Guest runner7@fastmail.fm Posted September 11, 2007 Posted September 11, 2007 I am trying to find out what the best practice is for the default system group and file permissions in Windows Server 2003. What I mean is, it seems to have full control permissions by default, but what are the security implications of this? If you want to restrict a share access to a single user, for example, is it best to leave the system account with the full control or take it out? If you take it out, do you get better security? If you take it out, do you lose needed functionality? Thanks for any help with this.
Guest Dave Patrick Posted September 11, 2007 Posted September 11, 2007 Re: system user account and file permissions The system account (nt authority) is the operating system's account and needs to have full control of the %systemdrive% and any drive(s) the pagefile exists on. The system account is included in the "Everyone" group. -- Regards, Dave Patrick ....Please no email replies - reply in newsgroup. Microsoft Certified Professional Microsoft MVP [Windows] http://www.microsoft.com/protect <runner7@fastmail.fm> wrote: >I am trying to find out what the best practice is for the default > system group and file permissions in Windows Server 2003. What I mean > is, it seems to have full control permissions by default, but what are > the security implications of this? If you want to restrict a share > access to a single user, for example, is it best to leave the system > account with the full control or take it out? If you take it out, do > you get better security? If you take it out, do you lose needed > functionality? Thanks for any help with this. >
Recommended Posts