locked
NTFS Best Practices RRS feed

  • Question

  • Hi Guys,

    I have been tasked with reviewing a customers current NTFS permissions and to produce a reccomendation as to any changes that should be implemented.

    My first question - is there any free tools out there that will produce a report of current permissions on files and folders?

    Secondly, is there any Microsoft Best Practise documentation for recommendations of NTFS permissions and security ?

    Any help would be greatly appreciated.

    Thanks,

    Nick. 
    Wednesday, February 18, 2009 11:23 AM

Answers

  • Hi,

    The following articles cover most aspects of security, not only File System (NTFS) security, hope them help.

    Best practices for security
    http://technet.microsoft.com/en-us/library/cc782677.aspx

    Best practices for assigning permissions on Active Directory objects
    http://technet.microsoft.com/en-us/library/cc786285.aspx

    Access Control Best Practices
    http://technet.microsoft.com/en-us/library/cc778399.aspx

    Thanks.


    This posting is provided "AS IS" with no warranties, and confers no rights.
    • Marked as answer by Mervyn Zhang Tuesday, February 24, 2009 10:10 AM
    Monday, February 23, 2009 2:17 AM

All replies

  • Hi Nick,

    You can make use of ICACLS (or XCACLS) to generate a report of the NTFS permissions of, say, a file share (or the entire C: drive of a computer, for that matter). For example, to save the ACLs of the files under the C:\DATA folder and all its subdirectories to a log file:

    icacls c:\data\* /save Data_NTFS.log /T

    Here are some NTFS best-practice documents you may want to look into:

    Best Practices for Securing Files with NTFS Permissions
    http://technet.microsoft.com/en-us/library/cc782737.aspx

    How IT Works: NTFS Permissions
    http://technet.microsoft.com/en-us/magazine/2005.11.howitworksntfs.aspx

    How IT Works: NTFS Permissions Part 2
    http://technet.microsoft.com/en-us/magazine/2006.01.howitworksntfs.aspx

    Regards,

    Salvador Manaois III
    MCITP | Enterprise & Server Admin
    MCSE MCSA MCTS CIWA C|EH
    Bytes & Badz: http://badzmanaois.blogspot.com
    • Proposed as answer by Kevin Remde Sunday, December 2, 2012 3:26 PM
    Thursday, February 19, 2009 4:57 AM
  • Thanks for your reply - do you know if there are any white papers from Microsoft on NTFS Permissions and using Security Groups?  I nned to produce a report on a recommended approach ans I am looking at recommending using Global and Local Security Groups rather than assigning individual access to folders.

    Any additional documentation I can provide would help.

    Thanks

    Nick.
    Saturday, February 21, 2009 10:27 PM
  • Hi,

    The following articles cover most aspects of security, not only File System (NTFS) security, hope them help.

    Best practices for security
    http://technet.microsoft.com/en-us/library/cc782677.aspx

    Best practices for assigning permissions on Active Directory objects
    http://technet.microsoft.com/en-us/library/cc786285.aspx

    Access Control Best Practices
    http://technet.microsoft.com/en-us/library/cc778399.aspx

    Thanks.


    This posting is provided "AS IS" with no warranties, and confers no rights.
    • Marked as answer by Mervyn Zhang Tuesday, February 24, 2009 10:10 AM
    Monday, February 23, 2009 2:17 AM
  • Your answer is vague and only includes links. Salvador below took time to actually answer the question and provide insight.

    STOP MARKING YOUR OWN ANSWER AS CORRECT TO GET POINTS!!! As the moderator, this is unfair because you only care about the points you receive, not whether the correct answer has been proposed.

    Further, a MS employee also proposed Salvador's answer as correct.

    And your English is awful, "hope them help"? Give me a break.
    • Edited by TBoneJones Friday, November 8, 2013 3:48 PM
    Friday, November 8, 2013 3:46 PM