Security of non system drives

Posted: 06-20-2006, 05:40 AM
I just noticed that, under Vista beta 2, non system drives are given, by
default, special access permissions of: traverse, execute, list folder, read
to EVERYONE. Isn't that a security risk? How about those of us, for example,
who built Vista on a separate drive but still have personal data on a drive
that is now mounted with those special permissions? If these data were under
"Documents and Settings" they were protected (and many people are now
complaining that the old files are not accessible any more) but I am
concerned about folders and files that were not under "Documents and
Settings" and were, therefore, not necessarily protected.
Why give access to EVERYONE to these other drives?

Security of non system drives


Responses to "Security of non system drives"

Roger Abell [MVP]
Guest
Posts: n/a
 
Re: Security of non system drives
Posted: 06-21-2006, 02:12 PM
I guess my followup question is why not give that non-write access
to Everyone? What would you suggest instead?

Remember, the default security descriptor is applied when the
storage is first formatted. Many of us have the practice of setting
the NTFS permissions at the drive root as a first action after a new
format, with those permissions selected based on the use to be made
of the storage.

It is pretty hard to see what one should use that would be the "most
likely" permissions, so forcing on the least people the need to adjust
those permissions. It is certainly not possible for the drive to come
out from the format factory so that the storage is private to jgascon
as would be the My Documents of account jgascon; well, if jgascon
did the formatting it would be possible, but that would be a guess
that would likely cause the most people to have to adjust permissions
post format.

"jgascon" <jgascon@discussions.microsoft.com> wrote in message
news:B0EE9A96-082D-4A9B-84FC-B218E1EFDAF2@microsoft.com...
>I just noticed that, under Vista beta 2, non system drives are given, by
> default, special access permissions of: traverse, execute, list folder,
> read
> to EVERYONE. Isn't that a security risk? How about those of us, for
> example,
> who built Vista on a separate drive but still have personal data on a
> drive
> that is now mounted with those special permissions? If these data were
> under
> "Documents and Settings" they were protected (and many people are now
> complaining that the old files are not accessible any more) but I am
> concerned about folders and files that were not under "Documents and
> Settings" and were, therefore, not necessarily protected.
> Why give access to EVERYONE to these other drives?
>

Andrew
Guest
Posts: n/a
 
Re: Security of non system drives
Posted: 06-22-2006, 11:19 PM
MS designs Windows so that the average user gets a good experience with it,
with little to no effort on their part.

Most home users aren't concerned about perms on secondary drives. Make it a
security risk for some, or make it a nuisance for most, the choice is fairly
obvious.

"Roger Abell [MVP]" wrote:
> I guess my followup question is why not give that non-write access
> to Everyone? What would you suggest instead?
>
> Remember, the default security descriptor is applied when the
> storage is first formatted. Many of us have the practice of setting
> the NTFS permissions at the drive root as a first action after a new
> format, with those permissions selected based on the use to be made
> of the storage.
>
> It is pretty hard to see what one should use that would be the "most
> likely" permissions, so forcing on the least people the need to adjust
> those permissions. It is certainly not possible for the drive to come
> out from the format factory so that the storage is private to jgascon
> as would be the My Documents of account jgascon; well, if jgascon
> did the formatting it would be possible, but that would be a guess
> that would likely cause the most people to have to adjust permissions
> post format.
>
> "jgascon" <jgascon@discussions.microsoft.com> wrote in message
> news:B0EE9A96-082D-4A9B-84FC-B218E1EFDAF2@microsoft.com...
> >I just noticed that, under Vista beta 2, non system drives are given, by
> > default, special access permissions of: traverse, execute, list folder,
> > read
> > to EVERYONE. Isn't that a security risk? How about those of us, for
> > example,
> > who built Vista on a separate drive but still have personal data on a
> > drive
> > that is now mounted with those special permissions? If these data were
> > under
> > "Documents and Settings" they were protected (and many people are now
> > complaining that the old files are not accessible any more) but I am
> > concerned about folders and files that were not under "Documents and
> > Settings" and were, therefore, not necessarily protected.
> > Why give access to EVERYONE to these other drives?
> >
>
>
>
 
LinkBack Thread Tools Display Modes
 


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Forum Jump


Similar Threads
Thread Thread Starter Forum Replies Last Post
2 SATA Drives????? OpeXp Windows Vista Performance & Maintenance 6 02-01-2007 12:36 PM
mounting drives Doug Durrett Windows Vista File Management 1 11-06-2006 10:57 PM
Add other drives to index Martin Racette Windows Vista File Management 3 07-06-2006 04:17 PM
Sata Drives Petrus Windows Vista Install & Setup 4 06-17-2006 08:58 PM
DVD Drives Jim Weiger Windows Vista Install & Setup 0 06-12-2006 04:06 AM