Options
Users on NTFS Volume Permissions
On the file servers where I work, the local users group (which has Domain Users as a member) has these NTFS permissions on the volumes:
-Read
-special permissions of Create Files/Write Data and create Folders/Append Data
This inherits down through the volume to each folder. Combined with Share permissions of "Everyone Full Control", this creates a big problem. Essentially this gives everyone write permissions on all the shares.
I was consulting this weekend for a client and found their file servers were set up the same way!
Is this a default of Windows Server 2003? I blocked inheritance and removed Users from the NTFS of every share. But seeing this in two companies has me wondering?
Anyone else see this?
-Read
-special permissions of Create Files/Write Data and create Folders/Append Data
This inherits down through the volume to each folder. Combined with Share permissions of "Everyone Full Control", this creates a big problem. Essentially this gives everyone write permissions on all the shares.
I was consulting this weekend for a client and found their file servers were set up the same way!
Is this a default of Windows Server 2003? I blocked inheritance and removed Users from the NTFS of every share. But seeing this in two companies has me wondering?
Anyone else see this?
Comments
-
Options
blargoe Member Posts: 4,174 ■■■■■■■■■□
That is the default for Windows 2003. Whoever set up the server should have blocked inheritance at the root of the share and created a new ACL.IT guy since 12/00
Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
Working on: RHCE/Ansible
Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...