|
| If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|||||||
|
|
Thread Tools | Display Modes |
|
#1
January 12th 09, 12:32 PM
posted to microsoft.public.windowsxp.security_admin
|
|||
|
|||
Default file/folder security permissions for a new user
In windows xp, I do the following:
Create new user (Bob). Remove bob as a member of the Users group (he now is a member of no group). Go to some folder on my box. e.g. C: \randomstuff. Check the security of this. Check the effective permissions of Bob with respect to this folder (to find out what he can reall do). Bob seems to be default be able to do a lot of things with this folder "by default". He can do: Traverse Folder / Execute File List Folder / Read Data Read Attributes Read Extended Attributes Create Folders / Append Data Create Files / Write Data Read Permission How is this? Why does a new user get to do all this stuff to anywhere on my box? Thanks 
|
| Ads |
|
#2
January 13th 09, 05:03 PM
posted to microsoft.public.windowsxp.security_admin
|
|||
|
|||
|
Default file/folder security permissions for a new user
The reason is that the folders in question will have "Everyone" group
permissions applied. Since membership of this group is automatic (and doesn't appear in usermanager) Bob doesn't need to be in any specific group to access them. -Is this a bad arangement? Linux afficonados would certainly say yes. Matter of opinion I suppose. " wrote: In windows xp, I do the following: Create new user (Bob). Remove bob as a member of the Users group (he now is a member of no group). Go to some folder on my box. e.g. C: \randomstuff. Check the security of this. Check the effective permissions of Bob with respect to this folder (to find out what he can reall do). Bob seems to be default be able to do a lot of things with this folder "by default". He can do: Traverse Folder / Execute File List Folder / Read Data Read Attributes Read Extended Attributes Create Folders / Append Data Create Files / Write Data Read Permission How is this? Why does a new user get to do all this stuff to anywhere on my box? Thanks
|
|
#3
January 13th 09, 06:19 PM
posted to microsoft.public.windowsxp.security_admin
|
|||
|
|||
|
Default file/folder security permissions for a new user
Anteaus wrote:
The reason is that the folders in question will have "Everyone" group permissions applied. Since membership of this group is automatic (and doesn't appear in usermanager) Bob doesn't need to be in any specific group to access them. -Is this a bad arangement? Linux afficonados would certainly say yes. Matter of opinion I suppose. "Everyone" group is likely not involved. More than likely "Authenticated Users" - and/or "Users". Remove "Authenticated Users" (not a group where you can easily (if at all) control membership) and "Users" from those who have permissions to the folder. Controlling access to resources means controlling the permissions on the resources as much as you control the membership in the groups who will/will not have access to said resources... ;-) -- Shenan Stanley MS-MVP -- How To Ask Questions The Smart Way http://www.catb.org/~esr/faqs/smart-questions.html
|
|
#4
January 13th 09, 07:28 PM
posted to microsoft.public.windowsxp.security_admin
|
|||
|
|||
|
Default file/folder security permissions for a new user
I think this is on the right lines. Sorry for not replying earlier.
I took the discussion over to he http://groups.google.co.uk/group/mic...71c53792185315
|
| Thread Tools | |
| Display Modes | |
|
|
Linear Mode
