sql server 2008r2
Is it recommended to remove user groups from drive:\Program Files\Microsoft SQL Server folder and data folder?
It's flag out as one of our audit finding.
I tried removing it on my own test machine but it keep asking me to remove inheritance. Seems quite dangerous to me. Any kind soul can provide steps to remove it with affecting other existing permissions?
If you're a bit unsure about this, theres no harm in asking a windows administrator for some assistance! They're supposed to know this I'm sure!
The message "remove inheritance" might be the one that is similar to windows 7 permissions warning I get, like "you must prevent this object from inheritting permissions". If there are not any specific permissions aplied to the "microsoft sql server" folder, it "inherits" the permissions from the folder "program files" that contains it (which could very well be inheritting permissions itself). If you need different permissions on the "microsoft sql server" folder, you then need to "prevent" the "microsoft sql server" folder from inheritting permissions. You can see the effects and mechanics of this by doing the operation on test folders and subfolders you create yourself, and highly recommended to be familiar with permissions on windows.
On windows 7, I right click folder, select properties -> security -> click advanced button -> click change permissions -> unclick "include inheritable permissions form this objects parent" -> this causes a windows security dialog box, I click "add" to "convert and add inhterited parrent permissions as explicit permissions on this object" (this way I know exactly what permissions were applying and can edit those instead of creating permissions from scratch) -> make my changes, ok it. The dialog might be somewhat different on a server depending on version, but essentially you're copying the existing permissions to explicit settings on the current folder then editting those. The folders contained within the current folder will then inherit the permissions you are changing as they will still have their permissions inheritted.