R
R.N. \(Roger\) Folsom
For security, I am considering removing the Everyone Group
from the NTFS Permissions for the root folders (C:\ and
D:\) of my Win2k sp4 notebook.
As replacements, I will add at least
Administrator
Power Users
And if recommended here, I will add also Users and Backup
Operators (the Guest account is disabled), although those
groups are empty.
This is a single user computer, with only one user, and two
accouts: Administrator, and my non-administrative Power
User account (which I wish was a mere User account, except
that I need to use some Legacy applications).
The computer is NOT attached to a Domain, but (when at
home) it is attached to a workgroup (peer-to-peer) NetBEUI
network, with two additional computers, both Win98se
notebooks. It is connected to the internet, but it is NOT
running a website and it needs no remote access.
My Question is: Does the Everyone group include the
following accounts, which for some reason are listed in ALL
CAPS in Win2k permissions tabs:
ANONYMOUS LOGON
BATCH
CREATOR OWNER
CREATOR GROUP
DIALUP
INTERACTIVE
NETWORK
SERVICE
SYSTEM
TERMINAL SERVER USER
If the Everyone group DOES include the above All Caps
accounts, then if I remove Everyone from NTFS C: and D:
permissions I assume that I would need to add NTFS
permissions for at least SERVICE and SYSTEM, and perhaps
also CREATOR OWNER and GROUP, INTERACTIVE, and NETWORK.
But if the Everyone group does NOT include these All Caps
accounts, then I would assume that removing the Everyone
group would NOT require me to add permissions for these All
Caps accounts, because the operating system would already
be giving them whatever access they need.
So I need to know whether or not the Everyone group does or
does not include these All Caps groups, and in any case I
need to know whether I need to add permissions for these
All Caps groups as part of replacing the Everyone group.
Thanks for any help.
Roger Folsom
from the NTFS Permissions for the root folders (C:\ and
D:\) of my Win2k sp4 notebook.
As replacements, I will add at least
Administrator
Power Users
And if recommended here, I will add also Users and Backup
Operators (the Guest account is disabled), although those
groups are empty.
This is a single user computer, with only one user, and two
accouts: Administrator, and my non-administrative Power
User account (which I wish was a mere User account, except
that I need to use some Legacy applications).
The computer is NOT attached to a Domain, but (when at
home) it is attached to a workgroup (peer-to-peer) NetBEUI
network, with two additional computers, both Win98se
notebooks. It is connected to the internet, but it is NOT
running a website and it needs no remote access.
My Question is: Does the Everyone group include the
following accounts, which for some reason are listed in ALL
CAPS in Win2k permissions tabs:
ANONYMOUS LOGON
BATCH
CREATOR OWNER
CREATOR GROUP
DIALUP
INTERACTIVE
NETWORK
SERVICE
SYSTEM
TERMINAL SERVER USER
If the Everyone group DOES include the above All Caps
accounts, then if I remove Everyone from NTFS C: and D:
permissions I assume that I would need to add NTFS
permissions for at least SERVICE and SYSTEM, and perhaps
also CREATOR OWNER and GROUP, INTERACTIVE, and NETWORK.
But if the Everyone group does NOT include these All Caps
accounts, then I would assume that removing the Everyone
group would NOT require me to add permissions for these All
Caps accounts, because the operating system would already
be giving them whatever access they need.
So I need to know whether or not the Everyone group does or
does not include these All Caps groups, and in any case I
need to know whether I need to add permissions for these
All Caps groups as part of replacing the Everyone group.
Thanks for any help.
Roger Folsom