RE: Win2000 Directory Permissions

["Chris Berry" <compjma () hotmail com>]

> From: "Sander de Rijk" <sander () derijk org>
> I would say change EVERYTHING to admin+system full control and users
> instead of everyone read permissions. Besides that change the repair
> indeed to no access for the users.
>
> No need for power users. No need for creator owner.
> The documents and settings folder will take care of itself with those
> permissions and if users need write access because of certain apps
> Like for example c:\temp do that on the folder
>
> That should be sufficient
>
> For IIS however I would suggest u use the lockdown tool (be carefull
> with the urlscan) to secure your server. It also takes care of the
> entire NTFS settings of the IIS user
>
> Greetz,
> Sander

Originally when I was setting up our permissions structure I removed the 
everyone group completely and gave the administrators group full control to 
all.  Then I added domain users to a few places I felt were necessary.  
Under this configuration the thing didn't run well at all.  Are you saying 
that by adding system with full control to all folders this problem would be 
solved?

Chris Berry
compjma () hotmail com
Systems Administrator
JM Associates

"Without change, something sleeps inside us, and seldom awakens.  The 
sleeper must awaken." -- Duke Leto Atreides

_________________________________________________________________
The new MSN 8: smart spam protection and 2 months FREE*  
http://join.msn.com/?page=features/junkmail


-------------------------------------------------------------------
SurfControl E-mail Filter puts the brakes on spam,
viruses and malicious code. Safeguard your business
critical communications. Download a free 30-day trial:
http://www.securityfocus.com/SurfControl-security-basics