Welcome to WinForumz.com!
FAQFAQ      ProfileProfile    Private MessagesPrivate Messages   Log inLog in

Strange folder permissions

  
   Windows XP Arc2 (Home) -> Security Admin RSS
Next:  Start up Error message  
Author Message
Rob142

External


Since: Aug 16, 2004
Posts: 106



(Msg. 1) Posted: Thu Nov 02, 2006 4:54 am
Post subject: Strange folder permissions
Archived from groups: microsoft>public>windowsxp>security_admin (more info?)
I'm running Windows XP PRO with automatic updated and have just (4 days ago)
converted my user account from being a member of the administrators group to
being a member of the users group. I've created a new admin account for
occational use. Except for a couple of hickups with products that probably
were not design for running under non-admin accounts, all has been going
well. However, one of the products failed because of lacking access to a
folder/file in its own installation folder under Program Files. Logged on
with my, now limited, account I checked the security flags and found that I
was correctly not having access to the folder/file, BUT the options to allow
additional authority to myself were not dimmed out. So with this account I
could grant myself the required access and from then on everything worked
fine.

Since then I have discovered numerous Program Files folders that this
limited account has this type of access to, but there are also lots of them
without this additional access. What's happening here?

Using the Effective Permissions feature I've also found out that the limited
account SEEMS to have the following authorities to (I guess) everything in
the computer, including the Windows\system32 folder:

- Create Files / Write Data
- Create Folders / Append Data

Is this normal?

To summarize, I wish to know:

1) How come the limited user has authority to set security flags in some
folders/files, but not all?

2) Is it normal that a limited account has the Create security attributes
above to all folders and files?

3) Can I safely remove these capabilities from (at least) the WINDOWS and
Program Files folders and subfolders?

4) Are there any official recommendations with regards to folder and file
security settings?

Thanks in advance.

 >> Stay informed about: Strange folder permissions 
Back to top
Login to vote
Newell White

External


Since: Aug 24, 2006
Posts: 1



(Msg. 2) Posted: Thu Nov 02, 2006 6:02 am
Post subject: RE: Strange folder permissions [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
1) The Owner has the right to assign permissions even after being moved from
Administrators to a less privileged group. This includes those you created by
installs to C:\Program Files.

2) No

3) Safe procedure is to create a new User account for yourself, and then log
on as the new admin account and delete your original account - ownership
should now devolve to the Administrators group.

4) No, secure but tolerable settings settings depend on environment and
purpose.

--
Newell White


"Rob" wrote:

> I'm running Windows XP PRO with automatic updated and have just (4 days ago)
> converted my user account from being a member of the administrators group to
> being a member of the users group. I've created a new admin account for
> occational use. Except for a couple of hickups with products that probably
> were not design for running under non-admin accounts, all has been going
> well. However, one of the products failed because of lacking access to a
> folder/file in its own installation folder under Program Files. Logged on
> with my, now limited, account I checked the security flags and found that I
> was correctly not having access to the folder/file, BUT the options to allow
> additional authority to myself were not dimmed out. So with this account I
> could grant myself the required access and from then on everything worked
> fine.
>
> Since then I have discovered numerous Program Files folders that this
> limited account has this type of access to, but there are also lots of them
> without this additional access. What's happening here?
>
> Using the Effective Permissions feature I've also found out that the limited
> account SEEMS to have the following authorities to (I guess) everything in
> the computer, including the Windows\system32 folder:
>
> - Create Files / Write Data
> - Create Folders / Append Data
>
> Is this normal?
>
> To summarize, I wish to know:
>
> 1) How come the limited user has authority to set security flags in some
> folders/files, but not all?
>
> 2) Is it normal that a limited account has the Create security attributes
> above to all folders and files?
>
> 3) Can I safely remove these capabilities from (at least) the WINDOWS and
> Program Files folders and subfolders?
>
> 4) Are there any official recommendations with regards to folder and file
> security settings?
>
> Thanks in advance.
>
>

 >> Stay informed about: Strange folder permissions 
Back to top
Login to vote
Display posts from previous:   
   Windows XP Arc2 (Home) -> Security Admin All times are: Eastern Time (US & Canada) (change)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You can edit your posts in this forum
You can delete your posts in this forum
You can vote in polls in this forum

Categories:
 Windows XP
 Windows Vista!
 Win 2000/NT/98/ME

[ Contact us | Terms of Service/Privacy Policy ]