As explained in Chapter 3, permissions are the means by which you control access to network objects. After shares, they are the second and third lines of defense in protecting data and network resources. File and folder permissions are controlled by NTFS. This section deals specifically with the permissions that control access to volumes, folders, and files, as opposed to permissions that control access to sharepoints.
Permissions kick in as soon as you format a volume to NTFS. Volumes are protected with NTFS permissions, just as are folders and files. As soon as you format a volume to NTFS 5.0, right-click the name of the volume in Windows Explorer and choose the Properties command on the pop-up menu. Click the Security tab of the Properties dialog box that appears. You'll notice a bunch of groups that have default access to the folder. The most suspicious group is Everyone.
These settings are still consistent with the Windows 2000 default, whereby the default behavior of the OS is to give Everyone access as well — that is, assign it rights to access the files in the folder. This access has now been locked down further in Windows Server 2003. Although the Everyone group is still added to the security settings, by default it gets no rights. We still advise that you change this default behavior, however, and remove the Everyone group from the default groups that are given access to every new folder that's created. To do so, see the flowchart in Figure 27-23.
Was this article helpful?