Re: Why does Everyone have Full Control of everthing?
From: George Hester (hesterloli_at_hotmail.com)
Date: 12/07/04
- Next message: Bartt: "Re: Desktop browser won't connect after idle period."
- Previous message: George Hester: "Re: Can't Access Hotmail with XP2/IE6"
- In reply to: John Brock: "Re: Why does Everyone have Full Control of everthing?"
- Next in thread: cquirke (MVP Win9x): "Re: Why does Everyone have Full Control of everthing?"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 7 Dec 2004 00:57:06 -0500
You say you have Everyone full permissions throughout your File System. OK I'll take your word for it. That is not the default and I don't think your going to find anyone that knows how to put your NTFS permissions everywhere back to the default. Believe me if someone knew they'd be on me faster then you can say, "Bye." You need to reinstall. That's the only sure fire way.
-- George Hester _________________________________ "John Brock" <jbrock@panix.com> wrote in message news:cp23qr$c7i$1@panix2.panix.com... > Excuse me George, but are you even bothering to read what I wrote? > On *MY* XP Pro system at home all files and folders *DO* inherit > from root, and the Everyone group *DOES* have Full control of > *EVERYTHING*. That is why I think I have a *PROBLEM*! I just > looked the XP system I use at work, and the permissions are set > very differently, and much more sensibly. For example at work > various permissions on C:\Program Files\Common Files -- your example > -- are granted to Administrators, CREATOR OWNER, Power Users, > SYSTEM, and Users. At home, on the same folder, Full Control is > granted to Everyone, and that's it. So what are the permissions > for that folder on *your* system? My root at work has permissions > similar to the link I gave you below (did you even look at it?). > My root at home has Full Control granted to Everyone. How can this > be a sensible default? > > Please, is there anyone here (who knows what they are talking about) > who can give me some idea about what is going on? > > My current best guess is that, since most of IBM's customers are > corporations, perhaps they ship their PC with the expectation that > corporate sysadmins will do something drastic to the security setup > anyway, so they don't bother shipping XP with the normal defaults. > In fact I have a *very* vague recollection that when I first turned > on my PC I was asked whether I wanted my drive formated as NTFS, > which of course I did, although I thought the question odd. Perhaps > IBM assumed that someone, for some reason, might want XP on FAT32, > so they shipped it that way, reasoning that you can always convert > FAT32 to NTFS but not the reverse, and that anyone who wanted NTFS > would do the conversion (which *would* leave Everyone with Full > Control of everything, just like on my system), and then the > sysadmins would simply apply one of the security templates (not so > simple for me though, although I suspect I am going to have to > learn) to produce a normally secure system. As I said though, this > is just a wild guess. Anyone have any better ideas? > > In article <#gShL002EHA.3596@TK2MSFTNGP12.phx.gbl>, > George Hester <hesterloli@hotmail.com> wrote: > >You are wrong. It is the default. You are also wrong in thinking = > >Everyone means EVERYONE. It don't. It > >means all the people and others in your profiles on the machine. The = > >only user you have to be concerned with is > >IUSR_MachineName which you may not even have. > > > >You are also wrong that all folders but those in Documents and Settings = > >inherit the permissions from the root.=20 > >Look at C:\Program Files\Common Files also look at C:\Windows\Installer. = > > These are just a few you have many > >more. > > > >I don't mean to sound like a bully. I'm just pointing out that Everyone = > >permissions on the root do not inherit > >through the entire file system. And Microsoft has done what is = > >sufficient. Security as we know it now do not > >put you at risk by permissions issue. Security flaws are not = > >permissions based they are buffer overruns things like > >that where no matter what your permissions are you'd still be at risk. = > >Do not mess with your permissions we bail > >people out everyday who get Scared remove permissions and instead of = > >having a computer they have a bunch of > >metal. > > > >--=20 > >George Hester > >_________________________________ > >"John Brock" <jbrock@panix.com> wrote