Hello everyone…
In my company I have a 2003-200 AD environment with all clients being
windows xp sp2.
Simple machines with just Office 2003 sp3 and some freeware like Foxit PDF
and other common software freebies that we all generally use.
No user in the company has any special local computer group’s membership
other than the local “Users Group”
Lately I am noticing the event logs for Symantec AV scanning to show lots of
spyware being caught and repaired.
The general location where it is found is: “c:\Documents and Settings\All
Users\Application Data”.
I wanted to know if I can adjust the NTFS so that only Administrators and
System account/groups can have full access while the rest have simply read
only access.
By default there is an extra NTFS setting for Creator Owner that grants the
user who creates the folder or file full control…
I am thinking of removing just that entry (Creator Owner) for all potential
areas within the “All Users” folders.
This can be yet another way of avoiding potential spyware.
Ahs anyone come across this issue or encountered any side effects by making
the desired change as I mentioned?
I am not sure if this is the right post.
Also posted this question in Security-Operating System Security-Windows
Client Security..
Sorry for the double post...
--
Goku 316
|
Similar Threads
