Windows Vista Forums

Security of non system drives
  1. #1


    jgascon Guest

    Security of non system drives

    I just noticed that, under Vista beta 2, non system drives are given, by
    default, special access permissions of: traverse, execute, list folder, read
    to EVERYONE. Isn't that a security risk? How about those of us, for example,
    who built Vista on a separate drive but still have personal data on a drive
    that is now mounted with those special permissions? If these data were under
    "Documents and Settings" they were protected (and many people are now
    complaining that the old files are not accessible any more) but I am
    concerned about folders and files that were not under "Documents and
    Settings" and were, therefore, not necessarily protected.
    Why give access to EVERYONE to these other drives?




      My System SpecsSystem Spec

  2. #2


    Roger Abell [MVP] Guest

    Re: Security of non system drives

    I guess my followup question is why not give that non-write access
    to Everyone? What would you suggest instead?

    Remember, the default security descriptor is applied when the
    storage is first formatted. Many of us have the practice of setting
    the NTFS permissions at the drive root as a first action after a new
    format, with those permissions selected based on the use to be made
    of the storage.

    It is pretty hard to see what one should use that would be the "most
    likely" permissions, so forcing on the least people the need to adjust
    those permissions. It is certainly not possible for the drive to come
    out from the format factory so that the storage is private to jgascon
    as would be the My Documents of account jgascon; well, if jgascon
    did the formatting it would be possible, but that would be a guess
    that would likely cause the most people to have to adjust permissions
    post format.

    "jgascon" <jgascon@discussions.microsoft.com> wrote in message
    news:B0EE9A96-082D-4A9B-84FC-B218E1EFDAF2@microsoft.com...
    >I just noticed that, under Vista beta 2, non system drives are given, by
    > default, special access permissions of: traverse, execute, list folder,
    > read
    > to EVERYONE. Isn't that a security risk? How about those of us, for
    > example,
    > who built Vista on a separate drive but still have personal data on a
    > drive
    > that is now mounted with those special permissions? If these data were
    > under
    > "Documents and Settings" they were protected (and many people are now
    > complaining that the old files are not accessible any more) but I am
    > concerned about folders and files that were not under "Documents and
    > Settings" and were, therefore, not necessarily protected.
    > Why give access to EVERYONE to these other drives?
    >




      My System SpecsSystem Spec

  3. #3


    Andrew Guest

    Re: Security of non system drives

    MS designs Windows so that the average user gets a good experience with it,
    with little to no effort on their part.

    Most home users aren't concerned about perms on secondary drives. Make it a
    security risk for some, or make it a nuisance for most, the choice is fairly
    obvious.

    "Roger Abell [MVP]" wrote:

    > I guess my followup question is why not give that non-write access
    > to Everyone? What would you suggest instead?
    >
    > Remember, the default security descriptor is applied when the
    > storage is first formatted. Many of us have the practice of setting
    > the NTFS permissions at the drive root as a first action after a new
    > format, with those permissions selected based on the use to be made
    > of the storage.
    >
    > It is pretty hard to see what one should use that would be the "most
    > likely" permissions, so forcing on the least people the need to adjust
    > those permissions. It is certainly not possible for the drive to come
    > out from the format factory so that the storage is private to jgascon
    > as would be the My Documents of account jgascon; well, if jgascon
    > did the formatting it would be possible, but that would be a guess
    > that would likely cause the most people to have to adjust permissions
    > post format.
    >
    > "jgascon" <jgascon@discussions.microsoft.com> wrote in message
    > news:B0EE9A96-082D-4A9B-84FC-B218E1EFDAF2@microsoft.com...
    > >I just noticed that, under Vista beta 2, non system drives are given, by
    > > default, special access permissions of: traverse, execute, list folder,
    > > read
    > > to EVERYONE. Isn't that a security risk? How about those of us, for
    > > example,
    > > who built Vista on a separate drive but still have personal data on a
    > > drive
    > > that is now mounted with those special permissions? If these data were
    > > under
    > > "Documents and Settings" they were protected (and many people are now
    > > complaining that the old files are not accessible any more) but I am
    > > concerned about folders and files that were not under "Documents and
    > > Settings" and were, therefore, not necessarily protected.
    > > Why give access to EVERYONE to these other drives?
    > >

    >
    >
    >


      My System SpecsSystem Spec

Security of non system drives problems?

Similar Threads
Thread Thread Starter Forum Replies Last Post
Security Templates and File System Security Broonie Vista security 0 02 Apr 2009
Using Files/Programs on Network Drives - Vista F%$&in Security! +Bob+ Vista General 2 24 Jul 2008
Using Files/Programs on Network Drives - Vista F%$&in Security! +Bob+ Vista security 2 24 Jul 2008
How to fix security on external drives brought in from Windows XP Eric Vista security 0 22 Jan 2008
Reset file security permissions on all drives chall3ng3r Vista General 5 22 Dec 2006