Re: everyone can use cacls.exe?

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Laura E. Hunter \(MVP\) (hunter(nospamplease)_at_sfs.upenn.edu)
Date: 05/06/04

• Next message: coreymart: "Default AD Permissions"
• Previous message: arno: "everyone can use cacls.exe?"
• In reply to: arno: "everyone can use cacls.exe?"
• Next in thread: arno: "Re: everyone can use cacls.exe?"
• Reply: arno: "Re: everyone can use cacls.exe?"
• Messages sorted by: [ date ] [ thread ]

---

Date: Thu, 6 May 2004 10:47:21 -0400

Here are the default NTFS permissions for a 2000 install:

http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q244600&ID=KB;EN-US;Q244600

2 caveats to be very aware of:

NOTE: These permissions do not apply to a drive that is converted to NTFS
using the Convert utility. A converted NTFS drive consists of all files and
folders with Everyone--Full Control as the default permission.

NOTE: The default permissions for the C:\ root directory, and all other hard
drive root directories (for example D:\, E:\), enable Full Control for the
Everyone special group, in Windows 2000.

You can tighten these NTFS permissions manually, or by using Security
Templates.

-- 
******************************
Laura E. Hunter - MCSE, MCT, MVP
Replies to newsgroup only
"arno" <schoblochr@azoppoth.at> wrote in message 
news:u$OgZf3MEHA.3944@tk2msftngp13.phx.gbl...
> Hi,
>
> Win2k Terminal Server SP4 and DC all-in-one-wonder-machine
>
> I have just written a batchfile that sets user-rights with cacls.exe. Any
> normal user can run this batch successfully.
>
> So, everyone can set any userrights? Or did I not set the userrights for 
> my
> C:\winnt folder correctly? Shall I restrict the user rights for cacls? If
> yes, for what other exe-files should I do that, too?
>
> My local drives are all hidden and cannot be accessed. Dos-Console is
> disabled. However, anyone can write a batchfile and run it, I cannot turn
> this off as some programs need that.
>
> Best regards
>
> arno
>
>
> 

---

• Next message: coreymart: "Default AD Permissions"
• Previous message: arno: "everyone can use cacls.exe?"
• In reply to: arno: "everyone can use cacls.exe?"
• Next in thread: arno: "Re: everyone can use cacls.exe?"
• Reply: arno: "Re: everyone can use cacls.exe?"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Re: Made bad mistake ... drive and then change the NTFS permissions by right-clicking ... into any of the drives]. ... You can also attempt to apply roll out this permission via a Group Policy ... (microsoft.public.win2000.security) Re: NTFS permissions ... Ntfs permissions are operating system dependant. ... --- Steve ... > If I have 2 Drives on a server and I format one drive and install a new OS ... (microsoft.public.win2000.security) Re: NTFS permissions ... Ntfs permissions are operating system dependant. ... --- Steve ... > If I have 2 Drives on a server and I format one drive and install a new OS ... (microsoft.public.win2000.security) Re: Administrator has prohibited access to CD/DVD ROM drives ... In HKEY_CURRENT_USER\Software\Microsoft\Protected Storage System Provider ... to me is set as you suggest, with my account and administrators groups both ... but I have permissions set. ... "Administrator has prohibited access to CD/DVD ROM drives" problem. ... (microsoft.public.windowsxp.help_and_support) Re: Administrator has prohibited access to CD/DVD ROM drives ... In HKEY_CURRENT_USER\Software\Microsoft\Protected Storage System Provider ... to me is set as you suggest, with my account and administrators groups both ... but I have permissions set. ... "Administrator has prohibited access to CD/DVD ROM drives" problem. ... (microsoft.public.windowsxp.help_and_support)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.active_directory  > 2004-05