Best Practices - ACL Permissions?

Discussion in 'Windows Small Business Server' started by WDSnews, Aug 28, 2009.

  1. WDSnews

    WDSnews Guest

    I'm searching for a document I once read but am now unable to find. It
    lists recommended ACL settings for the root of server drives and specific
    SBS shares. Can you point me to the document I'm talking about. I'm most
    cocerned with the root of the system volume. thanks
    WDSnews, Aug 28, 2009
    1. Advertisements

  2. I'm not aware of an SBS-specific article about this. And now after looking,
    I'm unable to find one for Windows Server 2003 in general either. Is there
    some specific reason or symptom that's got you worried about this? If not,
    I'd just trust that SBS installed with the proper permissions. Users don't
    log in at the server, and while it would be nice to know your permissions
    are set for best security, there's something to be said for not messing with
    a properly functioning system. About the only advice I have is that if you
    find anything relevant, please note that the default permissions on a DC,
    including SBS, are likely to be different from those of a member server.
    And, if you see any articles about applying security templates, I would
    definitely advise against doing that - IMO it's almost certain to give you
    some unexpected and unwelcome surprises.

    I wonder if this is the article you're referring to, although it only
    applies to the user folders:

    "Home Folder" error when running the Add User Wizard

    Hopefully somebody will be able to google up the default permissions better
    than I could. Merv?
    Dave Nickason [SBS MVP], Aug 28, 2009
    1. Advertisements

  3. I can tell you one thing, don't alter the root C: drive permissions, or
    you'll be confronted with some issues, SBS or not.

    Case in point:

    "Systems that have changed the default Access Control List permissions on
    %windir%\registration directory may experience various problems after you
    install the Microsoft Security Bulletin MS05-051 for COM+ and MS DTC"

    For more info about this issue, see:


    This posting is provided "AS-IS" with no warranties or guarantees and
    confers no rights.

    Please reply back to the newsgroup or forum for collaboration benefit among
    responding engineers, and to help others benefit from your resolution.

    Ace Fekay, MCT, MCTS Exchange, MCSE, MCSA 2003 & 2000, MCSA Messaging
    Microsoft Certified Trainer

    For urgent issues, please contact Microsoft PSS directly. Please check for regional support phone numbers.
    Ace Fekay [MCT], Aug 29, 2009
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.