Security Basics mailing list archives
RE: XP security permissions
From: "Steve McLaughlin" <steve () Lan com au>
Date: Wed, 21 Jan 2004 09:51:23 +1100
Firstly, it is good practice to keep things as simple as possible, You should add all of the restricted users to their own group, and then remove them from all other groups except the group you created and the inbuilt users group. This should keep things restricted enough. And they will not be able to install programs or tweak your system very much. The inbuilt USERS group is used for very restrictive use as you require. This will also protect your OS from harmful deletion of important system files. As for all the permissions you mentioned, it is ok to leave them all as default, unless you want to explicitly deny permission to a specific folder. In which case you would use the group you created to set the permissions. And not the inbuilt groups. Also, It sounds like you may have tweaked the privileges on the folders a bit more than you should have, in which case, it may be easiest to reformat and start again. steve mclaughlin | enlite technology (MCSA, A+, Network+, Server+) -----Original Message----- From: J. Yoon [mailto:supercool9000 () hotmail com] Sent: Tuesday, 20 January 2004 10:07 PM To: security-basics () securityfocus com Subject: XP security permissions Please advise on a proper way to set folder permissions on XP without having my programs crash and other friends/users complaining too much. I want to give full permission to myself and administrators. The other 2 accounts "friends/family" in my box, i don't want them to mess with any system settings but still want to give them the option of installing some softwares at a designated folder, run MS office/webbrowse/messenger/games... As for everyone else, is it possible to default deny all access? Seems like when I put Deny Everyone, it denies access to even myself. 1) In the Program Files folder and WINDOWS folder, which folders should I be giving read/write/modify permissions to so that programs don't fail when limited/guest users run the programs? 2) Which folders need SYSTEM and USER? I noticed that WINDOWS folder had some of these id's present in the security tab. 3) how should the hidden system folders, page file, recycle, system volume information folders be set to and to whom shoudl perms be given? 4) how about Program Files/MSN Messenger, Program Files/Microsoft Office Sound /video card driver directories, anti virus, firewall dirs i noticed that some programs need write privilages to run properly should normal users have modify privilages as well for some programs? if so which? _________________________________________________________________ Let the new MSN Premium Internet Software make the most of your high-speed experience. http://join.msn.com/?pgmarket=en-us&page=byoa/prem&ST=1 --------------------------------------------------------------------------- Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any course! All of our class sizes are guaranteed to be 10 students or less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course! ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any course! All of our class sizes are guaranteed to be 10 students or less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course! ----------------------------------------------------------------------------
Current thread:
- XP security permissions J. Yoon (Jan 20)
- RE: XP security permissions David Gillett (Jan 20)
- RE: XP security permissions Steve McLaughlin (Jan 20)
- ISO 17799 / BS 7799 certification n30 (Jan 21)
- Re: ISO 17799 / BS 7799 certification Rhona Aylward (Jan 22)
- ISO 17799 / BS 7799 certification n30 (Jan 21)
- <Possible follow-ups>
- RE: XP security permissions J. Yoon (Jan 21)