I just noticed that, under Vista beta 2, non system drives are given, by
default, special access permissions of: traverse, execute, list folder, read
to EVERYONE. Isn't that a security risk? How about those of us, for example,
who built Vista on a separate drive but still have personal data on a drive
that is now mounted with those special permissions? If these data were under
"Documents and Settings" they were protected (and many people are now
complaining that the old files are not accessible any more) but I am
concerned about folders and files that were not under "Documents and
Settings" and were, therefore, not necessarily protected.
Why give access to EVERYONE to these other drives?

I guess my followup question is why not give that non-write access
to Everyone? What would you suggest instead?

Remember, the default security descriptor is applied when the
storage is first formatted. Many of us have the practice of setting
the NTFS permissions at the drive root as a first action after a new
format, with those permissions selected based on the use to be made
of the storage.

It is pretty hard to see what one should use that would be the "most
likely" permissions, so forcing on the least people the need to adjust
those permissions. It is certainly not possible for the drive to come
out from the format factory so that the storage is private to jgascon
as would be the My Documents of account jgascon; well, if jgascon
did the formatting it would be possible, but that would be a guess
that would likely cause the most people to have to adjust permissions
post format.

"jgascon" <jgascon@discussions.microsoft.com> wrote in message
news:B0EE9A96-082D-4A9B-84FC-B218E1EFDAF2@microsoft.com...
>I just noticed that, under Vista beta 2, non system drives are given, by
> default, special access permissions of: traverse, execute, list folder,
> read
> to EVERYONE. Isn't that a security risk? How about those of us, for
> example,
> who built Vista on a separate drive but still have personal data on a
> drive
> that is now mounted with those special permissions? If these data were
> under
> "Documents and Settings" they were protected (and many people are now
> complaining that the old files are not accessible any more) but I am
> concerned about folders and files that were not under "Documents and
> Settings" and were, therefore, not necessarily protected.
> Why give access to EVERYONE to these other drives?
>

MS designs Windows so that the average user gets a good experience with it,
with little to no effort on their part.

Most home users aren't concerned about perms on secondary drives. Make it a
security risk for some, or make it a nuisance for most, the choice is fairly
obvious.

"Roger Abell [MVP]" wrote:

> I guess my followup question is why not give that non-write access
> to Everyone? What would you suggest instead?
>
> Remember, the default security descriptor is applied when the
> storage is first formatted. Many of us have the practice of setting
> the NTFS permissions at the drive root as a first action after a new
> format, with those permissions selected based on the use to be made
> of the storage.
>
> It is pretty hard to see what one should use that would be the "most
> likely" permissions, so forcing on the least people the need to adjust
> those permissions. It is certainly not possible for the drive to come
> out from the format factory so that the storage is private to jgascon
> as would be the My Documents of account jgascon; well, if jgascon
> did the formatting it would be possible, but that would be a guess
> that would likely cause the most people to have to adjust permissions
> post format.
>
> "jgascon" <jgascon@discussions.microsoft.com> wrote in message
> news:B0EE9A96-082D-4A9B-84FC-B218E1EFDAF2@microsoft.com...
> >I just noticed that, under Vista beta 2, non system drives are given, by
> > default, special access permissions of: traverse, execute, list folder,
> > read
> > to EVERYONE. Isn't that a security risk? How about those of us, for
> > example,
> > who built Vista on a separate drive but still have personal data on a
> > drive
> > that is now mounted with those special permissions? If these data were
> > under
> > "Documents and Settings" they were protected (and many people are now
> > complaining that the old files are not accessible any more) but I am
> > concerned about folders and files that were not under "Documents and
> > Settings" and were, therefore, not necessarily protected.
> > Why give access to EVERYONE to these other drives?
> >
>
>
>