From: "Hrvoje Mesing" 


"John Beckett"  wrote
in message news:sj0jt1h1cqqnd4jbpdipfc4b4doh5ntnvg{at}4ax.com...
>
> I don't know whether mucking around with permissions would cause problems
> with support from Microsoft, but if you read a little in newsgroups etc
> you would see suggestions that there really is no benefit to changing the
> default XP or W2003 permissions, and that making such changes often leads
> to unforseen problems.


-+-

weird! :)

Because, I understand that if the server is Terminal Application server,
users would need read access (traverse if nothing!) to tools like
notepad.exxe, calc.exe, etc.
But!, I do not understand, if I have a user which IS Domain user and I want
him to be able to use Remote Administration Terminal services (like
Built-in Backup Operator), why would I give him the option to browse my
windows folder ? Or see how my boot.ini look like ? Or to locally check
..\SYSVOL\ ? or to READ my wbem logs ?
Sorry, but I see no sense in this.
I see sense that SYSTEM and designated Admin have Full Perms on all of the
objectes, but everything else on mentioned Domain Controller I see as HUGE
security risk.

Just to mention, I saw no problems with only SYSTEM, Administrators group
having permissions and everything else Out, but I'm still interested why
would something break ? What is that ? Is there a possible problem with MS
SLA ? And how there is no benefit ?!?!

*hum*


-+-
M.

--- BBBS/NT v4.01 Flag-5