Windows 2000 default permissions on the root of the system drive are too loose. An attacker can place a Trojan Horse program on the root of the drive, which might be invoked, instead of a well known program, during logon.

Windows XP has closed the security gap by changing the default permissions on the root of the system drive to:

Administrators: Full (This Folder, Subfolders, and Files)
Creators Owners: Full (Subfolders and Files)
System: Full (This Folder, Subfolders, and Files)
Everyone: Read and Execute (This Folder Only)

Since the above permissions have been extensively tested, I would would set the Windows 2000 system drive root to these permissions.