Export (0) Print
Expand All
Expand Minimize

Secure the Root Folder of Each Disk Volume

Updated: August 22, 2005

Applies To: Windows Server 2003, Windows Server 2003 with SP1

Immediately after a new installation of Microsoft® Windows® Server 2003, the special group Everyone has Read and Execute permissions on the root of the system volume, which is the disk volume where Windows Server 2003 is installed.

Any folders created beneath the root of the system volume automatically inherit the permissions assigned to the root of the system volume. This means that the Everyone group will have Read and Execute permissions on any new folders created immediately beneath the root of the system volume. To prevent an accidental breach in security, remove the permissions assigned to the special group "Everyone" on dedicated Web servers.

Requirements

  • Credentials: Membership in the Administrators group on the local computer.

  • Tools: Iis.msc.

  • File System: The system volume must use the NTFS file system if you want to set file and folder permissions.

Recommendation

As a security best practice, log on to your computer using an account that is not in the Administrators group, and then use the Run as command to run IIS Manager as an administrator. At the command prompt, type runas /user:administrative_accountname mmc %systemroot%\system32\inetsrv\iis.msc.

Procedures

To secure the root of the system volume by removing permissions
  1. Open Accessories, and then click Windows Explorer.

  2. In Windows Explorer, locate the root of the system volume.

  3. Right-click the root of the system volume, click Properties, and then click the Security tab.

  4. In the Group or user names list box, click Everyone, and then click Remove.

  5. Click OK.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft