RE: Share permissions question

If you are concerned that he may have access and he is a IT professional,
then the only way you can be sure that he will not access is either A: stay
offline or B: backup your data and perform a complete format and re-install.

I would go with option B.

Off of the top of my head I do not know what the appropriate security
settings should be. However under no circumstances shoulf everyone be given
full control.
--
David Davis [MCSE, CCNA, Security +]



"Lisa" wrote:

Thanks for your prompt reply and valuable info David. Hmm, now I am a little
worried.
Ex boyfriend b/c he set up computer obv knows my admin rights number. Im
note sure if this is relevant, whether he can login and check my computer at
anytime.

Pls see below an example maybe this will help:

C:\Documents and Settings\All Users\Application Data\Microsoft
Properties\Security. Group or user names as follows:
Administrators (with my name and admin numbers)
Everyone
Power Users (my name & admin number)
System
Users (my name & admin number)
All these have every box ticked to 'allow'
Go to advanced ---> Effective Permissions---> Select--->Advanced-->Find
now---> there is about 20 heading here e.g.the ones I have mentioned above
plus remote interactive login, replicator,remote desktop user, network conf
operator, some guests are marked (with a cross, obv non existent) two other
guest headings (without a cross, meaning they are active?),anonymous logon.
All these have the number of my admin rights next to them. I cannot delete
any of them, because they are inherient from the parent to the child. Im not
very familiar with this parent and child aspect.

This is typical of most of the files on my computer.

Appreciate your input. Thanks David
Cheers Lisa:)


"David Davis" wrote:

Interesting:

Just using the users that you listed below I would say:

anonmyous user - Never give this account full control unless the folder in
question is part of a website that you wish to allow anonmyous access, even
then IUSR should be given rights not anonmyous.

remote access user - Unless you are remoting in, you should not need this.

backup operator - If your machine is a member of a domain and you have
someone soley responsible for backups then this account really does not
belong either.

etc. Depends, definately should not have all.

Bottom line if you are the only user on the computer i.e. standaolone
machine not part of a domain, then the only permissions you need on your data
is the group Administrators, and your user account. Note that I specified
DATA, there are application folders that require special permissions such as
SYSTEM etc.

My general rule of thumb is that no one get full control with the exception
of owner and the local / domain admin account.

these have full rights, meaning all the boxes are ticked
--
David Davis [MCSE, CCNA, Security +]



"Lisa" wrote:

Hi David, I have read every post you and David have posted re permissions
i.e. parent and child inherient etc. I am not a newbie to the computer world
but definitely not a Tech either:). My question is, my ex boyfriend (who
works in the IT World) set up my computer. When I click properties--->
security---> I have the usually Admin, My name etc, but there is a list so
long, e.g. anonmyous user, remote access user, backup operator, etc. All
these have full rights, meaning all the boxes are ticked. Could you please
advise me if I have anything to worry about.
Kind regards
Lisa:)

"David Davis" wrote:

Are your sharing permissions set to everyone, full control?
--
David Davis [MCSE, CCNA, Security +]



"BrianB" wrote:

Hello,

With the Advanced Security Settings Permissions (Traverse folder, List
folder, Read attributes, Read extended attributes, and Read permissions -
This folder only) why can't users map to a folder?
All inheritable permissions and Replace permission entries are not checked.

Users need to map to this folder then choose a sub-folder from a list.
Users have Share permissions to use only some of the sub-folders and should
not be able to browse or use the sub-folders they do not have other Share
permissions to use.
Users can map a drive to the sub-folders they have permissions to but we
want to map a drive to the main folder so we don't end up mapping multiple
drives per user.

Thanks
BrianB
.

Relevant Pages

  • Re: NTFS - Restrict file deletion
    ... NTFS permissions are XP standard. ... File is in folder. ... the Admin from deleting a file or folder. ... check on "Inherit from Parent...", click Apply, click ...
    (microsoft.public.windowsxp.general)
  • Re: Word mail merge data source
    ... Word on it) then there may be a problem if the folder containing the data ... Word builds a connection string. ... but just because a user has full admin rights does not necessarily ... superset of other users' permissions - for example, ...
    (microsoft.public.word.vba.general)
  • Re: Word mail merge data source
    ... we still did not get it working using UNC. ... Word on it) then there may be a problem if the folder containing the data ... but just because a user has full admin rights does not necessarily ... superset of other users' permissions - for example, ...
    (microsoft.public.word.vba.general)
  • RE: Share permissions question
    ... Thanks for your prompt reply and valuable info David. ... Ex boyfriend b/c he set up computer obv knows my admin rights number. ... there are application folders that require special permissions such as ... With the Advanced Security Settings Permissions (Traverse folder, ...
    (microsoft.public.windows.server.general)
  • RE: Share permissions question
    ... David Davis ... Off of the top of my head I do not know what the appropriate security ... there are application folders that require special permissions such as ... With the Advanced Security Settings Permissions (Traverse folder, ...
    (microsoft.public.windows.server.general)