NT Gatekeeper: Changing the Full Control Permissions for the Everyone Group in NT 4.0

What's the best way to change Windows NT 4.0's default practice of giving the built-in Everyone group Full Control access when you create a new share?

The following guideline should be on the must-do list of every NT administrator: When creating a share, always immediately remove the Full Control permission for the Everyone group and replace it with a Full Control (or less) permission for the Authenticated Users and Domain Users groups. Administrators should always try to honor the principle of the least privilege: Give a user, service, or application only the rights and permissions that are necessary to do the job. The problem with the Everyone group is that it includes both authenticated and unauthenticated users. Unauthenticated users are people who try to access your systems anonymously—without identifying themselves and providing credentials.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.