Microsoft Windows Default Permissions for Fixed and External Drives
-
While learning a little about
Get-AclandSet-Aclto copy security settings from source to destination.
You can do something like this,Get-Acl -Path "C:\RootFolderSecuritySettingsTemplate" | Set-Acl -Path "C:\MangoFolder"to copy the security settings fromGet-Acland useSet-Aclto apply it on the other folder.So I wanted to check out the default security settings for the fixed and external drives. And I noticed that they are different on Servers and Desktops.
Here's what the default permissions looks like on Servers and Desktops.
Servers
Fixed Drive (C:)
Owner: TrustedInstallers
Type Principal Access Inherited from Applies to Allow Administrators (LOCAL\Administrators) Full control None This folder, subfolders and files Allow CREATOR OWNER Full control None Subfolders and files only Allow SYSTEM Full control None This folder, subfolders and files Allow Users (LOCAL\Users) Read & Execute None This folder, subfolders and files Allow Users (LOCAL\Users) Create folders / append data None This folder and subfolders Allow Users (LOCAL\Users) Create files / write data None Subfolders only Other Fixed Drives
Owner: Administrators (LOCAL\Administrators)
Type Principal Access Inherited from Applies to Allow Administrators (LOCAL\Administrators) Full control None This folder, subfolders and files Allow CREATOR OWNER Full control None Subfolders and files only Allow Everyone Read & Execute None This folder only Allow SYSTEM Full control None This folder, subfolders and files Allow Users (LOCAL\Users) Read & Execute None This folder, subfolders and files Allow Users (LOCAL\Users) Create folders / append data None This folder and subfolders Allow Users (LOCAL\Users) Create files / write data None Subfolders only Desktops
Fixed Drive (C:)
Owner: TrustedInstallers
Type Principal Access Inherited from Applies to Allow Administrators (LOCAL\Administrators) Full control None This folder, subfolders and files Allow Authenticated Users Modify None Subfolders and files only Allow Authenticated Users Create folders / append data None This folder only Allow SYSTEM Full control None This folder, subfolders and files Allow Users (LOCAL\Users) Read & Execute None This folder, subfolders and files External Drives
Owner: Administrators (LOCAL\Administrators)
Type Principal Access Inherited from Applies to Allow Administrators (LOCAL\Administrators) Full control None This folder, subfolders and files Allow Authenticated Users Modify None This folder, subfolders and files Allow SYSTEM Full control None This folder, subfolders and files Allow Users (LOCAL\Users) Read & Execute None This folder, subfolders and files -
@black3dynamite said in Microsoft Windows Default Permissions for Fixed and External Drives:
And I noticed that they are different on Servers and Desktops
I had no idea they would be different.
-
@wrx7m said in Microsoft Windows Default Permissions for Fixed and External Drives:
@black3dynamite said in Microsoft Windows Default Permissions for Fixed and External Drives:
And I noticed that they are different on Servers and Desktops
I had no idea they would be different.
On the server one of the permissions that stands out for me is the CREATOR OWNER (full control / subfolders and files only.
From what I can tell, when a user creates a folder on the root drive, that person will be given the permission of full control of that folder only and then CREATOR OWNER on that folder is also added with full control of subfolders and files only.But for the desktop, on the root drive you are not given any full control of that folder.
