Windows Server 2003 Recommended Baseline Security
Windows Server 2003 Recommended Baseline Security Windows Server 2003 Recommended Baseline Security
Unclassified ITSG for Windows Server 2003 4.7.5.1 General File Access Controls Table 1 – General File Access Controls File/Folder Name Audit Administrators & System Authenticated Users Found Value C:\ Full Control Read C:\*.* Full Control Full Control C:\boot.ini S&F Full Control N/a C:\ntdetect.com S&F Full Control N/a C:\ntldr S&F Full Control N/a C:\ntbootdd.sys S&F Full Control N/a C:\autoexec.bat S&F Full Control Read C:\config.sys S&F Full Control Read C:\Program Files F Full Control Read & Execute C:\IO.sys S&F Full Control Change C:\MSDOS.sys S&F Full Control Change C:\Documents and Settings\All Users F Full Control Change C:\Documents and Settings\All Users\Documents F Full Control Read C:\Documents and Settings\All Users\Application Data F Full Control Read & Create C:\temp\*.* and subdirectories Full Control Traverse, Add C:\Users and subdirectories F Admin:rwxd Full Control C:\Users\Default and subdirectories F System: Full Control List Read Write Execute C:\WIN32APP and subdirectories S&F Full Control Read %windir% and subdirectories F Full Control Change %windir%\*.* F Full Control Read %windir%\*.ini F Full Control Change %windir%\LocalMon.dll Full Control Read %windir%\PrintMan.hlp Full Control Read %windir%\config\*.* S&F Full Control List %windir%\Help\*.* Full Control Read & Execute %windir%\repair\*.* and subdir S&F Administrator N/a %windir%\security S&F Full Control Read & Execute 106 March 2004 Server Policy Files
Windows Server 2003 Recommended Baseline Security (ITSG-20) File/Folder Name Audit Administrators & System Authenticated Users Found Value %windir%\system\*.* S&F Full Control Read %windir%\system32 F Full Control Read %windir%\system32\ autoexec.nt cmos.ram config.nt midimap.cfg S&F Full Control change %windir%\system32\passport.mid S&F Full Control Full Control %windir%\system32\CatRoot S&F Full Control N/a %windir%\system32\config S&F Full Control List %windir%\system32\config\*.* S&F Full Control List %windir%\system32\config\userdef S&F Full Control System:change Read %windir%\system32\dhcp and subdir Full Control Read %windir%\system32\dllcache S&F Full Control N/a %windir%\system32\drivers S&F Full Control Read %windir%\system32\ias S&F Full Control Read & Execute %windir%\system32\inetserv\Metabase.bin S&F Full Control Read & Execute %windir%\system32\inetserv\metaback S&F Full Control N/a %windir%\system32\mui S&F Full Control N/a %windir%\system32\os2\dll\oso001.009 Full Control Read %windir%\system32\os2\DLL\Doscalls.dll Full Control Read %windir%\system32\os2\dll\netapi.dll Full control Full control %windir%\system32\RAS\ S&F Full Control Read %windir%\system32\RAS\*.* S&F Full Control Read %windir%\system32\repl\export Full Control Change %windir%\system32\repl\export\scripts Full Control Read %windir%\system32\repl\ export\scripts\*.* Full Control Read %windir%\system32\repl\import Full Control Change %windir%\system32\repl\import\*.* Full Control Change %windir%\system32\repl\import\scripts\ Full Control Read %windir%\system32\repl\import\scripts\*.* Full Control Read Server Policy Files March 2004 107
- Page 76 and 77: Unclassified ITSG for Windows Serve
- Page 78 and 79: Unclassified ITSG for Windows Serve
- Page 80 and 81: Unclassified ITSG for Windows Serve
- Page 82 and 83: Unclassified ITSG for Windows Serve
- Page 84 and 85: Unclassified ITSG for Windows Serve
- Page 86 and 87: Unclassified ITSG for Windows Serve
- Page 88 and 89: Unclassified ITSG for Windows Serve
- Page 90 and 91: Unclassified ITSG for Windows Serve
- Page 92 and 93: Unclassified ITSG for Windows Serve
- Page 94 and 95: Unclassified ITSG for Windows Serve
- Page 96 and 97: Unclassified ITSG for Windows Serve
- Page 98 and 99: Unclassified ITSG for Windows Serve
- Page 100 and 101: Unclassified ITSG for Windows Serve
- Page 102 and 103: Unclassified ITSG for Windows Serve
