Need initial pointers

[Teacher]

I need to check up permissions on an existing server and
could use some very basic pointers. I'm a physics/ chem/
algebra teacher at a non-profit high school for at-risk
students and as an additional duty, I volunteered to be
the system admin to a network running Windows 2000 Server
that's connencted to a mix of 30+ NT and W2K clients. I
love technology and pick up things fast once I understand
a few of the basics.

Right now I'm trying to dig myself out of situations that
are related to users not being able to run programs or
create folders for roaming profiles which cause the local
profiles to be loaded.

I've gone thru the Group Policy snap-in and enabled
the "don't check roaming profile security" policy but I
think I'm making a basic mistake in my propagated user
rights. I've propagated Full Control for Administrator
(domainname), System, and Services; I've also propagated
Read for Everybody. I believe I have a solid understanding
of Shares and nonpropagated user rights and have set up
the Profiles, etc correctly.

What I think I've seriously messed up is what rights need
to be assigned to the WINNT and Program Files folders
because I only have the above mentioned propagated rights
on them currently.

Any help/direction would be greatly appreciated!

 

[Steven L Umbach]

Here is a link on how to restore default NTFS permissions to W2K. In a
default installation, NTFS permissions are fairly good except on the
drive/root folder where the everyone group may have full permissions which
you will want to probably reduce to just read/list/execute. You may also
want to read the free download Windows 2000 Security Hardening Guide for
configuration advice which includes specific recommendations [including ntfs
permissions] based on network configuration and security goals, see second
link for download link for it. --- Steve

http://support.microsoft.com/?kbid=266118
http://www.infosec.uga.edu/windows.html

 

[Steven L Umbach]

I guess the link to the W2K HG is bad. Try this one.
ttp://tinyurl.com/anm1 --- Steve

Here is a link on how to restore default NTFS permissions to W2K. In a
default installation, NTFS permissions are fairly good except on the
drive/root folder where the everyone group may have full permissions which
you will want to probably reduce to just read/list/execute. You may also
want to read the free download Windows 2000 Security Hardening Guide for
configuration advice which includes specific recommendations [including ntfs
permissions] based on network configuration and security goals, see second
link for download link for it. --- Steve

http://support.microsoft.com/?kbid=266118
http://www.infosec.uga.edu/windows.html

I need to check up permissions on an existing server and
could use some very basic pointers. I'm a physics/ chem/
algebra teacher at a non-profit high school for at-risk
students and as an additional duty, I volunteered to be
the system admin to a network running Windows 2000 Server
that's connencted to a mix of 30+ NT and W2K clients. I
love technology and pick up things fast once I understand
a few of the basics.

Right now I'm trying to dig myself out of situations that
are related to users not being able to run programs or
create folders for roaming profiles which cause the local
profiles to be loaded.

I've gone thru the Group Policy snap-in and enabled
the "don't check roaming profile security" policy but I
think I'm making a basic mistake in my propagated user
rights. I've propagated Full Control for Administrator
(domainname), System, and Services; I've also propagated
Read for Everybody. I believe I have a solid understanding
of Shares and nonpropagated user rights and have set up
the Profiles, etc correctly.

What I think I've seriously messed up is what rights need
to be assigned to the WINNT and Program Files folders
because I only have the above mentioned propagated rights
on them currently.

Any help/direction would be greatly appreciated!

 

[Austin M. Horst]

Default permissions in Windows 2000 & NT:

Search by title if necessary at:
http://support.microsoft.com/default.aspx?pr=kbhowto

++++++++++++++++++++++++++++++++++++++++++

* Microsoft Knowledge Base Article - 244600
* Default NTFS Permissions in Windows 2000

http://support.microsoft.com/default.aspx?scid=
http://support.microsoft.com:80/support/kb/
articles/Q244/6/00.asp&NoWebContent=1&NoWebContent=1

++++++++++++++++++++++++++++++++++++++++++

* Microsoft Knowledge Base Article - 148437
* Default NTFS Permissions in Windows NT

http://support.microsoft.com/default.aspx
?scid=kb;EN-US;148437

++++++++++++++++++++++++++++++++++++++++++

* Microsoft Knowledge Base Article - 287024
* Permission Inheritance Behavior

http://support.microsoft.com/
default.aspx?scid=kb;en-us;287024

++++++++++++++++++++++++++++++++++++++++++

* Microsoft Windows 2000 Pro Documentation

http://www.microsoft.com/windows2000/en/
professional/help/default.asp?
url=/windows2000/en/professional/help/
windows_security_default_settings.htm

++++++++++++++++++++++++++++++++++++++++++

Austin M. Horst