Way to go, replying to the wrong list, Albert! ;) themolk.
P.S. - Yes, I'm back and lurking... > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of Albert Duro > Sent: Sunday, 24 June 2007 6:12 AM > To: Exchange Discussions > Subject: RE: [ActiveDir] OT - Everyone vs. Authenticated Users > > but don't forget that when you remove Everyone from NTFS > permissions, you're also removing SYSTEM, and that can make a > lot of trouble. I always put in SYSTEM separately before > taking out Everyone. Or is this too elementary to even mention? > > -----Original Message----- > From: Ziots, Edward [mailto:[EMAIL PROTECTED] > Sent: Friday, June 22, 2007 5:28 AM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] OT - Everyone vs. Authenticated Users > > > As a rule always remove Everyone from NTFS and Share permissions. (Use > Security templates!) Authenticated Users is a little more secure, but > alot of people use Authenticated users and then use NTFS > permissions to > secure the underlying files and folders. I an personally a fan of > Silhoing servers based on information contained within and > removing the > rights to logon over the network to only those groups that will be > access shares on that server, which severely limits access to > the data, > and stop the inadvertent junior admin/helpdesk person from doing harm > but putting a wide open share out on the server ( everyone > (Share :Full > Control, NTFS: Full Control)) and setting that server up for a > network-born virus to damange the data, if they cant login over the > network, they are effectively stopped, it doesnt matter if they got > full-control to the share or NTFS permissions. Its a little > more complex > of a setup, but if you understand the pieces of it and how it works is > doable. > > Another thing you should look into with your Win2k3 Systems is ABE ( > Access based Enumeration) which basically can add another layer of > security to your file-server setups, but not even showing a > user folders > they dont have read access to. Think if you combine this with DFS you > could defintely, nice secure and distributed file-server > system for your > users. > > Links on ABE: > http://www.microsoft.com/windowsserver2003/techinfo/overview/abe.mspx > > http://www.microsoft.com/downloads/details.aspx?FamilyID=04a56 > 3d9-78d9-4 > 342-a485-b030ac442084&displaylang=en > > http://technet2.microsoft.com/windowsserver/en/library/f04862a > 9-3e37-4f8 > c-ba87-917f4fb5b42c1033.mspx?mfr=true > > HTH > Z > > Edward E. Ziots > Network Engineer > Lifespan Organization > MCSE,MCSA,MCP+I,M.E,CCA,Network+, Security + > email:[EMAIL PROTECTED] > cell:401-639-3505 > > > > ________________________________ > > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Susan Bradley, > CPA aka Ebitz - SBS Rocks [MVP] > Sent: Thursday, June 21, 2007 8:35 PM > To: [EMAIL PROTECTED] > Subject: Re: [ActiveDir] OT - Everyone vs. Authenticated Users > > > 2k yes, 2k3 no. > > http://www.microsoft.com/downloads/details.aspx?FamilyId=8A264 > 3C1-0685-4 > D89-B655-521EA6C7B4DB&displaylang=en > http://www.microsoft.com/downloads/details.aspx?familyid=1B6AC > F93-147A-4 > 481-9346-F93A4081EEA8&displaylang=en > Good reading in there. > > EIS Lists wrote: > > W2k3. So then there really is no difference, eh? > > ________________________________ > > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Susan Bradley, > CPA aka Ebitz - SBS Rocks [MVP] > Sent: Thursday, June 21, 2007 5:20 PM > To: [EMAIL PROTECTED] > Subject: Re: [ActiveDir] OT - Everyone vs. Authenticated Users > > 2k or 2k3? > > As in 2k3 Everyone=Authenticated and guest is not included. > > EIS Lists wrote: > > Hi - > > What is the thinking on using "Authenticated Users" > instead of "Everyone" for assigning share and NTFS permissions? > Somewhere along the line I got in the habit of using "Authenticated > Users" for all share perms. But, I think the only difference > is Everyone > includes the Guest account, right? (...and if Guest is disabled, it > should not matter.) > > Does it matter? > > Thanks. > > -- Noah > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: > http://www.activedir.org/ma/default.aspx > > List info : http://www.activedir.org/List.aspx List FAQ : > http://www.activedir.org/ListFAQ.aspx List archive: > http://www.activedir.org/ma/default.aspx > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange > To subscribe: http://e-newsletters.internet.com/discussionlists.html/ > To unsubscribe send a blank email to > [EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > To unsubscribe via postal mail, please contact us at: > Jupitermedia Corp. > Attn: Discussion List Management > 475 Park Avenue South > New York, NY 10016 > > Please include the email address which you have been contacted with. > > > > > This email (including attachments) is for the sole use of the intended recipient(s) and may contain confidential or legally privileged information. Any unauthorised review, use, alteration, disclosure or distribution of this email (including attachments) by an unintended recipient is prohibited. If you have received this email in error, please notify the sender by return email and destroy all copies of the original message. Any confidential or legal professional privilege is not waived or lost by any mistaken delivery of the email. SPARQ Solutions accepts no responsibility for the content of any email which is sent by an employee which is of a personal nature. Sender Details: SPARQ Solutions PO Box 15760 City East Brisbane Qld 4002 +61 7 4931 2222 SPARQ Solutions policy is to not send unsolicited electronic messages. Suspected breaches of this policy can be reported by replying to this email including the original message and the word "UNSUBSCRIBE" in the subject. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange To subscribe: http://e-newsletters.internet.com/discussionlists.html/ To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
