Default Permissions

[Tom]

On Windows 2000 / 2003 Server the default permissions on my C & D drives
include

Administrators
Domain User
Everyone

And a few others...

On a test server I have changed this to just Administrators & Domain Users
and allowed this to go through to all other folders.

Is this safe to do ??

With the default setting, IIS installed and running ASP, I can browse all
files on my hard disks, via the browser, using just a couple of simple asp
files... This is a big security risk..

With the changed settings, everything is fine !

Any Advice / comments ?

Thanks

 

[Dave Patrick]

Make sure that the System account (NT Authority) has full control of the
%systemdrive% and or the drive the pagefile is located on.

--
Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft MVP [Windows NT/2000 Operating Systems]
http://www.microsoft.com/protect.

:
| On Windows 2000 / 2003 Server the default permissions on my C & D drives
| include
|
| Administrators
| Domain User
| Everyone
|
| And a few others...
|
| On a test server I have changed this to just Administrators & Domain Users
| and allowed this to go through to all other folders.
|
| Is this safe to do ??
|
| With the default setting, IIS installed and running ASP, I can browse all
| files on my hard disks, via the browser, using just a couple of simple
asp
| files... This is a big security risk..
|
| With the changed settings, everything is fine !
|
| Any Advice / comments ?
|
| Thanks

 

[Tom]

Thanks

 

[Steven L Umbach]

Yes, you may be able to get by with removing everyone. I would leave system
access as it is and be careful about modifying the \winnt folder which
already is fairly restricted. Running the IIS lockdown tool will also harden
a lot of folder/file permissions including setiing explicit deny permisions
to many sensitive files in the \winnt folder that could be used by an
attacker to compromise your server. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;325864