A key element to this is that a user will be granted the least security possible when the share and NTFS permissions are combined. For example, if the NTFS permissions give a user read access but the shared permission is read/write for everyone the user will still only have read access.
I generally try not to mix my permissions. I would recommend setting your permmisions in NTFS and not giving much thought to the share permissions. On Monday 24 February 2003 23:43, Di Fresco Marco wrote: > > There are a number of ways to do what you're talking about, but I don't > > think that's necessarily the correct approach to solving what > > you're worried about. There are two kinds of permissions on a microsoft > > system (assuming that you're running NTFS which XP normally does) > > Yes, I am using NTFS (I forgot to mention it). > > > share permissions and Access Control Lists. You should check your drive > > and make sure that any of your shares (folders with the little hand > > under them) are not set to everyone (the default), I usually use > > authenticated users or something like that but if you're really paranoid > > you could add each of your four accounts by name. > > I do not have any shared folder (at least I never configured any folder to > this sitting), so I should be fine on this metter. > > > ACLs on the other hand aren't really for protecting you from outsiders, > > they're more about protecting you from authorized users. For example you > > may not wish to give everyone who uses your machine access to your mp3 > > files, in case they might accidentally delete one. > > The configurtion between user shoud be fine (at least the accounts of my > parents do not have permission over my files, but my account has permission > over their for backup purpose). But I am worring (other then attacker, that > you solved my doubts with the first line of the above paragraph) about > viruses, trojan, etc (even if I shuld be quite protected, see reply to the > next paragraph). As far as I have understood (as I said in the previous > e-mail, I am a newbie home user), when loaded, the viruses infect as much > as it can with the permission of the current active user and since I am > affraid to have given to much permission to my daily use account, I am > worry to be too vulnerable. > > I am already considering to make backups more often (and especially to a > separate media, right now the automatic backup goes in a local folder) and > use the system restore. > > > As you have an always on internet connection, the main three things you > > should do as a home user to protect your system are: > > 1) Install a firewall (zonealarm is free, there are lots of others that > > would work just fine as well) > > 2) Install and keep updated an anti-virus program. My personal favorite > > is norton corporate, its packed with features, but if you're on a limited > > budget you can get AVG for free. > > 3) Download and install all microsoft updates. > > On these three thing I am fine; I (already) have ZoneAlarm, McAfe Personal > Firewall and McAfee VirusScan Professional 7 and I look for updates (for > either these programs and Windows Update) almost every days. > > > There are lots of other things you can do to secure your computer, but > > just by doing these three you'll eliminate 95% of all trouble you'll > > probably experience as a home user. > > Thank you. > > > > Di Fresco Marco > ICQ #51985192 > > |-------------------------------------------------------------------------- > || Spock (Court Martial - TOS): If I let go a hammer on a planet having a > | | positive gravity, I need not see it fall to know that it has, in fact, > | | fallen. > | > |-------------------------------------------------------------------------- > || -- Thanks, Harvey Cary CISSP, MCSE+I Network Security Consultant Raleigh, NC [EMAIL PROTECTED]