Chapter 3: NTFS Permissions 101

Previous page
Table of content
Next page

I frequently ask students and clients to rank their NTFS permissions knowledge on a scale from 1 to 10, with 10 meaning they are an expert. Most administrators rank themselves as a 7 or 8. The truth is most are a 2 or a 3. I don't blame administrators for the lack of understanding of how NTFS permissions really work. Most are overworked and underpaid, and their teachers didn't teach it right in the first place. In the life of a busy administrator, the last thing they usually have is free time to explore the intricacies of Windows permissions. Yet, understanding how to correctly set NTFS permissions is among the top ways to prevent malicious exploits. This chapter discusses how Windows security really works, lists all the well-known SIDs, reveals all the built-in users and groups, discusses share and NTFS permissions in detail, summarizes the current permission settings in Windows, and finishes with recommendations. Chapters 5, "Protecting High-Risk Files," and 6, "Protecting High-Risk Registry Entries," build on the knowledge learned in this chapter. This is a big chapter, but it is worth its weight in gold. I wish it was the chapter I read when I was first learning about NTFS permissions and Windows security.

Common Misconceptions

Before we get started, here are some common misconceptions that will be corrected in this chapter:

  • The Everyone group has Full Control to most Windows resources by default.

  • Deny permissions always override Allow permissions.

  • Effective permissions are determined by the intersection of NTFS and Share permissions.

  • When both NTFS and Share permissions are involved, the effective permission granted is always the least permissive permission.

  • Read permission only allows a user to view a resource.

  • Read & Execute permission is necessary to execute a program.

  • The Deny-Delete permission prevents deletion.

If any of these surprise you (and most people should see at least one surprise), when you are finished with this chapter, review this list again to see if your understanding has changed since the first time you read it.


Previous page
Table of content
Next page
Professional Windows Desktop and Server Hardening
Professional Windows Desktop and Server Hardening (Programmer to Programmer)
ISBN: 0764599909
EAN: 2147483647
Year: 2004
Pages: 122
Authors: Roger A. Grimes
BUY ON AMAZON
Absolute Beginner[ap]s Guide to Project Management
Professional Java Native Interfaces with SWT/JFace (Programmer to Programmer)
Java How to Program (6th Edition) (How to Program (Deitel))
C & Data Structures (Charles River Media Computer Engineering)
Making Sense of Change Management: A Complete Guide to the Models, Tools and Techniques of Organizational Change
Microsoft VBScript Professional Projects
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy