Users - Read & execute - This folder, subfolders, and files SYSTEM - Full control - This folder, subfolders, and filesĪdministrators - Full control - This folder, subfolders, and files Select the 'Security' tab, and the 'Advanced' button. View the Properties of the system drive's root directory. If permissions are not as restrictive as the default permissions listed below, this is a finding. (Individual accounts must not be used to assign permissions.)
Non-privileged groups such as Users or Authenticated Users must not have greater than 'Read & execute' permissions except where noted as defaults. Review the permissions for the system drive's root directory (usually C:\). Windows Server 2016 Security Technical Implementation Guide The default permissions are adequate when the Security Option 'Network access: Let everyone permissions apply to anonymous users' is set to 'Disabled' (WN16-SO-000290). Changing the system's file and directory permissions allows the possibility of unauthorized and anonymous modification to the operating system and installed applications.
