Users are creating folders and files in C:\ and C:\Spaces\
How I can protect C:\ for users?
By default i would always highly recommend to harden your Windows servers as a standard setup is very insecure when it comes to user rights.
Few things to note is: Users group always has read+execute rights on every disk.
Normally it’s recommended to remove it, and make a new group for file admin access, which is needed for example for the Networking service and local service.
Depending on the software you run you might also need to manually give those additional permissions back after removing the users group from ur disk.
Other things to optimize is to DENY IIS_IUsers from places such as system32, and so on.
You can also set asp.net to a different profile.
Most of the things to harden can be googled, steps kind of depend on the software you run ontop, but it’s important to go through hardening to avoid a 1 site get hacked the whole system is compromised issue.
- Views68 times
- Answers1 answer