I'm wondering whether to completely remove the Everyone group from my shared folders. I remember one time I did and it screwed up the machine meaning not even the Administrator account could access anything.
I just want to ensure only my login has access to whatever shared folder I setup. Normally I just add my login but I am just curious about the everyone group...should I remove that to ensure 100% I'm safe on our network?
Normally it's perfectly fine to grant full access to Everyone on a share, because you'll actually control access via file ACLs anyway. Share permissions only apply to the share itself, while file ACLs apply to anything below. Also file ACLs allow far more fine-grained control than share permissions. Enable Access-based Enumeration and users won't even be able to see files and folders they don't have permission to access.
Yes i you want only for you to have access to the share you can remove the everyone group, but you will have to add yourself to the share permissions, if you remove everyone and don't add yourself to permissions then you have blocked yourself also from accessing it from network.
Also even if you leave everyone group, you can still allow/disallow access to others by NTFS permissions on security tab.
You have Network share permissions which control who can access the network shares and what they can do on the network, and then you have NTFS permissions which actually control who can read/write/modify the files.
If you allow somebody full access on NTFS but don't allow access on network share then you have only given them rights to the files when they are working on it directly from a machine.
For somebody to be able to read or modify the files over network he has to have network and NTFS permissions
I'm wondering whether to completely remove the Everyone group from my shared folders.
Remove the Everyone Group from the share, then add Domain Users or Authenicated Users and give them full control for the share.
I just want to ensure only my login has access to whatever shared folder I setup.
You will have access to the folder through the Domain Users or Authenticated Users group. You need to be on the domain to access the file.
On the Security tab, add a group and not just one person because you can easily manage a group. Give the group the permissions that you want, then log out and log in.
In early versions of Windows, using Everyone in permissions also granted anonymous users access, which was a potential problem. That particular issue was patched away years ago, though. Still, I prefer to remove Everyone and replace it with Authenticated Users, despite the fact that those permissions are generally over-ridden by NTFS level permissions.
