|
Posted by Steven L Umbach on August 18, 2005, 11:16 am
Please log in for more thread options
Interestingly I have never seen specific guidance on such from MS. However
the NSA security guide for Windows 2000 shows for a domain controller that
everyone and users have been removed with "authenticated users" added with
read/list/execute permissions which makes sense to me. If interested you can
see this at the link below and examine the ntfs security settings in the
security templates they provide. I am not suggesting that you apply that or
any other security template however as there are many more changes other
then file system. You can use the mmc snapin for Security Templates to
examine their settings. As always document any changes including time
implemented just in case problems arise. --- Steve
http://nsa2.www.conxion.com/win2k/download.htm --- see W2KDc.inf.
>I have 2 permissions on root c:\ of AD server that i don't understand
>
> domain\users
> with list/read/excute
>
> everyone
> with special permissions
>
> Why are these 2 accounts needed & can i remove them without implications
> on
> exchange or AD?
| 
XML Sitemap