I'm searching for a document I once read but am now unable to find. It
lists recommended ACL settings for the root of server drives and specific
SBS shares. Can you point me to the document I'm talking about. I'm most
cocerned with the root of the system volume. thanks

I'm not aware of an SBS-specific article about this. And now after looking,
I'm unable to find one for Windows Server 2003 in general either. Is there
some specific reason or symptom that's got you worried about this? If not,
I'd just trust that SBS installed with the proper permissions. Users don't
log in at the server, and while it would be nice to know your permissions
are set for best security, there's something to be said for not messing with
a properly functioning system. About the only advice I have is that if you
find anything relevant, please note that the default permissions on a DC,
including SBS, are likely to be different from those of a member server.
And, if you see any articles about applying security templates, I would
definitely advise against doing that - IMO it's almost certain to give you
some unexpected and unwelcome surprises.

I wonder if this is the article you're referring to, although it only
applies to the user folders:

"Home Folder" error when running the Add User Wizard
http://support.microsoft.com/kb/294667

Hopefully somebody will be able to google up the default permissions better
than I could. Merv?




"WDSnews" <wdsnews.0640@newsgroup> wrote in message
news:eSmWKSBKKHA.3632@newsgroup

> I'm searching for a document I once read but am now unable to find. It
> lists recommended ACL settings for the root of server drives and specific
> SBS shares. Can you point me to the document I'm talking about. I'm most
> cocerned with the root of the system volume. thanks
>
>

"WDSnews" <wdsnews.0640@newsgroup> wrote in message
news:eSmWKSBKKHA.3632@newsgroup

> I'm searching for a document I once read but am now unable to find. It
> lists recommended ACL settings for the root of server drives and specific
> SBS shares. Can you point me to the document I'm talking about. I'm most
> cocerned with the root of the system volume. thanks
>
>

I can tell you one thing, don't alter the root C: drive permissions, or
you'll be confronted with some issues, SBS or not.

Case in point:

"Systems that have changed the default Access Control List permissions on
the
%windir%\registration directory may experience various problems after you
install the Microsoft Security Bulletin MS05-051 for COM+ and MS DTC"
http://support.microsoft.com/kb/909444

For more info about this issue, see:
http://blogs.technet.com/steriley/ar...08/414002.aspx


--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.

Ace Fekay, MCT, MCTS Exchange, MCSE, MCSA 2003 & 2000, MCSA Messaging
Microsoft Certified Trainer

For urgent issues, please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.