Best Practices for NTFS Shares

  • Thread starter Thread starter Rob
  • Start date Start date
R

Rob

I am searching for a white paper on best practices for
setting up NTFS Shares in W2K. Can anyone point me in the
right direction or have an article number I can search on?

Thanks,
Rob
 
The Windows 2000 Security Hardening Guide is a pretty good read though I don't know
if it has exactly what you are looking for. Generally you want to follow the least
permissions needed rule to set up folders. By default W2K gives everyone full control
to a share which you should change to full control for administrators and read or
modify for the appropriate users group that needs access to the share. Read allows
execute permissions to a share while modify is needed for write and delete.

NTFS permissions work in conjunction with share permissions for network access and
the most restrictive of the two permissions will apply to a user. Avoid using
everyone/users group in shares or ntfs permissions unless you want all users to have
access. The links below may be helpful. --- Steve

http://support.microsoft.com/?id=301195
http://www.windowsitlibrary.com/Content/592/toc.html
http://www.microsoft.com/technet/Se...win2khg/05sconfg.mspx#XSLTsection129121120120
 
Thanks a lot. I needed to find documentation to support my
assertion that we get rid of the FC on the Everyone
Group. These links are very helpful.
-----Original Message-----
The Windows 2000 Security Hardening Guide is a pretty good read though I don't know
if it has exactly what you are looking for. Generally you want to follow the least
permissions needed rule to set up folders. By default W2K gives everyone full control
to a share which you should change to full control for administrators and read or
modify for the appropriate users group that needs access to the share. Read allows
execute permissions to a share while modify is needed for write and delete.

NTFS permissions work in conjunction with share
Click to expand...
permissions for network access and
 
Microsoft released a "Heads up" a few years ago
about removing the EveryOne group.

This came about the same time as the FBI's
warrning about the PnP on windows also.
 
Back
Top