Microsoft® Windows® Security Resource Kit, Second Edition

Use least privilege. Whenever assigning permissions, assign the least privilege the user needs to complete her job function.
Assign permissions at the highest possible point in a hierarchy. Always assign permissions at the highest point in the container hierarchy and allow them to be inherited by child objects to simplify their application.
Assign permissions to security groups, not users. Assigning permission to security groups by using a structured model makes assigning permissions scalable and flexible. This is helpful when users and files change.
Use caution when encrypting files. Always archive the DRA when encrypting files with EFS to prevent files from being irreversibly encrypted.

Get Microsoft® Windows® Security Resource Kit, Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Microsoft® Windows® Security Resource Kit, Second Edition by Ben Smith, Brian Komar, The Microsoft Security Team