On Mon, Dec 29, 2008 at 6:35 PM, Phil Brutsche <[email protected]> wrote: > SYSTEM (Full Control on This folder, subfolders and files) > CREATOR OWNER (Full Control on Subfolders and files only) > Users (Read & Execute on This folder, subfolders and files) > Users (Create Folders / Append Data on This folder and subfolders) > Users (Create Files / Write Data on Subfolders only) > Everyeone (Read & Execute on This folder only)
FYI, it appears considerably more restrictive settings work. On on our servers, I've got root directory permissions set as: SYSTEM and Administrators having Full Control, SERVICE and maybe other service accounts have Read/Exec, nobody and nothing else. Seems more appropriate; if you're not an admin you have no business in the root directory of a server. We grant more permissions to subfolders for user stuff, or for service accounts. We also revoke the two "Create" permissions for "Users" on every computer here, and it seems to work well. Keeps users from littering the system with crap outside their user profile. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
