Isn't that the tops? :-) On Tue, Dec 30, 2008 at 10:54 AM, Jon D <[email protected]> wrote:
> Thanks everyone. After reading everyones advise that the permissions > were okay I looked further and found that the problem was that a > special group was added to the local administrators groups on most of > the servers. > > Ends up, an administrator added code to the users login scripts to do > add this group locally, and another administrator had the users login > script in his super user account. > > Thanks everyone! > > > > > > On Tue, Dec 30, 2008 at 6:04 AM, Ken Schaefer <[email protected]> > wrote: > > Hi, > > > > The security permissions that are applied to files/folders when running > dcpromo are in a template file on your DC in > %systemroot%\security\templates. The "DC security.inf" template is what is > used by secedit during the DCPromo process to re-ACL files/folders on your > new DC. > > > > C$ is a share - not a folder/file/drive. You can't set the permissions on > this normally. It should be restricted to those in the Administrators group. > > > > Permissions on the root folder of the C: drive are different to C$ > permissions. Everyone (or Authenticated User) should have Read+Execute and > List Folder Contents permission by default. Check the inf file for more > info, or use secedit to re-ACL your box if you need to. > > > > Cheers > > Ken > > > > -----Original Message----- > > From: Jon D [mailto:[email protected]] > > Sent: Tuesday, 30 December 2008 8:53 AM > > To: NT System Admin Issues > > Subject: C$ Permissions on a Domain Controller???? > > > > Anyone know what the proper permissions are on the C: drive of a > > Domain Controller? > > Are they special or no? > > > > I'm doing a security audit and I came across 2 domain controllers that > > do not require a password to access their C$ share. > > You can't view the permissions of the share itself, but the > > permissions on the C drive have authenicated users with full control. > > > > That can't be right..... > > Anyone see anything like that before? > > Anyone know how dangerous it is to change the permissions(once I > > determine the correct permissions)? > > > > > > > > > > Thanks in advance, > > Jon > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
