NTFS Permissions Question
Last response: in Windows 2000/NT
Archived from groups: microsoft.public.win2000.security (More info?)
I have a D drive on the server, with a few subfolders for user shares,
Quickbooks share, etc..
I blocked inheritance , and created appropriate permissions, ex. Quickbooks
share - Administrators full control, Quickbooks users full control.
My question is: What about the SYSTEM group? The default D share gave it
and all subfolders permissions to the folders by default. However, I blocked
inheritance, and am not sure if I should add the SYSTEM group to my shares or
not! What does the SYSTEM group mean, and what is its purpose?
I have a D drive on the server, with a few subfolders for user shares,
Quickbooks share, etc..
I blocked inheritance , and created appropriate permissions, ex. Quickbooks
share - Administrators full control, Quickbooks users full control.
My question is: What about the SYSTEM group? The default D share gave it
and all subfolders permissions to the folders by default. However, I blocked
inheritance, and am not sure if I should add the SYSTEM group to my shares or
not! What does the SYSTEM group mean, and what is its purpose?
More about : ntfs permissions question
Archived from groups: microsoft.public.win2000.security (More info?)
You should be OK without this grant to SYSTEM, particularly
given that you do have a grant of FULL to Administrators group.
The Local System account that the core of the OS runs as is in
fact a hidden member of the Administrators group.
Grants to SYSTEM can become particularly important where
Adminsitrators have no access by specific services running
in the OS will be attempting file accesses.
--
Roger Abell
Microsoft MVP (Windows Security)
MCSE (W2k3,W2k,Nt4) MCDBA
"PM" <PM@discussions.microsoft.com> wrote in message
news:0D2C39F4-FB0D-471A-889F-B7C423B19DB2@microsoft.com...
> I have a D drive on the server, with a few subfolders for user shares,
> Quickbooks share, etc..
>
> I blocked inheritance , and created appropriate permissions, ex.
Quickbooks
> share - Administrators full control, Quickbooks users full control.
>
> My question is: What about the SYSTEM group? The default D share gave it
> and all subfolders permissions to the folders by default. However, I
blocked
> inheritance, and am not sure if I should add the SYSTEM group to my shares
or
> not! What does the SYSTEM group mean, and what is its purpose?
You should be OK without this grant to SYSTEM, particularly
given that you do have a grant of FULL to Administrators group.
The Local System account that the core of the OS runs as is in
fact a hidden member of the Administrators group.
Grants to SYSTEM can become particularly important where
Adminsitrators have no access by specific services running
in the OS will be attempting file accesses.
--
Roger Abell
Microsoft MVP (Windows Security)
MCSE (W2k3,W2k,Nt4) MCDBA
"PM" <PM@discussions.microsoft.com> wrote in message
news:0D2C39F4-FB0D-471A-889F-B7C423B19DB2@microsoft.com...
> I have a D drive on the server, with a few subfolders for user shares,
> Quickbooks share, etc..
>
> I blocked inheritance , and created appropriate permissions, ex.
Quickbooks
> share - Administrators full control, Quickbooks users full control.
>
> My question is: What about the SYSTEM group? The default D share gave it
> and all subfolders permissions to the folders by default. However, I
blocked
> inheritance, and am not sure if I should add the SYSTEM group to my shares
or
> not! What does the SYSTEM group mean, and what is its purpose?
Archived from groups: microsoft.public.win2000.security (More info?)
On Fri, 18 Mar 2005 05:33:03 -0800, "PM"
<PM@discussions.microsoft.com> wrote:
>I have a D drive on the server, with a few subfolders for user shares,
>Quickbooks share, etc..
>
>I blocked inheritance , and created appropriate permissions, ex. Quickbooks
>share - Administrators full control, Quickbooks users full control.
>
>My question is: What about the SYSTEM group? The default D share gave it
>and all subfolders permissions to the folders by default. However, I blocked
>inheritance, and am not sure if I should add the SYSTEM group to my shares or
>not! What does the SYSTEM group mean, and what is its purpose?
There are a number of programs that can/will use the SYSTEM account
for access. Backup software is the first that comes to mind, but it
could be you have other software that may.
Jeff
On Fri, 18 Mar 2005 05:33:03 -0800, "PM"
<PM@discussions.microsoft.com> wrote:
>I have a D drive on the server, with a few subfolders for user shares,
>Quickbooks share, etc..
>
>I blocked inheritance , and created appropriate permissions, ex. Quickbooks
>share - Administrators full control, Quickbooks users full control.
>
>My question is: What about the SYSTEM group? The default D share gave it
>and all subfolders permissions to the folders by default. However, I blocked
>inheritance, and am not sure if I should add the SYSTEM group to my shares or
>not! What does the SYSTEM group mean, and what is its purpose?
There are a number of programs that can/will use the SYSTEM account
for access. Backup software is the first that comes to mind, but it
could be you have other software that may.
Jeff
Related ressources:
- ForumNTFS Permissions question
- ForumRestrict NTFS permissions list
- Forumcreator/owner NTFS permissions
- ForumNTFS Files Permissions Issues??
- ForumNTFS and Shared Permissions
- ForumNTFS vs Shared Permissions
- ForumNTFS Permissions
- ForumNTFS permissions - basic primer
- ForumNTFS permissions and security
- ForumNTFS Permissions question
- ForumNTFS permissions mysteriously changing
- ForumNTFS Question !
- ForumWin 2003 - Share can be read with no NTFS permission?
- ForumAccessing NTFS Drive after Windows 7 Install
- ForumAuthenticated Users' NTFS Permissions
- ForumPermissions Question : Allow Read but not Copy
- ForumPermissions Question
- ForumParallel and com ports not appearing in device manager
- ForumNTFS and Shares ritghts vs. Netware Rights
- ForumLosing Folder Permissions
- More resources
!
