I have to agree. There are much better places to focus hardening efforts. What specific liability is your Security Team trying to mitigate by this procedure?
-ASB: http://XeeSM.com/AndrewBaker On Sun, Apr 11, 2010 at 4:50 PM, Brian Desmond <[email protected]>wrote: > Depending on how you have security settings configured via GP Everyone may > be equivalent to Authenticated Users. You could make the change and it'd > likely be fine but there's no guarantee that future updates, threads, etc > wouldn’t re-permission it to the default. Generally speaking messing with > this stuff is a bad idea > > Thanks, > Brian Desmond > [email protected] > > c – 312.731.3132 > > > -----Original Message----- > From: Juned Shaikh [mailto:[email protected]] > Sent: Sunday, April 11, 2010 3:06 PM > To: NT System Admin Issues > Subject: RE: SYSVOL and NETLOGON Def perms > > Thanks, > > The security team that I am working with is of the opinion that Everyone : > READ permission should be deleted and only Authenticated users : FULL > CONTROL shoule be applied. > > Theoretically it seems that nothing will break.. because these shares will > only be accessed after successful authentication is completed.. > > Anyone has faced similar argument and what should be the response. > > Thanks, > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
