General discussion

Locked

Permissions

By Shanghai Sam ·
I use a standard list for share permissions on our 34+ servers. Each office location has an operators account "OP1" and a group account "PITUSERS". The permissions are as follows:

Domain Admins: FULL CONTROL
OP1: FULL CONTROL
PITUSERS: CHANGE

Note that the EVERYONE group is removed. Other NT admins have told me that I need to add the SYSTEM account with full control. I am not having any problems - that I know of. What ramifications will I have by not adding the SYSTEM account?

This conversation is currently closed to new comments.

1 total post (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Permissions - ok with restrictions

by asbjorn.alveberg In reply to Permissions

I use somewhat the same consept as you do, when sharing resources. It is smart restricting through shares as well as directories. Even if you fail setting any permissions through directories the users will not have any other access than through the share.

When dealing with application servers, you may need to grant SYSTEM full control. E.g. Internet Information Server. That is because the processess does the actual work and needs the rights to do it. This is usually only necessersaryn on directory level. That is because the access is local and not through any network share.

Good luck on building a healthy network without excessive permissions.

Back to IT Employment Forum
1 total post (Page 1 of 1)  

Related Discussions

Related Forums