Blog | G5 Cyber Security

Secure Public Folder

G5 Cyber Security

TL;DR

The C:UsersPublic folder has overly permissive permissions and is often accessible to all users on a system, including those with limited privileges. This can lead to sensitive data being exposed. We’ll restrict access using NTFS permissions and consider alternative storage locations.

Solution Guide

  1. Understand the Risk
    • The C:UsersPublic folder is designed for shared files, but its default settings often allow anyone logged into the computer to read, write, and even delete data.
    • This poses a security risk if users store confidential documents, passwords, or other sensitive information there.
  2. Check Current Permissions

    Before making changes, see who currently has access:

    icacls "C:UsersPublic"

    This command will show you the Access Control List (ACL) for the folder. Pay attention to users and groups with ‘F’ (Full control), ‘M’ (Modify), ‘RX’ (Read & Execute), and ‘W’ (Write) permissions.

  3. Restrict Permissions using NTFS

    We will remove unnecessary access and grant only specific users or groups the required permissions. Important: Back up the folder before making changes!

    • Remove ‘Everyone’ Access: This is often the biggest security issue. 
      icacls "C:UsersPublic" /remove:g Everyone
    • Grant Specific User/Group Access: Replace <username> or <groupname> with the appropriate account. 
      icacls "C:UsersPublic" /grant <username>:F

      This grants full control to a specific user. Use ‘M’ for Modify, ‘RX’ for Read & Execute, or ‘W’ for Write as needed.

    • Grant Administrators Access: Ensure the administrators group has full control. 
      icacls "C:UsersPublic" /grant Administrators:F
  4. Verify Permissions After Changes

    Run icacls "C:UsersPublic" again to confirm the permissions have been updated correctly.

  5. Consider Alternative Storage Locations
    • For sensitive data, avoid using the C:UsersPublic folder altogether.
    • Use encrypted folders or dedicated secure storage solutions.
    • Store files in user-specific folders with appropriate permissions.
  6. Educate Users

    Inform users about the risks of storing sensitive data in shared locations and encourage them to use more secure methods.

Exit mobile version