Best Practices for NTFS Shares

View Full Version : Best Practices for NTFS Shares

Rob

I am searching for a white paper on best practices for
setting up NTFS Shares in W2K. Can anyone point me in the
right direction or have an article number I can search on?

Thanks,
Rob

Steven L Umbach

The Windows 2000 Security Hardening Guide is a pretty good read though I don't know
if it has exactly what you are looking for. Generally you want to follow the least
permissions needed rule to set up folders. By default W2K gives everyone full control
to a share which you should change to full control for administrators and read or
modify for the appropriate users group that needs access to the share. Read allows
execute permissions to a share while modify is needed for write and delete.

NTFS permissions work in conjunction with share permissions for network access and
the most restrictive of the two permissions will apply to a user. Avoid using
everyone/users group in shares or ntfs permissions unless you want all users to have
access. The links below may be helpful. --- Steve

http://support.microsoft.com/?id=301195
http://www.windowsitlibrary.com/Content/592/toc.html
http://www.microsoft.com/technet/Security/prodtech/win2000/win2khg/05sconfg.mspx#XSLTsection129121120120

"Rob" wrote in message
news:438b01c4732a$d0d11300$a401280a@phx.gbl...
> I am searching for a white paper on best practices for
> setting up NTFS Shares in W2K. Can anyone point me in the
> right direction or have an article number I can search on?
>
> Thanks,
> Rob

Thanks a lot. I needed to find documentation to support my
assertion that we get rid of the FC on the Everyone
Group. These links are very helpful.
>-----Original Message-----
>The Windows 2000 Security Hardening Guide is a pretty
good read though I don't know
>if it has exactly what you are looking for. Generally you
want to follow the least
>permissions needed rule to set up folders. By default W2K
gives everyone full control
>to a share which you should change to full control for
administrators and read or
>modify for the appropriate users group that needs access
to the share. Read allows
>execute permissions to a share while modify is needed for
write and delete.
>
>NTFS permissions work in conjunction with share
permissions for network access and
>the most restrictive of the two permissions will apply to
a user. Avoid using
>everyone/users group in shares or ntfs permissions unless
you want all users to have
>access. The links below may be helpful. --- Steve
>
>http://support.microsoft.com/?id=301195
>http://www.windowsitlibrary.com/Content/592/toc.html
>http://www.microsoft.com/technet/Security/prodtech/win2000
/win2khg/05sconfg.mspx#XSLTsection129121120120
>
>
>"Rob" wrote in
message
>news:438b01c4732a$d0d11300$a401280a@phx.gbl...
>> I am searching for a white paper on best practices for
>> setting up NTFS Shares in W2K. Can anyone point me in
the
>> right direction or have an article number I can search
on?
>>
>> Thanks,
>> Rob
>
>
>.
>

Benn Wolff

Microsoft released a "Heads up" a few years ago
about removing the EveryOne group.

This came about the same time as the FBI's
warrning about the PnP on windows also.

wrote in message
news:448001c47339$473f08e0$a601280a@phx.gbl...
> Thanks a lot. I needed to find documentation to support my
> assertion that we get rid of the FC on the Everyone
> Group. These links are very helpful.
> >-----Original Message-----
> >The Windows 2000 Security Hardening Guide is a pretty
> good read though I don't know
> >if it has exactly what you are looking for. Generally you
> want to follow the least
> >permissions needed rule to set up folders. By default W2K
> gives everyone full control
> >to a share which you should change to full control for
> administrators and read or
> >modify for the appropriate users group that needs access
> to the share. Read allows
> >execute permissions to a share while modify is needed for
> write and delete.
> >
> >NTFS permissions work in conjunction with share
> permissions for network access and
> >the most restrictive of the two permissions will apply to
> a user. Avoid using
> >everyone/users group in shares or ntfs permissions unless
> you want all users to have
> >access. The links below may be helpful. --- Steve
> >
> >http://support.microsoft.com/?id=301195
> >http://www.windowsitlibrary.com/Content/592/toc.html
> >http://www.microsoft.com/technet/Security/prodtech/win2000
> /win2khg/05sconfg.mspx#XSLTsection129121120120
> >
> >
> >"Rob" wrote in
> message
> >news:438b01c4732a$d0d11300$a401280a@phx.gbl...
> >> I am searching for a white paper on best practices for
> >> setting up NTFS Shares in W2K. Can anyone point me in
> the
> >> right direction or have an article number I can search
> on?
> >>
> >> Thanks,
> >> Rob
> >
> >
> >.
> >