Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Basics: RE: Win2000 Directory Permissions

RE: Win2000 Directory Permissions

From: Sander de Rijk <sander_at_derijk.org>
Date: Tue, 1 Apr 2003 23:16:22 +0200

I would say change EVERYTHING to admin+system full control and users
instead of everyone read permissions. Besides that change the repair
indeed to no access for the users.

No need for power users. No need for creator owner.
The documents and settings folder will take care of itself with those
permissions and if users need write access because of certain apps
Like for example c:\temp do that on the folder

That should be sufficient

For IIS however I would suggest u use the lockdown tool (be carefull
with the urlscan) to secure your server. It also takes care of the
entire NTFS settings of the IIS user

Greetz,
Sander

-----Original Message-----
From: Simon Taplin [mailto:SimonT_at_lantic.net]
Posted At: zondag 30 maart 2003 13:20
Posted To: Security Focus Mailings
Conversation: Win2000 Directory Permissions
Subject: Win2000 Directory Permissions

I'v been running the permission settings below on my NT4 workstation
PC's
for students. I'm now upgrading the machines to Win2000. Do I need to
change
any of the settings below for Workstations and Servers? Especially the
server running IIS?

I got these from the TechRepublic newsletter.

Simon

On these folders:

* \Winnt
* \Winnt\system
* \Winnt\system32
* \Winnt\system32\config
* \Winnt\system32\drivers

Apply these permissions:

* Administrators: Full Control
* Creator Owner: Full Control
* Everyone: Read
* System: Full Control

On \Winnt\repair, the only permission you should set is Administrators:
Full Control.

On \Winnt\system32\spool, apply these permissions:

* Administrators: Full Control
* Creator Owner: Full Control
* Everyone: Read
* Power Users: Change
* System: Full Control

On Boot.ini, Ntdetect.com, and Ntldr, apply:

* Administrators: Full Control
* System: Full Control

On Autoexec.bat and Config.sys, apply:

* Everyone: Read
* Administrators: Full Control 

---
This mail is hopefully virus free as it has been
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.465 / Virus Database: 263 - Release Date: 2003/03/25
-------------------------------------------------------------------
SurfControl E-mail Filter puts the brakes on spam,
viruses and malicious code. Safeguard your business
critical communications. Download a free 30-day trial:
http://www.surfcontrol.com/go/zsfsbl1
-------------------------------------------------------------------
SurfControl E-mail Filter puts the brakes on spam,
viruses and malicious code. Safeguard your business
critical communications. Download a free 30-day trial:
http://www.securityfocus.com/SurfControl-security-basics
Received on Apr 01 2003
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos