system user account and file permissions

  • Thread starter Thread starter runner7@fastmail.fm
  • Start date Start date
R

runner7@fastmail.fm

Guest
I am trying to find out what the best practice is for the default
system group and file permissions in Windows Server 2003. What I mean
is, it seems to have full control permissions by default, but what are
the security implications of this? If you want to restrict a share
access to a single user, for example, is it best to leave the system
account with the full control or take it out? If you take it out, do
you get better security? If you take it out, do you lose needed
functionality? Thanks for any help with this.
 
Re: system user account and file permissions

The system account (nt authority) is the operating system's account and
needs to have full control of the %systemdrive% and any drive(s) the
pagefile exists on. The system account is included in the "Everyone" group.

--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

<runner7@fastmail.fm> wrote:
>I am trying to find out what the best practice is for the default
> system group and file permissions in Windows Server 2003. What I mean
> is, it seems to have full control permissions by default, but what are
> the security implications of this? If you want to restrict a share
> access to a single user, for example, is it best to leave the system
> account with the full control or take it out? If you take it out, do
> you get better security? If you take it out, do you lose needed
> functionality? Thanks for any help with this.
>
 
Back
Top