|
Posted by Roger Abell on August 10, 2005, 3:41 am
Please log in for more thread options
You current setting is pretty much any account expect for anonymous login.
The only rule of thumb I use is that the setting should be custom crafted
based on the use of the machine if it is not left alone (the default is much
like saying there is no such thing as traverse checking).
When I use this, and I do believe this is a great addition to the machine
hardening, I ask : what accounts should be on this machine, and, to what
areas do I want to make sure accounts can access only if they have been
threaded down to the area in the NTFS permissions/
When I use this setting I also will typically use a FileSystem security
configuration editor template to state, set, analyze, and if needed reset
the NTFS permissions.
--
Roger Abell
Microsoft MVP (Windows Security)
> What is the recommended user rights setting for "bypass traverse
checking"?
> Some say "administrators, authenticated users" or no groups at all. I
removed
> the everyone group. Currently I have the following groups listed:
> Administrators, Authenticated Users, Backup Operators, Power Users, Users.
>
> Thank You.
| 
XML Sitemap