Microsoft Windows Default Permissions for Fixed and External Drives



  • While learning a little about Get-Acl and Set-Acl to copy security settings from source to destination.
    You can do something like this, Get-Acl -Path "C:\RootFolderSecuritySettingsTemplate" | Set-Acl -Path "C:\MangoFolder" to copy the security settings from Get-Acl and use Set-Acl to apply it on the other folder.

    So I wanted to check out the default security settings for the fixed and external drives. And I noticed that they are different on Servers and Desktops.

    Here's what the default permissions looks like on Servers and Desktops.

    Servers

    Fixed Drive (C:)

    Owner: TrustedInstallers

    Type Principal Access Inherited from Applies to
    Allow Administrators (LOCAL\Administrators) Full control None This folder, subfolders and files
    Allow CREATOR OWNER Full control None Subfolders and files only
    Allow SYSTEM Full control None This folder, subfolders and files
    Allow Users (LOCAL\Users) Read & Execute None This folder, subfolders and files
    Allow Users (LOCAL\Users) Create folders / append data None This folder and subfolders
    Allow Users (LOCAL\Users) Create files / write data None Subfolders only

    Other Fixed Drives

    Owner: Administrators (LOCAL\Administrators)

    Type Principal Access Inherited from Applies to
    Allow Administrators (LOCAL\Administrators) Full control None This folder, subfolders and files
    Allow CREATOR OWNER Full control None Subfolders and files only
    Allow Everyone Read & Execute None This folder only
    Allow SYSTEM Full control None This folder, subfolders and files
    Allow Users (LOCAL\Users) Read & Execute None This folder, subfolders and files
    Allow Users (LOCAL\Users) Create folders / append data None This folder and subfolders
    Allow Users (LOCAL\Users) Create files / write data None Subfolders only

    Desktops

    Fixed Drive (C:)

    Owner: TrustedInstallers

    Type Principal Access Inherited from Applies to
    Allow Administrators (LOCAL\Administrators) Full control None This folder, subfolders and files
    Allow Authenticated Users Modify None Subfolders and files only
    Allow Authenticated Users Create folders / append data None This folder only
    Allow SYSTEM Full control None This folder, subfolders and files
    Allow Users (LOCAL\Users) Read & Execute None This folder, subfolders and files

    External Drives

    Owner: Administrators (LOCAL\Administrators)

    Type Principal Access Inherited from Applies to
    Allow Administrators (LOCAL\Administrators) Full control None This folder, subfolders and files
    Allow Authenticated Users Modify None This folder, subfolders and files
    Allow SYSTEM Full control None This folder, subfolders and files
    Allow Users (LOCAL\Users) Read & Execute None This folder, subfolders and files


  • @black3dynamite said in Microsoft Windows Default Permissions for Fixed and External Drives:

    And I noticed that they are different on Servers and Desktops

    I had no idea they would be different.



  • @wrx7m said in Microsoft Windows Default Permissions for Fixed and External Drives:

    @black3dynamite said in Microsoft Windows Default Permissions for Fixed and External Drives:

    And I noticed that they are different on Servers and Desktops

    I had no idea they would be different.

    On the server one of the permissions that stands out for me is the CREATOR OWNER (full control / subfolders and files only.
    From what I can tell, when a user creates a folder on the root drive, that person will be given the permission of full control of that folder only and then CREATOR OWNER on that folder is also added with full control of subfolders and files only.

    But for the desktop, on the root drive you are not given any full control of that folder.