Steven L Umbach said:Assuming you do not need guest access to the computer or are using ancient
legacy applications you can remove everyone group from the \winnt folder or
at best give it read permissions. The link below is to NSA security guide
and downloads. If you view their security templates [ .inf file downloads ]
for workstation or server you will see that the everyone group is not
included for permissions to the \winnt folder. --- Steve
http://nsa1.www.conxion.com/win2k/download.htm
Rob said:Is there a best practice for NTFS permissions on the WINNT directory, the
Everyone group? If someone could lead me to a resource that would be
great.
Rob said:Is there any reason why the Users group is added to the systemroot
permissions? It is only read and execute but I was just curious why that
group is even included.
Thanks
Steven L Umbach said:Assuming you do not need guest access to the computer or are using
ancient
legacy applications you can remove everyone group from the \winnt folder
or
at best give it read permissions. The link below is to NSA security guide
and downloads. If you view their security templates [ .inf file
downloads ]
for workstation or server you will see that the everyone group is not
included for permissions to the \winnt folder. --- Steve
http://nsa1.www.conxion.com/win2k/download.htm
Rob said:Is there a best practice for NTFS permissions on the WINNT directory,
the
Everyone group? If someone could lead me to a resource that would be
great.