Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item.
Starting Point: New Win7 SP1 installation, NOT on a domain. Now I want to lock down a few files to only admins. We'll try to lock down c:\windows\system32\at.exe. First image is my starting/default permissions. I'm logged in as local admin. I now delete Users so only Admins can run the executable. Once I delete Users, I get the error message of the 2nd image. If I try to Run as Administrator, I get the same error message. The current ownership of the file is TrustedInstallers - if I take ownership it still gives me the error message. If I look at Effective Permissions for the account, I see that the local admin account DOES have the correct read/execute rights. I'm now officially stumped. What am I missing here? Does the same thing happen on your systems? Thanks in advance for any help you can provide. <Frank>
June 11th, 2012 1:38pm

I was just about to post this, too. I have the exact same problem. Trying to only allow SYSTEM and Administrators to access "cmd.exe". I get the dialog that Frank posted when I try to run it. The problem goes away if I add "Users" or "INTERACTIVE", but then that means that any user can access cmd.exe, which defeats the purpose. :/
Free Windows Admin Tool Kit Click here and download it now
June 11th, 2012 5:44pm

So, by default, an executable (such as Frank's "at.exe" and my "cmd.exe") *has* to be able to be executed by everyone? How would you go about locking something down so only Administrators can access it? The moment I try doing that, I get the same message as in Frank's 2nd image. Thanks, Pedro
June 19th, 2012 8:51am

Vincent, Thank you very much for your reply. The issue is NOT TrustedInstaller, it's trying to remove the permission so that a local user can run a certain executable (cmd.exe, at.exe, etc.) How can we lock down an executable so ONLY a local/domain admin can execute the file? This is an important question when you harden or lock down a system. Thank you very much for your help, Frank
Free Windows Admin Tool Kit Click here and download it now
July 18th, 2012 4:57pm

All, Glad to see that I'm not the only one out there running into this exact problem when trying to harden the OS as required by my customer. You can't tell me that Microsoft's only answer is to "Allow Everyone", that's absurd! Please Microsoft, give us some support on this topic! Randy
August 3rd, 2012 10:30am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics