PC Review

Forums

Microsoft Windows 2000

Default Permissions

Reply

Default Permissions

Rate Thread

21-01-2004, 03:14 PM	#1
Tom Guest Posts: n/a	Default Permissions On Windows 2000 / 2003 Server the default permissions on my C & D drives include Administrators Domain User Everyone And a few others... On a test server I have changed this to just Administrators & Domain Users and allowed this to go through to all other folders. Is this safe to do ?? With the default setting, IIS installed and running ASP, I can browse all files on my hard disks, via the browser, using just a couple of simple asp files... This is a big security risk.. With the changed settings, everything is fine ! Any Advice / comments ? Thanks

21-01-2004, 03:33 PM	#2
Dave Patrick Guest Posts: n/a	Re: Default Permissions Make sure that the System account (NT Authority) has full control of the %systemdrive% and or the drive the pagefile is located on. -- Regards, Dave Patrick ....Please no email replies - reply in newsgroup. Microsoft MVP [Windows NT/2000 Operating Systems] http://www.microsoft.com/protect. "Tom" wrote: \| On Windows 2000 / 2003 Server the default permissions on my C & D drives \| include \| \| Administrators \| Domain User \| Everyone \| \| And a few others... \| \| On a test server I have changed this to just Administrators & Domain Users \| and allowed this to go through to all other folders. \| \| Is this safe to do ?? \| \| With the default setting, IIS installed and running ASP, I can browse all \| files on my hard disks, via the browser, using just a couple of simple asp \| files... This is a big security risk.. \| \| With the changed settings, everything is fine ! \| \| Any Advice / comments ? \| \| Thanks

21-01-2004, 03:53 PM	#3
Tom Guest Posts: n/a	Re: Default Permissions Thanks On Wed, 21 Jan 2004 07:33:17 -0700, "Dave Patrick" <mail@Nospam.DSPatrick.com> wrote: >Make sure that the System account (NT Authority) has full control of the >%systemdrive% and or the drive the pagefile is located on.

22-01-2004, 03:17 AM	#4
Steven L Umbach Guest Posts: n/a	Re: Default Permissions Yes, you may be able to get by with removing everyone. I would leave system access as it is and be careful about modifying the \winnt folder which already is fairly restricted. Running the IIS lockdown tool will also harden a lot of folder/file permissions including setiing explicit deny permisions to many sensitive files in the \winnt folder that could be used by an attacker to compromise your server. --- Steve http://support.microsoft.com/defaul...kb;en-us;325864 "Tom" <tom@takenet.com> wrote in message news:722t00polh3f1hui7nf00omknatla0inli@4ax.com... > On Windows 2000 / 2003 Server the default permissions on my C & D drives > include > > Administrators > Domain User > Everyone > > And a few others... > > On a test server I have changed this to just Administrators & Domain Users > and allowed this to go through to all other folders. > > Is this safe to do ?? > > With the default setting, IIS installed and running ASP, I can browse all > files on my hard disks, via the browser, using just a couple of simple asp > files... This is a big security risk.. > > With the changed settings, everything is fine ! > > Any Advice / comments ? > > Thanks

Reply

Thread Tools
Show Printable Version Email this Page
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads You may not post replies You may not post attachments You may not edit your posts vB code is On Smilies are On [IMG] code is On HTML code is Off

Please enter the search terms in the box below to search the entire site.