Local disk security

[dusty]

What is best practice for security permissions on a 2003 web server's C
drive? Here are my current security permissions after setting up a new web
server and joined to domain
Local Admin group - FC
Creator Owner - FC
Everyone - Special (default permissions)
System - FC
Users group - default permissions

I have a D drive were inetpub has been configured with websites and the
permissions are the same for this drive.

Shouldn't everyone and creator owner be removed for tighter security?

 

[S. Pidgorny]

There are security templates by Microsoft for you to use:
http://support.microsoft.com/kb/317376
Do you need anonymous access?

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

* http://sl.mvps.org * http://msmvps.com/blogs/sp *

"dusty" <dusty@discussions.microsoft.com> wrote in message
news:2266E6D6-1FC6-495C-B7E2-D61D8248E069@microsoft.com...
> What is best practice for security permissions on a 2003 web server's C
> drive? Here are my current security permissions after setting up a new
> web
> server and joined to domain
> Local Admin group - FC
> Creator Owner - FC
> Everyone - Special (default permissions)
> System - FC
> Users group - default permissions
>
> I have a D drive were inetpub has been configured with websites and the
> permissions are the same for this drive.
>
> Shouldn't everyone and creator owner be removed for tighter security?

 

[dusty]

Yes, anonymous access is needed.

"S. Pidgorny <MVP>" wrote:

> There are security templates by Microsoft for you to use:
> http://support.microsoft.com/kb/317376
> Do you need anonymous access?
>
> --
> Svyatoslav Pidgorny, MS MVP - Security, MCSE
> -= F1 is the key =-
>
> * http://sl.mvps.org * http://msmvps.com/blogs/sp *
>
> "dusty" <dusty@discussions.microsoft.com> wrote in message
> news:2266E6D6-1FC6-495C-B7E2-D61D8248E069@microsoft.com...
> > What is best practice for security permissions on a 2003 web server's C
> > drive? Here are my current security permissions after setting up a new
> > web
> > server and joined to domain
> > Local Admin group - FC
> > Creator Owner - FC
> > Everyone - Special (default permissions)
> > System - FC
> > Users group - default permissions
> >
> > I have a D drive were inetpub has been configured with websites and the
> > permissions are the same for this drive.
> >
> > Shouldn't everyone and creator owner be removed for tighter security?
>
>
>

 

[S. Pidgorny]

So you have to make provision for that, allowing access to the anonymous
account to the content.
Hope everything is clear about the templates.

regards

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

* http://sl.mvps.org * http://msmvps.com/blogs/sp *


"dusty" <dusty@discussions.microsoft.com> wrote in message
news:7F56C709-FAD8-42E7-8A5F-056708F9F759@microsoft.com...
> Yes, anonymous access is needed.
>
> "S. Pidgorny <MVP>" wrote:
>
>> There are security templates by Microsoft for you to use:
>> http://support.microsoft.com/kb/317376
>> Do you need anonymous access?
>>
>> --
>> Svyatoslav Pidgorny, MS MVP - Security, MCSE
>> -= F1 is the key =-
>>
>> * http://sl.mvps.org * http://msmvps.com/blogs/sp *
>>
>> "dusty" <dusty@discussions.microsoft.com> wrote in message
>> news:2266E6D6-1FC6-495C-B7E2-D61D8248E069@microsoft.com...
>> > What is best practice for security permissions on a 2003 web server's C
>> > drive? Here are my current security permissions after setting up a
>> > new
>> > web
>> > server and joined to domain
>> > Local Admin group - FC
>> > Creator Owner - FC
>> > Everyone - Special (default permissions)
>> > System - FC
>> > Users group - default permissions
>> >
>> > I have a D drive were inetpub has been configured with websites and the
>> > permissions are the same for this drive.
>> >
>> > Shouldn't everyone and creator owner be removed for tighter security?
>>
>>
>>