Windows ntfs perms
I'd like to set permissions on a folder so that only user "aspnet" and users of the Administrators group have full control ( minus execute ) of the folder and it's subfolders.
the root of the question is what or why is there an 'everyone' person listed ?
i think it is because of the domains. you can have one set of domain users, which you can set everybody in that domain to use that folder.then in another domain you can have it differant or the same.
In the Macintosh environment, one of the user categories to which you assign permissions for a folder. Permissions given to everyone apply to all users who use the server, including guests.
See also permission.
A rule associated with an object to regulate which users can gain access to the object and in what manner.
See also object.
AppleTalk network integration (formerly Services for Macintosh) automatically translates between permissions and Macintosh access privileges. This means that permissions set on a folder (volume) are enforced for Macintosh users and access privileges set by Macintosh users are enforced for personal computer users connected to the computer running Windows_2000 Server.
Well if you can make sense of all that
hope it might help
Actually this is better
Differences between Windows NT 4.0 and Windows 2000 default security settings
Windows NT 4.0 provided two key groups whose membership could be controlled by the administrator: Administrators and Users. There was one group, Everyone, whose membership was controlled by the operating system or domain. Every user who was authenticated by the domain was a member of the Everyone group. If an administrator wanted stricter control of access to the computer's resources, the discretionary access control list (DACL) could be modified by removing the Everyone group.
Windows 2000 provides three groups whose membership is controlled by the administrator: Users, Power Users, and Administrators. The group whose membership is controlled by the operating system or domain is Authenticated Users. It is the same as the Everyone group, except that it does not contain anonymous users or guests.
Unlike the Everyone group in Windows NT 4.0, the Authenticated Users group is not used to assign permissions. Only groups controlled by the administrator, primarily Users, Power Users, and members of the Administrators group, are used to assign permissions. The default members of each group are listed below.
Local Group Windows 2000 Professional Windows 2000 Server
Administrators Administrator Administrator
Power Users Authenticated Users none
Users Authenticated Users Authenticated Users
By default in Windows 2000, any authenticated user is a member of the Users group. Windows 2000 Power Users have all the capabilities that Windows NT 4.0 Users had. This ensures backward compatibility with Windows NT 4.0. If an administrator wants to implement higher security on a Windows 2000 computer, Authenticated Users should be made members of the Users group only.
When a Windows 2000 Professional or Server computer joins a domain, the same domain groups are added to the computer that were added to a Windows NT 4.0 computer. Domain Administrators are added to the local Administrators group and Domain Users are added to the local Users group.