Security Basics mailing list archives
RE: Win2000 Directory Permissions
From: "Chris Berry" <compjma () hotmail com>
Date: Tue, 01 Apr 2003 16:41:35 -0800
From: "Sander de Rijk" <sander () derijk org> I would say change EVERYTHING to admin+system full control and users instead of everyone read permissions. Besides that change the repair indeed to no access for the users. No need for power users. No need for creator owner. The documents and settings folder will take care of itself with those permissions and if users need write access because of certain apps Like for example c:\temp do that on the folder That should be sufficient For IIS however I would suggest u use the lockdown tool (be carefull with the urlscan) to secure your server. It also takes care of the entire NTFS settings of the IIS user Greetz, Sander
Originally when I was setting up our permissions structure I removed the everyone group completely and gave the administrators group full control to all. Then I added domain users to a few places I felt were necessary. Under this configuration the thing didn't run well at all. Are you saying that by adding system with full control to all folders this problem would be solved?
Chris Berry compjma () hotmail com Systems Administrator JM Associates"Without change, something sleeps inside us, and seldom awakens. The sleeper must awaken." -- Duke Leto Atreides
_________________________________________________________________The new MSN 8: smart spam protection and 2 months FREE* http://join.msn.com/?page=features/junkmail
------------------------------------------------------------------- SurfControl E-mail Filter puts the brakes on spam, viruses and malicious code. Safeguard your business critical communications. Download a free 30-day trial: http://www.securityfocus.com/SurfControl-security-basics
Current thread:
- RE: Win2000 Directory Permissions Sander de Rijk (Apr 01)
- <Possible follow-ups>
- RE: Win2000 Directory Permissions Chris Berry (Apr 02)