What Are Your Permissions?

What Permissions Do You Give 'Everyone'?

Litmus Test

Guy recommends:
Free SolarWinds
VM Console

A free desktop tool that monitors, or restarts, your VMware virtual machines. Download your free VM Console

Best Practice (Litmus Test)

NTFS Permission

Amateurs: Add users to NTFS permission list.

Professionals: Create a security group and add it to the permission list and then add users to that group.

David H Kendrick

Everyone Permissions

Professionals: Remove the default permission 'Everyone' - Full Control.

Amateurs: Don't mind 'Everyone' having full control of all shares.

Permissions - Everyone Full Control

Share permissions are like giving users a key to the office door. NTFS permissions are like giving them the key to the safe. Too many organisations leave the safe unlocked!

Make it your best practice to remove the group Everyone because they have full control, and substitute users and only give them read. It usually makes sense to also add the Administrators and give them full control.

right-click a shared folder, check the permissions under both Share and NTFS Tabs.

Note that there are two tabs to control permissions on any folder - Sharing (Key of the door) and Security (NTFS lock on the safe).

Guy Recommends: Permissions Analyzer - Free Active Directory Tool

I like the Permissions Monitor because it enables me to see quickly WHO has permissions to do WHAT. When you launch this tool it analyzes a users effective NTFS permissions for a specific file or folder, takes into account network share access, then displays the results in a nifty desktop dashboard!

Think of all the frustration that this free utility saves when you are troubleshooting authorization problems for users access to a resource.

Download Permissions Analyser - Free Active Directory Tool

See a full review of Solarwinds Permissions Analyzer.

Windows Server 2003 - Best Practice

The default permissions in Windows Server 2003 has been changed to give users only Read permission. This is but one of numerous improvements to security in Windows Server 2003. It as if Microsoft has put security first ahead of 'easy to use' or 'cool feature'. This is what people want, more security less flashy bells and whistles.

The biggest change compared with NT 4.0 is that you now have the Deny permission. In NT 4.0 the No Access was rather a blunt tool, it meant you could not read documents or list files. The new Deny means that you can explicitly Deny Write. That means that if a user is a member of another group that is give Change permission, they still only end up with Read.

Windows Server 2003 has a little know snap-in called Shared Folders, I use it to check and set share permissions.

See more about Permissions.

Download my Jumbo Litmus Test eBook $5.95

Over 40 of Guy's litmus tests. Have fun while you learn about aspects of computing. Stacks of ideas to check your servers, networks and security.

Your eBook has printer friendly pages and lots more screen shots.

Litmus Tests

Guy's Litmus test is a concept that you can apply anywhere. Each test gives you an instant answer to the simple question:- 'Are you dealing with a professional, or are they an amateur? Is this the real deal, or is it a turkey?' The Litmus Test concept is rather like Best Practice, but it reduces a 27 page report to one sentence.

Try another of my Litmus tests »

Learn about Windows 8

• Install Windows 8 • Windows 8 Configuration Settings • Windows 8 Metro UI

• Windows 8 Registry • Windows 8 Group Policy Examples • More Litmus Tests

Custom Search

Site Home

Guy Recommends: SolarWinds Free IP SLA Monitor

SolarWinds IP SLA Monitor offers so much more than just uncovering network bottlenecks, the real joy is learning about router traffic.

To find out what's happening on the network between your computers and their routers, download your free copy of the of IP SLA Monitor.

Please report a broken link, or an error to: