ACLs, partitions and users profiles
What is your target goal and target system configuration...?
It is not a surprize that boot and data partitions are "equipted" with different set of rights. Your question is legal one, but very difficult to explain for people outside the Microsoft design team. Perhaps Mark Russinowich book (MSPRESS, 6th Edition) on
internals may touch this detailed information.
Regards
Milos
June 22nd, 2012 2:49pm
Hi
In Windows
7 SP1, I
noticed that the ACLs
of the root directory of a
logical partition (D:) formatted
NTFS are different from those
of the root directory of the system partition (C:):
C:\Windows\system32>icacls c:\
c:\ BUILTIN\Administrators:(F)
BUILTIN\Administrators:(OI)(CI)(IO)(F)
NT AUTHORITY\SYSTEM:(F)
NT AUTHORITY\SYSTEM:(OI)(CI)(IO)(F)
BUILTIN\Users:(OI)(CI)(RX)
NT AUTHORITY\Authenticated Users:(OI)(CI)(IO)(M)
NT AUTHORITY\Authenticated Users:(AD)
Etichetta obbligatoria\Livello obbligatorio alto:(OI)(NP)(IO)(NW)
Processing is complete for 1 file. Processing failed for file 0
C:\Windows\system32>icacls d:\
d:\ BUILTIN\Administrators:(F)
BUILTIN\Administrators:(OI)(CI)(IO)(F)
NT AUTHORITY\SYSTEM:(F)
NT AUTHORITY\SYSTEM:(OI)(CI)(IO)(F)
NT AUTHORITY\Authenticated Users:(M)
NT AUTHORITY\Authenticated Users:(OI)(CI)(IO)(M)
BUILTIN\Users:(RX)
BUILTIN\Users:(OI)(CI)(IO)(GR,GE)
Processing is complete for 1 file. Processing failed for file 0
Why?
If I were to move,
in the logical partition,
the users profiles (except the
default profile) and the
public directory, should I
also change its
ACLs to get a stable,
secure and coherent or not?
Thanks
Bye
Balubeto
Free Windows Admin Tool Kit Click here and download it now
June 23rd, 2012 5:19am
What is your target goal and target system configuration...?
It is not a surprize that boot and data partitions are "equipted" with different set of rights. Your question is legal one, but very difficult to explain for people outside the Microsoft design team. Perhaps Mark Russinowich book (MSPRESS, 6th Edition) on
internals may touch this detailed information.
Regards
Milos
Really, I only
wanted to know if these differences
are caused solely from the partition type or
if these work even on other levels of the
system and users security.
Thanks
Bye
Balubeto
June 23rd, 2012 12:12pm
Hi,
These differences are caused by system and current user account.
Icacls
http://technet.microsoft.com/en-us/library/cc753525(v=ws.10)Ivan-Liu
TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
June 26th, 2012 4:15am
Hi,
These differences are caused by system and current user account.
Icacls
http://technet.microsoft.com/en-us/library/cc753525(v=ws.10)
Ivan-Liu
TechNet Community Support
If I create,
in the logical partition, the users profiles
(with the exception of the default profile)
and if I do move the public directory
structure on this partition, I should not
change the ACLs of this partition to obtain
a stable, secure and consistent system
. Right?
Thanks
Bye
Balubeto
June 26th, 2012 5:07am
I'm waiting for
an answer.
By chance, you are doing some
tests before answering?
Thanks
ByeBalubeto
Free Windows Admin Tool Kit Click here and download it now
June 28th, 2012 3:18am
Hi,
These differences are caused by system and current user account.
Icacls
http://technet.microsoft.com/en-us/library/cc753525(v=ws.10)Ivan-Liu
TechNet Community Support
June 28th, 2012 4:05am
Hi,
These differences are caused by system and current user account.
Icacls
http://technet.microsoft.com/en-us/library/cc753525(v=ws.10)
Ivan-Liu
TechNet Community Support
If I create,
in the logical partition, the users profiles
(with the exception of the default profile)
and if I do move the public directory
structure on this partition, I should not
change the ACLs of this partition to obtain
a stable, secure and consistent system
. Right?
Thanks
Bye
Balubeto
Free Windows Admin Tool Kit Click here and download it now
June 28th, 2012 4:57am