NTFS Permission Defaults - Basis for them RRS feed

  • Question

  • I'm converting a bunch of workstations from a peer-to-peer network to a domain-based network.

    Many of the computers have file Sharing and Security (NTFS?) settings that likely need to be removed.  
    So, I'd perhaps want to go back to the defaults.

    When looking at a new installation of Windows 10 Pro, I can see the defaults but haven't tried to ascertain if they are all the same or if they vary across the folders.

    One "strangeness" I found was the Security setting for Authenticated Users.  
    In the original workstation case they had FULL permissions.
    When converted to domain-joined, this rather means "everyone that's logged in on the domain" as I understand it - whereas for a local workstation, the permissions are much more restricted.  

    I'm wondering why the defaults were chosen as they are?

    Friday, September 20, 2019 7:04 PM

All replies

  • Someone may have also enabled the guest account which would have allowed unknown users from other machines on the network to access the files.

    The default file permissions were likely chosen based on users accessing the file system from the pc itself. Not from a network sharing perspective. When you share a folder, you are prompted for "who to share with", and the permissions get uninherited from the parent folder and set to the accounts that the user identifies. (The share button, not the advanced sharing button.)

    Are you being asked continue with the peer to peer file sharing? I would think that the best solution is to utilize a file server that is properly backed up. Don't share data on workstations. 

    Don't grant everyone or authenticated users full control. That leaves you wide open to a ransomware attack. Make sure that your backup solution is not accessible on the network so that it is not vulnerable to ransomware itself.      

    Saturday, September 21, 2019 3:02 AM