- Page 104 and 105: Unclassified ITSG for Windows Serve
- Page 106 and 107: Unclassified ITSG for Windows Serve
- Page 108 and 109: Unclassified ITSG for Windows Serve
- Page 110 and 111: Unclassified ITSG for Windows Serve
- Page 112 and 113: Unclassified ITSG for Windows Serve
- Page 114 and 115: Unclassified ITSG for Windows Serve
- Page 116 and 117: Unclassified ITSG for Windows Serve
- Page 118 and 119: Unclassified ITSG for Windows Serve
- Page 120 and 121: Unclassified ITSG for Windows Serve
- Page 122 and 123: Unclassified ITSG for Windows Serve
- Page 124 and 125: Unclassified ITSG for Windows Serve
- Page 128 and 129: Unclassified ITSG for Windows Serve
- Page 130 and 131: Unclassified ITSG for Windows Serve
- Page 132 and 133: Unclassified ITSG for Windows Serve
- Page 134 and 135: Unclassified ITSG for Windows Serve
- Page 136 and 137: Unclassified ITSG for Windows Serve
- Page 138 and 139: Unclassified ITSG for Windows Serve
- Page 140 and 141: Unclassified ITSG for Windows Serve
- Page 142 and 143: Unclassified ITSG for Windows Serve
- Page 144 and 145: Unclassified ITSG for Windows Serve
- Page 146 and 147: Unclassified ITSG for Windows Serve
- Page 148 and 149: Unclassified ITSG for Windows Serve
- Page 150 and 151: Unclassified ITSG for Windows Serve
- Page 152 and 153: Unclassified ITSG for Windows Serve
- Page 154 and 155: Unclassified ITSG for Windows Serve
- Page 156 and 157: Unclassified ITSG for Windows Serve
- Page 158 and 159: Unclassified ITSG for Windows Serve
- Page 160 and 161: Unclassified ITSG for Windows Serve
- Page 162 and 163: Unclassified ITSG for Windows Serve
- Page 164 and 165: Unclassified ITSG for Windows Serve
- Page 166 and 167: Unclassified ITSG for Windows Serve
- Page 168 and 169: Unclassified ITSG for Windows Serve
- Page 170 and 171: Unclassified ITSG for Windows Serve
- Page 172 and 173: Unclassified ITSG for Windows Serve
- Page 174 and 175: Unclassified ITSG for Windows Serve
<strong>Windows</strong> <strong>Server</strong> <strong>2003</strong><br />
<strong>Recommended</strong> <strong>Baseline</strong> <strong>Security</strong> (ITSG-20)<br />
File/Folder Name<br />
Audit<br />
Administrators<br />
& System<br />
Authenticated<br />
Users<br />
Found<br />
Value<br />
%windir%\system\*.* S&F Full Control Read<br />
%windir%\system32 F Full Control Read<br />
%windir%\system32\<br />
autoexec.nt<br />
cmos.ram<br />
config.nt<br />
midimap.cfg<br />
S&F Full Control change<br />
%windir%\system32\passport.mid S&F Full Control Full Control<br />
%windir%\system32\CatRoot S&F Full Control N/a<br />
%windir%\system32\config S&F Full Control List<br />
%windir%\system32\config\*.* S&F Full Control List<br />
%windir%\system32\config\userdef S&F Full Control<br />
System:change<br />
Read<br />
%windir%\system32\dhcp and subdir Full Control Read<br />
%windir%\system32\dllcache S&F Full Control N/a<br />
%windir%\system32\drivers S&F Full Control Read<br />
%windir%\system32\ias S&F Full Control Read & Execute<br />
%windir%\system32\inetserv\Metabase.bin S&F Full Control Read & Execute<br />
%windir%\system32\inetserv\metaback S&F Full Control N/a<br />
%windir%\system32\mui S&F Full Control N/a<br />
%windir%\system32\os2\dll\oso001.009 Full Control Read<br />
%windir%\system32\os2\DLL\Doscalls.dll Full Control Read<br />
%windir%\system32\os2\dll\netapi.dll Full control Full control<br />
%windir%\system32\RAS\ S&F Full Control Read<br />
%windir%\system32\RAS\*.* S&F Full Control Read<br />
%windir%\system32\repl\export Full Control Change<br />
%windir%\system32\repl\export\scripts Full Control Read<br />
%windir%\system32\repl\ export\scripts\*.* Full Control Read<br />
%windir%\system32\repl\import Full Control Change<br />
%windir%\system32\repl\import\*.* Full Control Change<br />
%windir%\system32\repl\import\scripts\ Full Control Read<br />
%windir%\system32\repl\import\scripts\*.* Full Control Read<br />
<strong>Server</strong> Policy Files March 2004 107