Tip

Everyone must go

This tip was submitted to the SearchWin2000.com Tip Exchange by member Scot Hatt. Let other users know how useful it is by rating the tip below.


A quick way to remove a threat on your NTFS based system is to remove the "Everyone" group from your drive permissions and replace it with "Authenticated Users". This will stop the casual access that is provided by default in NT/2000. You may want to add the following groups in with the "AUs": "Administrators", "Creator Owner" and "System." This way you can assign "Full Control" the the latter three groups and "Read/Write/Execute" to the "AU" group, further limiting access.

So the permissions on the root of the drives will look like this:

Administrators = Full Control
Authenticated Users = RWX
Creator Owner = Full Control
System = Full Control

The "Documents and Settings" or "WinNTProfiles" directories on your system drive should also be protected in this way. Under this area, the subfolder "Administrator" should only have the following permission groups:

Administrators = Full Control
System = Full Control

"All Users" and "Default User" folders under "Documents and Settings" should not allow write permission for the "Authenticated Users". They have no reason to write.

These steps can be scripted with the "XCACLS" utility from the NT4 resource kit. Setting these permissions can severly hinder casual access to your NTFS resources.


    Requires Free Membership to View

This was first published in March 2002

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.