticated users and to
change permissions for either down from full control. Everyone access can be
more convenient if you need to give permissions to users in a trusted domain
also. The big danger with everyone permissions is if both the share and ntfs
permissions include the everyone group and the guest account is enabled then
everyone indeed [without authentication] can access the share. The NSA
security guides use authenticated users instead of everyone for users for
access permissions. --- Steve


"C Hall" <someone@novell.com> wrote in message
news:o cTtXpt3EHA.4028@TK2MSFTNGP15.phx.gbl...
> Hi everybody,
>
> When a logical drive is setup, by default the Everyone group has full
> control (NTFS). I read somewhere that it was best to remove the Everyone
> group and replace with the Authenticated Users group. Before I go romping
> around and making this change on all my servers logical drives, can
> someone
> confirm this or otherwise make recommendations? I also read that when
> creating a security structure with share & ntfs permissions, to use share
> permissions sparingly, but use ntfs to secure folders.
>
> Any input would be appreciated.
>
> Chris
>
>
Anonymous
a b 8 Security
December 14, 2004 6:13:02 AM

Archived from groups: microsoft.public.win2000.security (More info?)

Remember that NT Share permissions only work if accessed via the network. In
combination with NTFS permissions, you should be able to achieve what you
need (both access locally and remotely).


"C Hall" wrote:

> Hi everybody,
>
> When a logical drive is setup, by default the Everyone group has full
> control (NTFS). I read somewhere that it was best to remove the Everyone
> group and replace with the Authenticated Users group. Before I go romping
> around and making this change on all my servers logical drives, can someone
> confirm this or otherwise make recommendations? I also read that when
> creating a security structure with share & ntfs permissions, to use share
> permissions sparingly, but use ntfs to secure folders.
>
> Any input would be appreciated.
>
> Chris
>
>
>
Anonymous
a b 8 Security
December 16, 2004 8:38:26 AM

Archived from groups: microsoft.public.win2000.security (More info?)

Thanks everyone for the posts. For whatever reason, after I posted the
message never showed up in Outlook Express.
!