Generally that is a good idea. In some cases legacy software or
older/downlevel clients such as Windows NT4.0 may need access to the
everyone group, at least in certain circumstances. I would suggest not
messing with folder permissions for the \winnt folder structure that already
have restricted access for everyone/users. You may restrict individual
executables in the system32 folder such as ping, arp, attrib, if need be.
The main problem with the everyone group is that on the drive/root folder it
had full control which has been changed in XP and Windows 2003. If you do
not want users to add folfer/files to the root folder you may want to leave
them with read/list/execute permissions there. Removing the everyone group
and replacing with authenticated users will deny guest access which usually
is considered desirable anyhow. See link below for more info. --- Steve
http://support.microsoft.com/default.aspx?scid=kb;EN-US;327522