Secure file and folder permissions

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I've been trying to secure my XP Pro install per instructions given on the
website: http://www.markusjansson.net/exp.html

I'm running into trouble with the instructions under the heading: "secure
file and folder permissions" after selecting Authenticated Users, advanced, I
do not see "Inherit from parent permission checkbox to unselect.

Can you direct me to a Microsoft website that explains this particular
procedure in greater detail or correct the author's instructions, or explain
why this will not work for me?

much thanks,
boogy
 
The whole trouble is, I do not even see the "Inherit from parent permission
checkbox..." to unselect it.

-Boogy
 
boogy said:
I've been trying to secure my XP Pro install per instructions
given on the
website: http://www.markusjansson.net/exp.html

I'm running into trouble with the instructions under the
heading: "secure
file and folder permissions" after selecting Authenticated
Users, advanced, I
do not see "Inherit from parent permission checkbox to
unselect.

Can you direct me to a Microsoft website that explains this
particular
procedure in greater detail or correct the author's
instructions, or explain
why this will not work for me?

much thanks,
boogy
Click to expand...

You might want to take a look here:

http://www.microsoft.com/learning/books/itpro/feature/120601.asp

The Advanced button is on the Security page shown in figure 3.
That button launches Advanced Security Settings which is shown in
figure 4. Notice the check box for "Inherit from parent...".

Nepatsfan
 
The whole trouble is, I do not even see the "Inherit from parent
permission
checkbox..." to unselect it.
Click to expand...


Is the drive formatted NTFS?


hth
DDS W 2k MVP MCSE
 
Yes, I know where the advanced button is; the thing is after I click the
advanced button as suggested on the website mentioned and follow the
instructions explictly, the checkbox for "Inherit from parent permission..."
is simply not there. It's not that it is greyed out, it is not there...

-Boogy
 
boogy said:
Yes, I know where the advanced button is; the thing is after I
click the
advanced button as suggested on the website mentioned and
follow the
instructions explictly, the checkbox for "Inherit from parent
permission..."
is simply not there. It's not that it is greyed out, it is not
there...

-Boogy
Click to expand...

I just went back and read the article you posted. I think the
problem stems from the fact that he starts at the root of drive
C. He then wants you to prevent permissions from being inherited
from a parent. Think about it. The root of a drive doesn't have a
parent to inherit permissions from.

If you really want to implement his suggestions you might want to
start applying them to the folders that are contained within C.


Nepatsfan
 
Hmmm...Makes sense.
Can I select all folders contained in contained in the root and do them all
at the same time?

Thanks,
-Boogy
 
boogy said:
Hmmm...Makes sense.
Can I select all folders contained in contained in the root and
do them all
at the same time?

Thanks,
-Boogy
Click to expand...

Disable permission inheritance on each individual folder. I think
you'll find that a number of folders (e.g. Windows, Documents and
Settings) already have that box unchecked.

After having looked over that web site, I've got to pass along a
few observations. Before you decide to encrypt any files located
on your computer do a Google search for this topic: Can't access
encrypted files. Encrypting files is overkill for the average
user. Instead, use NTFS permissions to secure files. I also think
you're going to find that some of his suggestions are way too
restrictive.

Good luck

Nepatsfan
 
Can you explain what you mean by using NTFS to secure files and the procedure
involved in doing so?

Although I have been using XP for years, I only recently became only
concerned with security settings. In the last few months, I have watched my
adm password be altered, various files implanted on partitions I do not use
for downloads, and other exploits.

If you can suggest better resource for handling this, I'd appreciate it. I
know there is a new book coming out on XP security by Bott, but it is not due
to be released until 6/2005.

Thanks for your help,
-Boogy
 
boogy said:
Can you explain what you mean by using NTFS to secure files and
the procedure
involved in doing so?

Although I have been using XP for years, I only recently became
only
concerned with security settings. In the last few months, I
have watched my
adm password be altered, various files implanted on partitions
I do not use
for downloads, and other exploits.

If you can suggest better resource for handling this, I'd
appreciate it. I
know there is a new book coming out on XP security by Bott, but
it is not due
to be released until 6/2005.

Thanks for your help,
-Boogy
Click to expand...

"Using NTFS to secure files" is what you were doing when you ran
into the permission inheritance problem. My mentioning it was
only to point out that it is a much safer alternative to file
encryption. Avoid EFS unless you want to lose your files. Use
NTFS file permissions to restrict access to your personal files.
That's what I meant.

Instead of resources, I'm going to pass along some suggestions.
First, post a new question to this group. Outline the problems
you've encountered recently. Ask for suggestions on ways to make
your computer more secure. Here's what my answer would include:

1. Buy a router. I don't care if you've only got one computer,
put a NAT router between it and the internet. Some models by
Netgear, D-Link, Linksys or Belkin are available for less than
$20 after rebates. I'm using a Netgear Wireless G router that
cost me $10 + the cost of a postage stamp after rebates.

