Share via


Secure the Root Folder of Each Disk Volume

Applies To: Windows Server 2003, Windows Server 2003 with SP1

Immediately after a new installation of Microsoft® Windows® Server 2003, the special group Everyone has Read and Execute permissions on the root of the system volume, which is the disk volume where Windows Server 2003 is installed.

Any folders created beneath the root of the system volume automatically inherit the permissions assigned to the root of the system volume. This means that the Everyone group will have Read and Execute permissions on any new folders created immediately beneath the root of the system volume. To prevent an accidental breach in security, remove the permissions assigned to the special group "Everyone" on dedicated Web servers.

Requirements

  • Credentials: Membership in the Administrators group on the local computer.

  • Tools: Iis.msc.

  • File System: The system volume must use the NTFS file system if you want to set file and folder permissions.

Recommendation

As a security best practice, log on to your computer using an account that is not in the Administrators group, and then use the Run as command to run IIS Manager as an administrator. At the command prompt, type **runas /user:**administrative_accountname mmc %systemroot%\system32\inetsrv\iis.msc.

Procedures

To secure the root of the system volume by removing permissions

  1. Open Accessories, and then click Windows Explorer.

  2. In Windows Explorer, locate the root of the system volume.

  3. Right-click the root of the system volume, click Properties, and then click the Security tab.

  4. In the Group or user names list box, click Everyone, and then click Remove.

  5. Click OK.