+1 on not using Everyone & replacing it with Authenticated Users
Scott Kaufman Lead Network Analyst ITT ESI, Inc. From: James Rankin [mailto:kz2...@googlemail.com] Sent: Wednesday, April 01, 2009 10:51 AM To: NT System Admin Issues Subject: Re: File Server Security; Best Practice. I must be extra anal - I set the share permissions to Authenticated Users/Full Control :-) 2009/4/1 Ben Scott <mailvor...@gmail.com> On Wed, Apr 1, 2009 at 7:32 AM, Stephen Wimberly <riverside...@gmail.com> wrote: > I now have two coworkers that insist on adding user objects rather than > security groups directly to the file shares as well as specific folders > under the file share. As everyone else said, they're wrong. Microsoft's best practices documentation says this, somewhere. Also, in general, it's recommended not to use share permissions at all. Use NTFS permissions for access control, and set the shares to Everyone/Full Control. There are exceptions, but this is the good rule. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~