2. Use a software firewall other than the one built into Windows.
Besides the programs available from companies such as Symantec
and McAfee there are a number of free ones available like Zone
Alarm, Kerio and Sygate.

3. Make sure you are running a recent release of an updated
antivirus program, nothing earlier than 2004. Make sure you're
using the latest versions of AdAware, Spybot S & D and
SpywareBlaster. Run weekly scans with all these applications.

4. Use a password on your Windows account and make sure it is
hard to guess but easy to remember. If you must create a password
reset disk keep it in a secure location.

5. Create two accounts for yourself. One would be a Computer
Administrator and would only be used to perform adminstrative
tasks. The other would be a Limited account and would be used in
day to day operations. Leave the built-in Adminstrator account
for emergency use only.

6. Backup anything you can't afford to lose. And, after you back
it up, check to make sure that what you think is there is really
there. I use an external USB hard drive to make an image of
what's on my main computer's HD. I run an automatic backup
overnight on a weekly basis. Even if you only have a CD burner,
use it to backup your personal files.

Those are starting points. Any other security measures are up to
you.

Good luck

Nepatsfan
 
with the exception of using a software firewall, which I justed strated
doing, I have been doing all these things right along. I have a wireless
router, yada, yada, yada.

You threw me a curve with the NTFS thing. I did not plan to implement the
encryption method discussed on that webpage I referred to; but you seemed to
indicate the overall recommendations mentioned on that page were a bit
overkill if I understood you correctly.

After find this webpage, and after the experiences I encountered, I felt
maybe some advanced security techniques were in order. Like I said earlier,
these problems I have been running into, only started in the last few months
or so.

I have reformated my system partition and installed a fresh copy, even
though the old system seemed to be working fine. I scan for viruses and
spyware on a regular basis (lately twice a week) and have tested security at
websites such as www.grc.com, etc.

I'm just at my wits end as to what else I can do, short of getting out of
this virtual world and back to reality :)

Incidently, I tried securing folders in the root and am still having the
same problem I originally posted about where the "inherit" check box does not
appear. In the window above that each user is marked as not inherited, so
i'm wondering how important it is to follow this guy's procedure. You seem
to know what you're doing, can I ask what procedure you follow to secure
files and folders with NTFS?

Again, thanks for all your help,

-Boogy
 
First off, there are a number of things you can do to improve the
security of your wireless network. You might want to take a look
at this site and see if there's anything you may have overlooked.

http://www.ezlan.net/Wireless_Security.html

It's my opinion that suggestions 1, 3, 4, 6, and 8 should
definitely be implemented. Also, you should change the default
adminstrator name and password on the router's web interface. If
you've already done this stuff, great.

Next, as for NTFS file security, the only place I change folder
permissions is on data files. I've never messed around with the
default permissions that are in place on any files or folders
that the operating system or a program uses. The last thing I
need is to find out that my security efforts have caused a
problem with an installed program or Windows. In other words, if
the file or folder wasn't created by a user (e.g. anything in My
Documents, on the Desktop or in an alternate storage location),
it's off limits to any NTFS tweaking. Who has access is up to
you. Remove the Everyone group and leave in place only those
users who you feel need access.

Now let's get back to the web site you mentioned in your original
question. The guy's giving some good advice. I just think he's
going too far. I'd find a lot of what he's suggesting way too
restrictive. It might not be for you. He's listed a number of
Local Group Policy settings that might be helpful with respect to
the problems you're having. You might want to go over the "Secure
Settings" section and implement some of them, particularly the
ones that pertain to network access.

The bottom line to all this discussion is that no one can give
you a 100% guaranteed set of security measures that will protect
you from all the crap that's out there. When major corporations
and governments can't even secure their machines, what chance do
you think the rest of us have? It's an ongoing battle with an
adversary that always seems to be one step ahead. The best you
can do is try not to be an easy target. And be prepared for that
day when even your best efforts fail.

The best advice I can give you is to keep looking for things that
might help you secure your machine. Test the ones you think might
be helpful, keep those that work. You're the only person who
should decide what security measures are installed on your
computer.

Good luck

Nepatsfan
 
Much thanks for your help and suggestions. I think your advice,
collectively, and implementing only some of the suggestions from the website
I mentioned might be a good starting strategy to begin with. If you have any
other suggestions or resources with regard to XP security, I'm all ears.

Thanks again for your help.

-Boogy
 
You're welcome. Glad I was able to provide a few helpful
suggestions.

Good luck keeping your PC secure.

Nepatsfan
 
Back
Top