Implementing permissions in Windows NT/2000

A handful of 'best practices' to consider when implementing permissions in Windows NT/2000.

When implementing permissions in Windows NT/2000 the network administrator should ensure that NTFS volumes are being used and not FAT volumes.

A good idea when deciding to implement permissions to folders is that the network administrator can group users who require various forms of permissions and then apply the assigned permissions to the folder. Assigning individual user permission can create some manageability problems especially for larger networks.

For all new folders that are created the default permissions assigned to the "Everyone" group is Full Control. You may want to change the Everyone group's permission for a folder to read access, and then any new subdirectories created after that will get the new permission settings.

You should perform periodic checks to ensure that the permissions assigned to the current group are appropriate.

File-level permission checks should also be conducted periodically to ensure that the group of users, or in some cases a single user, has the appropriate rights assigned.

The network administrator should place program and data files in separate locations. Assigning write access to data files requires special attention. By assigning write access users can copy files from the server to their local hard drive and vice versa. If the user access rights are set up properly on a Windows 2000 workstation, then users should not be able to copy files from the network server to their local drives. It's also a good idea to set Audit options, especially where you've granted write access to a folder

There may be instances where users need access to certain sensitive folders in an application but some users within the group will not require access to that particular folder. In that case, share the folders that contain the sensitive information with a dollar sign ($) to hide them from unauthorized persons. As your Windows help system will tell you, such folders are not visible from My Computer, but can be viewed using the Shared Folders snap-in.


Adesh Rampat has 10 years experience with network and IT administration. He is a member of the Association of Internet Professionals, the Institute for Network Professionals, and the International Webmasters Association. He has also lectured extensively on a variety of topics.

Did you like this tip? If so, (or if not) why not let us know. Send an email to us and sound off. Or visit our tips page to rate this tip, or submit one of your own.

Related Book

Secure Networking With Windows 2000 and Trust Services
Author : Jalal Feghhi
Publisher : Addison Wesley
ISBN/CODE : 0201657783
Cover Type : Soft Cover
Pages : 368
Published : Feb 2001
Summary :
Secure Networking with Windows 2000 and Trust Services is an authoritative resource that addresses the security issues involved in using the Internet as a platform for conducting commerce. It explains public-key technology and describes techniques for ensuring secure transactions with business partners and consumers.


This was first published in March 2001

Dig deeper on Windows Server and Network Security

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close