NTFS Permissions Question

pm

Distinguished
Apr 8, 2004
95
0
18,630
Archived from groups: microsoft.public.win2000.security (More info?)

I have a D drive on the server, with a few subfolders for user shares,
Quickbooks share, etc..

I blocked inheritance , and created appropriate permissions, ex. Quickbooks
share - Administrators full control, Quickbooks users full control.

My question is: What about the SYSTEM group? The default D share gave it
and all subfolders permissions to the folders by default. However, I blocked
inheritance, and am not sure if I should add the SYSTEM group to my shares or
not! What does the SYSTEM group mean, and what is its purpose?
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

You should be OK without this grant to SYSTEM, particularly
given that you do have a grant of FULL to Administrators group.
The Local System account that the core of the OS runs as is in
fact a hidden member of the Administrators group.
Grants to SYSTEM can become particularly important where
Adminsitrators have no access by specific services running
in the OS will be attempting file accesses.

--
Roger Abell
Microsoft MVP (Windows Security)
MCSE (W2k3,W2k,Nt4) MCDBA
"PM" <PM@discussions.microsoft.com> wrote in message
news:0D2C39F4-FB0D-471A-889F-B7C423B19DB2@microsoft.com...
> I have a D drive on the server, with a few subfolders for user shares,
> Quickbooks share, etc..
>
> I blocked inheritance , and created appropriate permissions, ex.
Quickbooks
> share - Administrators full control, Quickbooks users full control.
>
> My question is: What about the SYSTEM group? The default D share gave it
> and all subfolders permissions to the folders by default. However, I
blocked
> inheritance, and am not sure if I should add the SYSTEM group to my shares
or
> not! What does the SYSTEM group mean, and what is its purpose?
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

On Fri, 18 Mar 2005 05:33:03 -0800, "PM"
<PM@discussions.microsoft.com> wrote:

>I have a D drive on the server, with a few subfolders for user shares,
>Quickbooks share, etc..
>
>I blocked inheritance , and created appropriate permissions, ex. Quickbooks
>share - Administrators full control, Quickbooks users full control.
>
>My question is: What about the SYSTEM group? The default D share gave it
>and all subfolders permissions to the folders by default. However, I blocked
>inheritance, and am not sure if I should add the SYSTEM group to my shares or
>not! What does the SYSTEM group mean, and what is its purpose?

There are a number of programs that can/will use the SYSTEM account
for access. Backup software is the first that comes to mind, but it
could be you have other software that may.

Jeff