Minimum rights to Operating System Volume

[SB]

Hi,

I want to setup a Windows 2000 server to be a Web server (IIS 5.0). During
my tests made in labs I knew that by default the permission assigned to the
volume hosting the operating system is Everyone. I dont' like it and I'm
searching what're the minimum rights (in order to running the OS fine) to be
assigned to the volume where the OS is installed.

Thanks

Sergio

 

[Steven L Umbach]

The drive/root folder is the place where permissions are too liberal. If you have
access to an XP Pro or W2003 computer, you may want to copy those permissions or
refer to the KB link below as a guide. Generally you want to reduce everyone to
read/list/execute or remove everyone and replace with users for read/list/execute. I
would not change permissions on the \winnt folder without thorough testing, and by
default regular users have restricted permissions already. The Microsoft Press
Windows Security Resource Kit has specific recommendations for secure ntfs
permissions and a template to implement them. The free Windows 2000 Security
Hardening Guide also has specific recommendations. You should also consider running
the IIS Lockdown tool on your IIS server. -- Steve

http://support.microsoft.com/?scid=327522
http://www.infosec.uga.edu/windows.html
http://support.microsoft.com/default.aspx?scid=kb;en-us;325864

 

[\(JD\)]

Just make sure the system has rights to the root of the drive otherwise you
will find yourself in a problems with missing/small pagefile; cannot even
reinstall the operating system onto that partition.

Don't explicitly deny Everyone.

(JD)