Before you jump the gun I'm always looking for new security tricks. One thing I thought of recently is setting more of a defined permission system. I know NTFS already has it but I was thinking of removing the everyone permission and replacing it with users, system, and any service accounts. Then I can peel back. The idea is everything has to be defined. There's no other/everyone etc. A service will be limited to access what it needs and if possible I will set up seperate accounts for each service so I can peel them back more. This is a little more similar to Security Enhanced Linux where everything needs to be defined.

I always remove it on any shared folders I creat. I add the user accounts setup on the PC first and then remove it. If you try to delete it first windows will complain. You may even lock yourself out of the folder and have to go in as administrator to fix it.

PC performance buffs have long measured hardware advances using a few simple metrics: Is it faster? Is it bigger? Does it have more blinky lights?

Thanx for the reply but that's not where I was going with that. Shared permission is one thing. However, I'm talking about the filesystem as a whole. The idea is to put the extra time into the filesystem to make it as rock solid secure as Windows can be.

Your a braver man than I. I think your just going to end up breaking windows.

PC performance buffs have long measured hardware advances using a few simple metrics: Is it faster? Is it bigger? Does it have more blinky lights?

If it's logical it can be done. Besides I'm using a spare system to see what I can do without breaking it. If you remove ACLs logically, here and there, you should be fine. Most things fall in users, system, administrators, administrator anyway. You just add permissions for all these users/groups when you remove everyone and then remove them for objects that don't require them. For example admin, administrators, and service would need read/write/execute access to windows and users would just need read/execute. Obviously, there's more to it but most things are pretty clear.