From Windows Server 2008 R2 Domain Controller Security Technical Implementation Guide
Part of File share ACLs
Associated with: CCI-001090
By default, the Everyone group is given full control to new file shares. When a share is created, permissions should be reconfigured to give the minimum access to those accounts that require it.
Open the Computer Management Console. Expand the “System Tools” object in the Tree window. Expand the “Shared Folders” object. Select the “Shares” object. Right click any user-created shares (ignore administrative shares; the system will prompt you if Properties are selected for administrative shares). Select Properties. Select the Share Permissions tab. If user-created file shares have not been reconfigured to remove ACL permissions from the “Everyone” group, then this is a finding. Documentable Explanation: If shares created by applications require the “Everyone” group, this should be documented with the IAO.
Remove permissions from the Everyone group from locally-created file shares and assign them to authorized groups.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer