Access control is a topic that many administrators may not know as well as they should. The inheritance mechanisms in Windows, for example, are quite complex and very powerful. A lack of respect for the complexity, as well as misunderstanding how access control works, has led many administrators, often at the behest of auditors who understand far less about how Windows works, to perform wholesale DACL replacement. In the process, they have completely destroyed one or more computers. At one point I was involved in an incident where a customer had deployed a Group Policy object to replace Everyone with Authenticated Users, which, as I mentioned earlier, are functionally equivalent. The result was that the Administrator's profile was world-readable, ...