Security Basics mailing list archives
RE: Win2000 Directory Permissions
From: "Sander de Rijk" <sander () derijk org>
Date: Tue, 1 Apr 2003 23:16:22 +0200
I would say change EVERYTHING to admin+system full control and users instead of everyone read permissions. Besides that change the repair indeed to no access for the users. No need for power users. No need for creator owner. The documents and settings folder will take care of itself with those permissions and if users need write access because of certain apps Like for example c:\temp do that on the folder That should be sufficient For IIS however I would suggest u use the lockdown tool (be carefull with the urlscan) to secure your server. It also takes care of the entire NTFS settings of the IIS user Greetz, Sander -----Original Message----- From: Simon Taplin [mailto:SimonT () lantic net] Posted At: zondag 30 maart 2003 13:20 Posted To: Security Focus Mailings Conversation: Win2000 Directory Permissions Subject: Win2000 Directory Permissions I'v been running the permission settings below on my NT4 workstation PC's for students. I'm now upgrading the machines to Win2000. Do I need to change any of the settings below for Workstations and Servers? Especially the server running IIS? I got these from the TechRepublic newsletter. Simon On these folders: * \Winnt * \Winnt\system * \Winnt\system32 * \Winnt\system32\config * \Winnt\system32\drivers Apply these permissions: * Administrators: Full Control * Creator Owner: Full Control * Everyone: Read * System: Full Control On \Winnt\repair, the only permission you should set is Administrators: Full Control. On \Winnt\system32\spool, apply these permissions: * Administrators: Full Control * Creator Owner: Full Control * Everyone: Read * Power Users: Change * System: Full Control On Boot.ini, Ntdetect.com, and Ntldr, apply: * Administrators: Full Control * System: Full Control On Autoexec.bat and Config.sys, apply: * Everyone: Read * Administrators: Full Control --- This mail is hopefully virus free as it has been Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.465 / Virus Database: 263 - Release Date: 2003/03/25 ------------------------------------------------------------------- SurfControl E-mail Filter puts the brakes on spam, viruses and malicious code. Safeguard your business critical communications. Download a free 30-day trial: http://www.surfcontrol.com/go/zsfsbl1 ------------------------------------------------------------------- SurfControl E-mail Filter puts the brakes on spam, viruses and malicious code. Safeguard your business critical communications. Download a free 30-day trial: http://www.securityfocus.com/SurfControl-security-basics
Current thread:
- RE: Win2000 Directory Permissions Sander de Rijk (Apr 01)
- <Possible follow-ups>
- RE: Win2000 Directory Permissions Chris Berry (Apr 02)