Security of non system drives

06-20-2006

I just noticed that, under Vista beta 2, non system drives are given, by
default, special access permissions of: traverse, execute, list folder, read
to EVERYONE. Isn't that a security risk? How about those of us, for example,
who built Vista on a separate drive but still have personal data on a drive
that is now mounted with those special permissions? If these data were under
"Documents and Settings" they were protected (and many people are now
complaining that the old files are not accessible any more) but I am
concerned about folders and files that were not under "Documents and
Settings" and were, therefore, not necessarily protected.
Why give access to EVERYONE to these other drives?

06-21-2006

I guess my followup question is why not give that non-write access
to Everyone? What would you suggest instead?

Remember, the default security descriptor is applied when the
storage is first formatted. Many of us have the practice of setting
the NTFS permissions at the drive root as a first action after a new
format, with those permissions selected based on the use to be made
of the storage.

It is pretty hard to see what one should use that would be the "most
likely" permissions, so forcing on the least people the need to adjust
those permissions. It is certainly not possible for the drive to come
out from the format factory so that the storage is private to jgascon
as would be the My Documents of account jgascon; well, if jgascon
did the formatting it would be possible, but that would be a guess
that would likely cause the most people to have to adjust permissions
post format.

"jgascon" <jgascon@discussions.microsoft.com> wrote in message
news:B0EE9A96-082D-4A9B-84FC-B218E1EFDAF2@microsoft.com...
>I just noticed that, under Vista beta 2, non system drives are given, by
> default, special access permissions of: traverse, execute, list folder,
> read
> to EVERYONE. Isn't that a security risk? How about those of us, for
> example,
> who built Vista on a separate drive but still have personal data on a
> drive
> that is now mounted with those special permissions? If these data were
> under
> "Documents and Settings" they were protected (and many people are now
> complaining that the old files are not accessible any more) but I am
> concerned about folders and files that were not under "Documents and
> Settings" and were, therefore, not necessarily protected.
> Why give access to EVERYONE to these other drives?
>

06-22-2006

MS designs Windows so that the average user gets a good experience with it,
with little to no effort on their part.

Most home users aren't concerned about perms on secondary drives. Make it a
security risk for some, or make it a nuisance for most, the choice is fairly
obvious.

"Roger Abell [MVP]" wrote:

> I guess my followup question is why not give that non-write access
> to Everyone? What would you suggest instead?
>
> Remember, the default security descriptor is applied when the
> storage is first formatted. Many of us have the practice of setting
> the NTFS permissions at the drive root as a first action after a new
> format, with those permissions selected based on the use to be made
> of the storage.
>
> It is pretty hard to see what one should use that would be the "most
> likely" permissions, so forcing on the least people the need to adjust
> those permissions. It is certainly not possible for the drive to come
> out from the format factory so that the storage is private to jgascon
> as would be the My Documents of account jgascon; well, if jgascon
> did the formatting it would be possible, but that would be a guess
> that would likely cause the most people to have to adjust permissions
> post format.
>
> "jgascon" <jgascon@discussions.microsoft.com> wrote in message
> news:B0EE9A96-082D-4A9B-84FC-B218E1EFDAF2@microsoft.com...
> >I just noticed that, under Vista beta 2, non system drives are given, by
> > default, special access permissions of: traverse, execute, list folder,
> > read
> > to EVERYONE. Isn't that a security risk? How about those of us, for
> > example,
> > who built Vista on a separate drive but still have personal data on a
> > drive
> > that is now mounted with those special permissions? If these data were
> > under
> > "Documents and Settings" they were protected (and many people are now
> > complaining that the old files are not accessible any more) but I am
> > concerned about folders and files that were not under "Documents and
> > Settings" and were, therefore, not necessarily protected.
> > Why give access to EVERYONE to these other drives?
> >
>
>
>

06-20-2006	#1 (permalink)
jgascon Guest n/a posts	Security of non system drives I just noticed that, under Vista beta 2, non system drives are given, by default, special access permissions of: traverse, execute, list folder, read to EVERYONE. Isn't that a security risk? How about those of us, for example, who built Vista on a separate drive but still have personal data on a drive that is now mounted with those special permissions? If these data were under "Documents and Settings" they were protected (and many people are now complaining that the old files are not accessible any more) but I am concerned about folders and files that were not under "Documents and Settings" and were, therefore, not necessarily protected. Why give access to EVERYONE to these other drives?
My System Specs

