security non system drives

I just noticed that, under Vista beta 2, non system drives are given, by default, special access permissions of: traverse, execute, list folder, read to EVERYONE. Isn't that a security risk? How about those of us, for example, who built Vista on a separate drive but still have personal data on a drive that is now mounted with those special permissions? If these data were under "Documents and Settings" they were protected (and many people are now complaining that the old files are not accessible any more) but I am concerned about folders and files that were not under "Documents and Settings" and were, therefore, not necessarily protected. Why give access to EVERYONE to these other drives?

I guess my followup question is why not give that non-write access to Everyone? What would you suggest instead?
Remember, the default security descriptor is applied when the storage is first formatted. Many of us have the practice of setting the NTFS permissions at the drive root as a first action after a new format, with those permissions selected based on the use to be made of the storage.
It is pretty hard to see what one should use that would be the "most likely" permissions, so forcing on the least people the need to adjust those permissions. It is certainly not possible for the drive to come out from the format factory so that the storage is private to jgascon as would be the My Documents of account jgascon; well, if jgascon did the formatting it would be possible, but that would be a guess that would likely cause the most people to have to adjust permissions post format.
"jgascon" wrote in message

I just noticed that, under Vista beta 2, non system drives are given, by default, special access permissions of: traverse, execute, list folder, read to EVERYONE. Isn't that a security risk? How about those of us, for example, who built Vista on a separate drive but still have personal data on a drive that is now mounted with those special permissions? If these data were under "Documents and Settings" they were protected (and many people are now complaining that the old files are not accessible any more) but I am concerned about folders and files that were not under "Documents and Settings" and were, therefore, not necessarily protected. Why give access to EVERYONE to these other drives?

MS designs Windows so that the average user gets a good experience with it, with little to no effort on their part.
Most home users aren't concerned about perms on secondary drives. Make it a security risk for some, or make it a nuisance for most, the choice is fairly obvious.
"Roger Abell [MVP]" wrote:

I guess my followup question is why not give that non-write access to Everyone? What would you suggest instead?
Remember, the default security descriptor is applied when the storage is first formatted. Many of us have the practice of setting the NTFS permissions at the drive root as a first action after a new format, with those permissions selected based on the use to be made of the storage.
It is pretty hard to see what one should use that would be the "most likely" permissions, so forcing on the least people the need to adjust those permissions. It is certainly not possible for the drive to come out from the format factory so that the storage is private to jgascon as would be the My Documents of account jgascon; well, if jgascon did the formatting it would be possible, but that would be a guess that would likely cause the most people to have to adjust permissions post format.
"jgascon" wrote in message I just noticed that, under Vista beta 2, non system drives are given, by default, special access permissions of: traverse, execute, list folder, read to EVERYONE. Isn't that a security risk? How about those of us, for example, who built Vista on a separate drive but still have personal data on a drive that is now mounted with those special permissions? If these data were under "Documents and Settings" they were protected (and many people are now complaining that the old files are not accessible any more) but I am concerned about folders and files that were not under "Documents and Settings" and were, therefore, not necessarily protected. Why give access to EVERYONE to these other drives?