T
Tom Rodman
<pardon me if this is a dup post>
After a fresh install of w2k workstation
the C: drive root directory ACL is:
EVERYONE "full control" ; "this folder, subfolder, files"
Goal:
improve the ACLs on
o the C: drive root directory ACL
o the top level directories below the root diretory of C:\
make the box more "multi-user" friendly, prevent
non administrators from causing problems; prevent
non administrators from writing in directories that are inappropriate -
like c:\ for example
First Stab:
changed the C: drive root directory ACL to:
Administrators "full control" ; "this folder, subfolder, files"
EVERYONE "read execute" ; "this folder, subfolder, files"
consequences noted:
My test "non adminstrator" acct could still run Mozilla, Acrobat reader,
and Gimp, but QuarkExpress silently failed to "come up" when
invoked. The ACL change was done *after* all these apps
were installed.
Any help or "best practices" pointers would be appreciated.
After a fresh install of w2k workstation
the C: drive root directory ACL is:
EVERYONE "full control" ; "this folder, subfolder, files"
Goal:
improve the ACLs on
o the C: drive root directory ACL
o the top level directories below the root diretory of C:\
make the box more "multi-user" friendly, prevent
non administrators from causing problems; prevent
non administrators from writing in directories that are inappropriate -
like c:\ for example
First Stab:
changed the C: drive root directory ACL to:
Administrators "full control" ; "this folder, subfolder, files"
EVERYONE "read execute" ; "this folder, subfolder, files"
consequences noted:
My test "non adminstrator" acct could still run Mozilla, Acrobat reader,
and Gimp, but QuarkExpress silently failed to "come up" when
invoked. The ACL change was done *after* all these apps
were installed.
Any help or "best practices" pointers would be appreciated.