IT Employment

General discussion



By Shanghai Sam ·
I use a standard list for share permissions on our 34+ servers. Each office location has an operators account "OP1" and a group account "PITUSERS". The permissions are as follows:

Domain Admins: FULL CONTROL

Note that the EVERYONE group is removed. Other NT admins have told me that I need to add the SYSTEM account with full control. I am not having any problems - that I know of. What ramifications will I have by not adding the SYSTEM account?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Permissions - ok with restrictions

by asbjorn.alveberg In reply to Permissions

I use somewhat the same consept as you do, when sharing resources. It is smart restricting through shares as well as directories. Even if you fail setting any permissions through directories the users will not have any other access than through the share.

When dealing with application servers, you may need to grant SYSTEM full control. E.g. Internet Information Server. That is because the processess does the actual work and needs the rights to do it. This is usually only necessersaryn on directory level. That is because the access is local and not through any network share.

Good luck on building a healthy network without excessive permissions.

Related Discussions

Related Forums