Security settings for file system, registry, and system services

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Security settings for file system, registry, and system services

File system and registry keys

You can configure security attributes using Security Configuration Manager for all existing files, folders, and registry keys in the local file system:

  • Propagate inheritable permissions to all subfolders and files (or subkeys): Any child objects of this object inherit the parental object's security. provided the child object is not protected from inheritance. If there is a conflict, the explicit permissions on the child object will override the permissions inherited from the parent object.

  • Replace existing permissions on all subfolders and files (or subkeys) with inheritable permissions: The parent object's permission entries will override any security settings on the child object, regardless of the child object's settings. The child object will have identical Access Control Entries as the parent object.

    Caution

    • If you select this option and then click Apply, you will override all child objects' security settings. You will not be able to reset the child objects' security settings by clearing the check box.

  • Do not allow permissions on this file or folder (or key) to be replaced: Use this setting if you do not want to configure or analyze security for this object or any of its child objects.

System services

You can select this if the startup mode is:

  • Automatic: Automatically starts when computer is restarted.

  • Manual: Does not start unless someone starts it.

  • Disabled: The service cannot be started.

Notes

  • You can also edit the security properties of the object: what user or group accounts have permission to read, write, delete, or execute inheritance settings or auditing and ownership permission by clicking Edit Security

  • If you choose to set system service startup to Automatic, perform adequate testing to verify that the services can start without user intervention.

  • You should track the system services used on a computer. For performance optimization, set unnecessary or unused services to Manual.

For more information on file and folder permissions, see Permissions for files and folders.