2
I want to prevent Standard Users and Guests from creating additional folders and files on the C: partition in Windows 7. Therefore, is it safe to remove permissions for Authenticated Users group from the C: partition in Windows 7? Such permissions are enabled by default. I guess, that mentioned permissions are there not without reason, so what feature or service depends on permissions I want to remove?
I think it'd be easier to restrict access for each individual user. You could deny the Write, Modify and Full Control to the users you wish to restrict. Bu default, the Guest account doesn't have Write access to C: – Vinayak – 2014-08-09T12:17:14.877
You may check the effective access of each user by using the Effective Access tab of Advanced Security Settings (available when you click the 'Advanced' button in the Security tab of a folder's properties window) – Vinayak – 2014-08-09T12:19:09.693
@Vinayak you should never use a Deny right over an access right unless you really have to. Given that some folders inherit permissions deeper, you are basically suggesting to limit most of the system. – LPChip – 2014-08-09T12:23:10.920
@LPChip Thanks! I just remembered that I tried something like this a while ago and it did cause a few problems. I also remembered that the best way I could restrict access to stuff was by using Faronics WinSelect. However, the software isn't free though.
– Vinayak – 2014-08-09T12:28:07.917