N/APosted on - 01/21/2012
Our Windows Server allows only changes to directories but does not allow changes to files. It is necessary that I make changes on permissions to the Windows server. Although I am familiar with Unix, I find Windows hosting different. Would the security risk be too high if I allowed read/write for everybody in the whole system directory or is it safe to do so? Please advise me.
Risk of allowing read/write for all in an entire system directory
There are two file systems that are used in Windows environment, NTFS and FAT system. FAT system does not allow special permissions to be granted to files while only NTFS system allows permissions to be granted to files. If your server is on FAT system, you will not be able to change permission for specific files. If you want to have the power to control your file permission, consider backing up your data and reinstalling the server software on NTFS.
There is a high risk of allowing read and write permission on some files. You face a risk of the files being irreversibly modified by a user or malicious programs risking loosing important information on files that have no backup.
Write permission should only be granted to specific groups who have the right to modify the files.