Networking / Beginners

Setting File Permissions

Groups should be used to set permissions on files and shares. This will allow easier management of file permissions (as opposed to giving individual users permissions to files and shares). Make sure that only the Guest account is a member of the Guests group and that the Guest account is not found in any other group.

Removing Users from the System

As with adding users to the system, the administrators should follow the User Management procedures when removing users. When a user leaves an organization, the user's account should be immediately disabled by using the Computer Management tool. Select the user in question, right-click, and select Properties. This screen will allow you to disable the account. At the same time, the password should be changed to something completely random. This will prevent the user or someone else from using the account.

Since it is possible that this user had files or directories that the organization needs, the account should remain disabled for some period of time (30 days is usually appropriate) to allow the user's superior to access these files and copy any that are of interest. If the user was using the EFS, the local Administrator account can be used to access the files. After 30 days, the account should be removed from the system along with all files and directories that are owned by the account.

[Previous] [Contents] [Next]

In this tutorial:

  1. Windows 2000 Security Issues
  2. Setting up the System
  3. Local Security Policy Settings
  4. Logon Message
  5. LAN Manager Authentication Level
  6. System Configuration
  7. File Systems
  8. Network
  9. Account Settings
  10. USER MANAGEMENT
  11. Setting File Permissions
  12. System Management
  13. Analysis
  14. Configuration
  15. Validation
  16. Export
  17. Auditing a System
  18. Log Files
  19. Looking for Suspicious Signs
  20. Missing Log Files or Gaps in the Log Files
  21. Unknown Processes