Everyone must go

Remove the "Everyone" group from your drive permissions and replace it with "Authenticated Users" for better security.

This tip was submitted to the SearchWin2000.com Tip Exchange by member Scot Hatt. Let other users know how useful it is by rating the tip below.


A quick way to remove a threat on your NTFS based system is to remove the "Everyone" group from your drive permissions and replace it with "Authenticated Users". This will stop the casual access that is provided by default in NT/2000. You may want to add the following groups in with the "AUs": "Administrators", "Creator Owner" and "System." This way you can assign "Full Control" the the latter three groups and "Read/Write/Execute" to the "AU" group, further limiting access.

So the permissions on the root of the drives will look like this:

Administrators = Full Control
Authenticated Users = RWX
Creator Owner = Full Control
System = Full Control

The "Documents and Settings" or "WinNTProfiles" directories on your system drive should also be protected in this way. Under this area, the subfolder "Administrator" should only have the following permission groups:

Administrators = Full Control
System = Full Control

"All Users" and "Default User" folders under "Documents and Settings" should not allow write permission for the "Authenticated Users". They have no reason to write.

These steps can be scripted with the "XCACLS" utility from the NT4 resource kit. Setting these permissions can severly hinder casual access to your NTFS resources.


This was first published in March 2002

Dig deeper on Windows Server and Network Security

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close