D
Darren Thorley
We are looking at developing an intranet/extranet on our SBS2K box to
allow access to certain files to our travelling users. They will not
always be able to establish a VPN due to certain offsite restrictions.
One of the directories that we want certain stuff to be available is
in the Company directory. By default this directory has full control
set for the everyone group.
Although there is nothing major in here I would like to secure it from
unauthenticated prying eyes.
We need all the domain users (excluding the guest and anonymous
accounts) to retain full control of all the files in this directory
structure.
I have set IIS to only allow SSL and enabled pass-through
authentication. The default of Read and Execute are the only
permissions enabled in the Virtual Directory.
Is there any benefit from changing the default NTFS permission from
the Everyone group having full control to the Authenticated Users
group and removing Everyone?
Would it be better practise creating a new group and making sure all
users are made members when I think Authenticated Users will cover it?
I know this may sound dense but I am trying to get my facts right
before I make a change and possibly regret it later.
Thanks in advance for any advice given.
Darren
allow access to certain files to our travelling users. They will not
always be able to establish a VPN due to certain offsite restrictions.
One of the directories that we want certain stuff to be available is
in the Company directory. By default this directory has full control
set for the everyone group.
Although there is nothing major in here I would like to secure it from
unauthenticated prying eyes.
We need all the domain users (excluding the guest and anonymous
accounts) to retain full control of all the files in this directory
structure.
I have set IIS to only allow SSL and enabled pass-through
authentication. The default of Read and Execute are the only
permissions enabled in the Virtual Directory.
Is there any benefit from changing the default NTFS permission from
the Everyone group having full control to the Authenticated Users
group and removing Everyone?
Would it be better practise creating a new group and making sure all
users are made members when I think Authenticated Users will cover it?
I know this may sound dense but I am trying to get my facts right
before I make a change and possibly regret it later.
Thanks in advance for any advice given.
Darren