06-21-2006	#2 (permalink)
Roger Abell [MVP] Guest n/a posts	Re: Security of non system drives I guess my followup question is why not give that non-write access to Everyone? What would you suggest instead? Remember, the default security descriptor is applied when the storage is first formatted. Many of us have the practice of setting the NTFS permissions at the drive root as a first action after a new format, with those permissions selected based on the use to be made of the storage. It is pretty hard to see what one should use that would be the "most likely" permissions, so forcing on the least people the need to adjust those permissions. It is certainly not possible for the drive to come out from the format factory so that the storage is private to jgascon as would be the My Documents of account jgascon; well, if jgascon did the formatting it would be possible, but that would be a guess that would likely cause the most people to have to adjust permissions post format. "jgascon" <jgascon@discussions.microsoft.com> wrote in message news:B0EE9A96-082D-4A9B-84FC-B218E1EFDAF2@microsoft.com... >I just noticed that, under Vista beta 2, non system drives are given, by > default, special access permissions of: traverse, execute, list folder, > read > to EVERYONE. Isn't that a security risk? How about those of us, for > example, > who built Vista on a separate drive but still have personal data on a > drive > that is now mounted with those special permissions? If these data were > under > "Documents and Settings" they were protected (and many people are now > complaining that the old files are not accessible any more) but I am > concerned about folders and files that were not under "Documents and > Settings" and were, therefore, not necessarily protected. > Why give access to EVERYONE to these other drives? >
My System Specs

06-22-2006	#3 (permalink)
Andrew Guest n/a posts	Re: Security of non system drives MS designs Windows so that the average user gets a good experience with it, with little to no effort on their part. Most home users aren't concerned about perms on secondary drives. Make it a security risk for some, or make it a nuisance for most, the choice is fairly obvious. "Roger Abell [MVP]" wrote: > I guess my followup question is why not give that non-write access > to Everyone? What would you suggest instead? > > Remember, the default security descriptor is applied when the > storage is first formatted. Many of us have the practice of setting > the NTFS permissions at the drive root as a first action after a new > format, with those permissions selected based on the use to be made > of the storage. > > It is pretty hard to see what one should use that would be the "most > likely" permissions, so forcing on the least people the need to adjust > those permissions. It is certainly not possible for the drive to come > out from the format factory so that the storage is private to jgascon > as would be the My Documents of account jgascon; well, if jgascon > did the formatting it would be possible, but that would be a guess > that would likely cause the most people to have to adjust permissions > post format. > > "jgascon" <jgascon@discussions.microsoft.com> wrote in message > news:B0EE9A96-082D-4A9B-84FC-B218E1EFDAF2@microsoft.com... > >I just noticed that, under Vista beta 2, non system drives are given, by > > default, special access permissions of: traverse, execute, list folder, > > read > > to EVERYONE. Isn't that a security risk? How about those of us, for > > example, > > who built Vista on a separate drive but still have personal data on a > > drive > > that is now mounted with those special permissions? If these data were > > under > > "Documents and Settings" they were protected (and many people are now > > complaining that the old files are not accessible any more) but I am > > concerned about folders and files that were not under "Documents and > > Settings" and were, therefore, not necessarily protected. > > Why give access to EVERYONE to these other drives? > > > > >
My System Specs

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Using Files/Programs on Network Drives - Vista F%$&in Security!	+Bob+	Vista General	2	07-24-2008 08:44 PM
Using Files/Programs on Network Drives - Vista F%$&in Security!	+Bob+	Vista security	2	07-24-2008 08:44 PM
How to fix security on external drives brought in from Windows XP	Eric	Vista security	0	01-22-2008 07:07 PM
IDE drives as ATA in System Properties	Diamontina Cocktail	Vista hardware & devices	5	02-18-2007 04:01 PM
Reset file security permissions on all drives	chall3ng3r	Vista General	5	12-22-2006 09:13 PM