From: "Sander de Rijk" <[EMAIL PROTECTED]> I would say change EVERYTHING to admin+system full control and users instead of everyone read permissions. Besides that change the repair indeed to no access for the users.
No need for power users. No need for creator owner. The documents and settings folder will take care of itself with those permissions and if users need write access because of certain apps Like for example c:\temp do that on the folder
That should be sufficient
For IIS however I would suggest u use the lockdown tool (be carefull with the urlscan) to secure your server. It also takes care of the entire NTFS settings of the IIS user
Greetz, Sander
Originally when I was setting up our permissions structure I removed the everyone group completely and gave the administrators group full control to all. Then I added domain users to a few places I felt were necessary. Under this configuration the thing didn't run well at all. Are you saying that by adding system with full control to all folders this problem would be solved?
Chris Berry [EMAIL PROTECTED] Systems Administrator JM Associates
"Without change, something sleeps inside us, and seldom awakens. The sleeper must awaken." -- Duke Leto Atreides
_________________________________________________________________
The new MSN 8: smart spam protection and 2 months FREE* http://join.msn.com/?page=features/junkmail
------------------------------------------------------------------- SurfControl E-mail Filter puts the brakes on spam, viruses and malicious code. Safeguard your business critical communications. Download a free 30-day trial: http://www.securityfocus.com/SurfControl-security-basics
