On Wed, Jun 15, 2011 at 11:28 AM, James Rankin <kz2...@googlemail.com> wrote: > I agree, particularly in a Terminal Services environment. But I have just > checked a 2003 R2 server and found the same thing.
Indeed. The permissions you see have been the default since Win 2000, IIRC (basically "forever"). We have long had a Group Policy in place to remove them. Users shouldn't be able to scribble in random places. Another location that has default write permissions but shouldn't is "All Users". (Luser downloads and runs malware. Malware compromises something under "All Users". Admin logs in to PC to fix malware. Malware now runs with admin privileges.) We fix that, too. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin