Sunday, 30 September 2018

windows 7 - "Users" folder shared with everyone


Today I found something strange on my newly installed Windows 7 OS - my "users" folder C:\Users was shared and "Everyone" had full access... I disabled that and now it seems fine, however I'm a bit scared actually, I'd like to know what caused that and if my system is compromised.



Answer



There is a known phenomena that shares the entire users folder, related to public folder sharing. see a description here: http://scottiestech.info/2009/09/25/windows-7-file-sharing-fixing-the-entire-user-directory-shared-problem/


Please note however, that share permissions stack on top of disk permissions, so if your user profile does not allow Everyone Full Control, then the share permissions don't override that. in fact MS recommends that all shares use permissions of Everyone Full Control, and that the folders shared implement actual permissions.


The reason is that backing up a disk or rebuilding your OS preserves file system permissions, but not shares/share permissions, so if you put all your ACL logic in the share, and the share is lost, the permissions are lost with it, and your users will end up with more access than they should.


I know seeing a folder with share permissions of Everyone Full control is scary, but its probably not that bad unless you have opened up the permissions on your account folders.


info on how to configure public folder sharing in win7 here: http://howtech.tv/basics/how-to-do-public-folder-sharing-in-windows-7/


No comments:

Post a Comment

Where does Skype save my contact's avatars in Linux?

I'm using Skype on Linux. Where can I find images cached by skype of my contact's avatars? Answer I wanted to get those Skype avat...