Get a Pentest and security assessment of your IT network.

Request a quote
Cyber Security

Secure Public Folder

January 3, 2026

TL;DR

The C:UsersPublic folder has overly permissive permissions and is often accessible to all users on a system, including those with limited privileges. This can lead to sensitive data being exposed. We’ll restrict access using NTFS permissions and consider alternative storage locations.

Solution Guide

  1. Understand the Risk
    • The C:UsersPublic folder is designed for shared files, but its default settings often allow anyone logged into the computer to read, write, and even delete data.
    • This poses a security risk if users store confidential documents, passwords, or other sensitive information there.
  2. Check Current Permissions

    Before making changes, see who currently has access:

    icacls "C:UsersPublic"

    This command will show you the Access Control List (ACL) for the folder. Pay attention to users and groups with ‘F’ (Full control), ‘M’ (Modify), ‘RX’ (Read & Execute), and ‘W’ (Write) permissions.

  3. Restrict Permissions using NTFS

    We will remove unnecessary access and grant only specific users or groups the required permissions. Important: Back up the folder before making changes!

    • Remove ‘Everyone’ Access: This is often the biggest security issue. 
      icacls "C:UsersPublic" /remove:g Everyone
    • Grant Specific User/Group Access: Replace <username> or <groupname> with the appropriate account. 
      icacls "C:UsersPublic" /grant <username>:F

      This grants full control to a specific user. Use ‘M’ for Modify, ‘RX’ for Read & Execute, or ‘W’ for Write as needed.

    • Grant Administrators Access: Ensure the administrators group has full control. 
      icacls "C:UsersPublic" /grant Administrators:F
  4. Verify Permissions After Changes

    Run icacls "C:UsersPublic" again to confirm the permissions have been updated correctly.

  5. Consider Alternative Storage Locations
    • For sensitive data, avoid using the C:UsersPublic folder altogether.
    • Use encrypted folders or dedicated secure storage solutions.
    • Store files in user-specific folders with appropriate permissions.
  6. Educate Users

    Inform users about the risks of storing sensitive data in shared locations and encourage them to use more secure methods.

4
Share:
Related posts
Cyber Security

Zip Codes & PII: Are They Personal Data?

January 3, 2026
Cyber Security

Zero-Day Vulnerabilities: User Defence Guide

January 3, 2026
Cyber Security

Zero Knowledge Voting with Trusted Server

January 3, 2026
Cyber Security

ZeroNet: 51% Attack Risks & Mitigation

January 3, 2026