in message = > >news:cp0g4c$al5$1@panix3.panix.com... > >>=20 > >> In article <e3KXLKr2EHA.1292@TK2MSFTNGP10.phx.gbl>, > >> George Hester <hesterloli@hotmail.com> wrote: > >> >>1) Does anyone have any idea why my machine is this way? > >>=20 > >> > yes that is the default. > >>=20 > >> It can't be the default; otherwise any user -- even Guest -- can trash > >> the entire system. What kind of security is that? > >>=20 > >> >>2) Is there anything I can do -- perhaps use some security template = > >or > >> >>something -- to restore the normal XP permissions. > >>=20 > >> >That is normal. > >> > > >> >Every folder in Windows XP does NOT inherit the permissions from the = > >=3D > >> >root. There is really no reason to be > >> >afraid of these permissions. If you remove the Everyone group then = > >you =3D > >> >need to make sure those that are in > >> >Everyone Group and necessary (like System) are kept or you could = > >disable =3D > >> >your system for good. Leave the > >> >permissions alone on the root. It is always safe to increase those = > >with =3D > >> >permissions but if you remove permissions > >> >then you stand a good chance of having issues. > >>=20 > >> On *my* XP system every folder -- other than user profiles -- *does* > >> inherit its permissions from the root, and all these folders belong > >> to Everyone. That's why I think there is something wrong with my > >> system, and why I am asking questions here. It's pretty clear from > >> the Q244600 document that this isn't the way things should be, and > >> in fact I found a different link: > >>=20 > >> http://support.microsoft.com/default.aspx?scid=3Dkb;en-us;327522 > >>=20 > >> which lists the default root permissions for Windows XP (look > >> beneath "WORKAROUND") and refers to them as "thoroughly designed > >> and tested". I haven't found a complete list of all Windows XP > >> permissions though, just the Windows 2000. Does anyone know where > >> I can find a complete list? > >>=20 > >> >"John Brock" <jbrock@panix.com> wrote in message =3D > >> >news:cou88q$t3r$1@panix1.panix.com... > >> >> I have been using my IBM ThinkCentre with Windows XP Professional > >> >> for over a year now, using the personal account created at setup. > >> >> That account belongs to the Administrators group of course, and > >> >> recently I decided to create a Limited account, for security = > >reasons. > >> >> I started to poke around by enabling the Guest account, and was > >> >> very startled to discover that it was not really very "limited" at > >> >> all, and in fact could delete files from places where I did not > >> >> think it should be able to, such as my Mozilla program directory. > >> >>=3D20 > >> >> After studying Windows XP Inside Out for a while it became clear > >> >> to me that the reason for this was that the Everyone group had Full > >> >> Control of the C: drive, and by inheritance everything else (except > >> >> my personal profile). I don't think this is right! But the book > >> >> warned against tampering with permissions on the system drive, and > >> >> directed me to Knowledge Base article Q244600, which has a long > >> >> list of default NTFS permissions for Windows 2000. > >> >>=3D20 > >> >> I am nervous about trying to reset all the folder permissions by > >> >> hand though (especially with settings from Windows 2000), and even > >> >> if I did who knows what else is amiss. Beyond that, I would really > >> >> like to know what is going on. The book noted that Full Control > >> >> by Everyone is what you get when you convert a partition to NTFS, > >> >> but this was a new machine with XP SP1 preloaded. > >> >>=3D20 > >> >> So basically I have two questions: > >> >>=3D20 > >> >> 1) Does anyone have any idea why my machine is this way? > >> >>=3D20 > >> >> 2) Is there anything I can do -- perhaps use some security template > >> >> or something -- to restore the normal XP permissions. > >> >> --=3D20 > >> >> John Brock > >> >> jbrock@panix.com > >> >>=20 > >>=20 > >>=20 > >> --=20 > >> John Brock > >> jbrock@panix.com > >> > > > -- > John Brock > jbrock@panix.com >
- Next message: Bartt: "Re: Desktop browser won't connect after idle period."
- Previous message: George Hester: "Re: Can't Access Hotmail with XP2/IE6"
- In reply to: John Brock: "Re: Why does Everyone have Full Control of everthing?"
- Next in thread: cquirke (MVP Win9x): "Re: Why does Everyone have Full Control of everthing?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
