General discussion

Locked

SYSTEM account in SHARE permissions

By NeverFearSmithisHere ·
I use a standard list for share permissions on our 34+ servers. Each office location has an operators account "OP1" and a group account "PITUSERS". The permissions are as follows:

Domain Admins: FULL CONTROL
OP1: FULL CONTROL
PITUSERS: CHANGE

Note that the EVERYONE group is removed. Other NT admins have told me that I need to add the SYSTEM account with full control if I remove the EVERYONE group.

I am not having any problems - that I know of. What ramifications will I have by not adding the SYSTEM account? Should I add the SYSTEM account?

This conversation is currently closed to new comments.

9 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

SYSTEM account in SHARE permissions

by BeerMonster In reply to SYSTEM account in SHARE ...

If we're talking SHARE permissions here, rather than NTFS permissions, then your colleagues are way off track. Share permissions are only relevant when a share is accessed across the network, they are meaningless for a locally logged in user (which for this argument we can describe the localsystem account to be), there is NO scenario when you're system account will connect across the network to a local share. Were you to modify the ntfs permissions on the folder, that would be a different matter. In that case you would need to make a call on whether the system account needed access based on the folders content - which in most cases it won't.

Collapse -

SYSTEM account in SHARE permissions

by NeverFearSmithisHere In reply to SYSTEM account in SHARE ...

Thankx for the comments. NetTek was also helpful. Between the two of you, have have a complete answer. How do I give points to NetTek?

In any case, the net result is that I do not need the system account unless a service accesses the folder or file. Since almost any service could, unbeknowst to me, access any given folder, I would probably be safe to add the system account. I am still not quite sure. I will leave it as is for now....

Collapse -

SYSTEM account in SHARE permissions

by DC1 In reply to SYSTEM account in SHARE ...

You cannot access a share using the system account so your security is correct.

Collapse -

SYSTEM account in SHARE permissions

by NeverFearSmithisHere In reply to SYSTEM account in SHARE ...

Thanks for the confidence vote!

Collapse -

SYSTEM account in SHARE permissions

by NeverFearSmithisHere In reply to SYSTEM account in SHARE ...

Thanks for the confidence vote!

Collapse -

SYSTEM account in SHARE permissions

by NetTek In reply to SYSTEM account in SHARE ...

First, check all of your services that start with the System account as opposed to a user account. Some of these services need access to shares, or hidden shares, in order to properly function, either through the Everyone group, or the System account.

Second, locate all of your Pagefile.sys files. They are usually located on the root drives. You need to make sure that the System account has Full Control access to the root drives that house the page files.

Collapse -

SYSTEM account in SHARE permissions

by NeverFearSmithisHere In reply to SYSTEM account in SHARE ...

Your comments are helpful, but do not directly address my issue. Thankx for the comment - I would have shared the points with you and BeerMonster if I knew how.

Thankx

Collapse -

SYSTEM account in SHARE permissions

by NeverFearSmithisHere In reply to SYSTEM account in SHARE ...

Your comments are helpful, but do not directly address my issue. Thankx for the comment - I would have shared the points with you and BeerMonster if I knew how.

Thankx

Collapse -

SYSTEM account in SHARE permissions

by NeverFearSmithisHere In reply to SYSTEM account in SHARE ...

This question was closed by the author

Back to Windows Forum
9 total posts (Page 1 of 1)  

Related Discussions

Related Forums