Warning: iconv_mime_decode() [function.iconv-mime-decode]: Malformed string in /home/secureg/public_html/lib/standard.lib.php on line 2257
windows server 2003 and folders
windows server 2003 and folders

windows server 2003 and folders
Secure Home | Search | About
Login Password
Register Now! Lost Password?

Microsoft Applications Security - Microsoft's general security discussions and announcements 

Bookmark this page:  YahooMyWeb Yahoo!  Google Google  Windows Live Favorites Windows Live  del.icio.us del.icio.us  digg digg  Add to Netscape Netscape
Subject Author Date
windows server 2003 and folders shawn 12-27-2005
Posted by =?Utf-8?B?c2hhd24=?= on December 27, 2005, 7:01 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
I have the following shared folders created:

\<server>\FB Share
\<server>\Users\<username>

What permissions should the above folders have in this domain environment?

Posted by Steven L Umbach on December 28, 2005, 12:09 am
If you were  Registered and logged in, you could reply and use other advanced thread options
It depends. You want to follow the principle of least privilege and it
depends on if you want administrators to also have full control access to a
users folder or not. The two links serve as guideline for redirected or home
folders and the assumption is that you don't want users to access each
others folders. Group Policy can also be configured to give administrators
full control to a user's roaming profile and redirected folders and you
would want to implement such before you start configuring the users
olders. --- Steve

http://support.microsoft.com/kb/274443
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/a1b7ce04-708b-4145-830a-cadfc003acd3.mspx

>I have the following shared folders created:
>
> \<server>\FB Share
> \<server>\Users\<username>
>
> What permissions should the above folders have in this domain environment?



Posted by =?Utf-8?B?SWFu?= on December 28, 2005, 3:51 am
If you were  Registered and logged in, you could reply and use other advanced thread options

My observations:

In contrast to Microsoft's notes I would advise you to add the server's
local Administrator (or whatever account is used for server console-logon)
the home-folder permissions. If you don't do so there may be difficulty in
backing-up the content, and difficulty in removing a home-folder after the
user has left.



Posted by Roger Abell [MVP] on December 29, 2005, 9:38 am
If you were  Registered and logged in, you could reply and use other advanced thread options
A backup application that use the backup/restore APIs
should have no issues if Administrators have no permission.
After a user has left it is simple to take ownership granting
permissions and then remove the left over storage.

Not granting Administrators permissions is one means of
establishing (at least a semblance of) privacy for users'
storage, but it must be combined with other settings and
event monitoring.

>
> My observations:
>
> In contrast to Microsoft's notes I would advise you to add the server's
> local Administrator (or whatever account is used for server console-logon)
> the home-folder permissions. If you don't do so there may be difficulty in
> backing-up the content, and difficulty in removing a home-folder after the
> user has left.
>
>



Posted by Roger Abell [MVP] on December 29, 2005, 9:42 am
If you were  Registered and logged in, you could reply and use other advanced thread options
As was said, it depends on the intended usage.
I tend to advocate, as a general practice, not granting
Administrators higher than read (if that much). This is
in environment where control of Administrators members
is less than strong, where use of those accounts is excessive,
and possibly on more than a few well-tended machines.
In such an environment the potential for an account to be
used in presence of infection/malware dramatically increases,
so not granting network write access to published shares is
one means to limit accidental or malware driven change to
content of network share content.

>I have the following shared folders created:
>
> \<server>\FB Share
> \<server>\Users\<username>
>
> What permissions should the above folders have in this domain environment?



Similar ThreadsPosted
Strange Windows 2000 / 2003 behavior found with ASPNET permissions on MachineKeys folders?!? July 5, 2005, 11:29 am
Re: Unable to view/manage server roles (windows 2003 server) March 12, 2005, 3:35 am
Can not use UNC path in Windows server 2003 server 64 bit OS September 30, 2005, 4:19 pm
Re: Windows Firewall fails to start on Windows Server 2003 October 11, 2009, 10:24 pm
Windows Firewall fails to start on Windows Server 2003 May 3, 2005, 3:30 pm
Windows Update error 0x80244019 on Windows 2003 server June 23, 2005, 6:31 pm
Windows Update fails on Windows 2003 server June 23, 2005, 7:27 pm
Windows 2003 domain with Windows 2008 CA server July 30, 2009, 3:22 pm
RE: WIndows Server 2003 July 29, 2005, 12:16 am
Windows 2003 server SP1 September 16, 2005, 12:06 am

The site map in XML format XML site map

Contact Us | Privacy Policy