What are the permissions on the eXpress share and how do they work within GSS?
Last Updated May 02, 2019
During the installation of the Ghost Solution Suite, a share gets created. The default location for this share is C:\Program Files(x86)\Altiris\eXpress\Deployment Server. The Deployment Server folder is the folder that is shared. The share is called eXpress to anyone trying to locate it on the network.
The permissions for this share at the time of installation are as follow...
NTFS permissions - Authenticated Users and Administrators with full control.
Share permissions - Everyone full control
So what does this actually mean. The Authenticated Users includes all users who have logged in with a username and password. This means all users whose identities were authenticated when they logged on. This includes local user accounts as well as all domain accounts from trusted domains.
The Everyone group includes all users who have logged in with a password as well as built-in, non-password protected accounts such as Guest and LOCAL_SERVICE. So this means it includes everyone from the Authenticated Users group as well as the build-in Guest account and several other build-in security accounts like Service, Local_Service Network_Service, and others.
Anonymous accounts do not authenticate are not included in the Everyone group after the release of Windows 2003.
You can adjust the default permissions on the eXpress share if you'd like. By removing the Authenticated Users group from the NTFS security of the eXpress share you can limit access to the share to only administrators. You will want to be careful however with adjusting these settings because it is possible to lock down the share too far and job will start working. Remember that with each release update and new installation of the GSS product the permissions will get set back to the default.
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe