Re: Access Control to Drives

From: Arek Iskra [MVP] (
Date: 09/25/05

Date: Sun, 25 Sep 2005 18:52:30 +0800

"Steven L Umbach" <> wrote in message
> Just to clarify in Windows 2000 if you dig further you should see that
> everyone has full control only to the root/drive folder for the system
> drive. If you look under the \winnt folder for instance that should not be
> the case. MS did change that behavior in XP/2003 and I agree with what
> Arek suggests though you may want to remove everyone and users and replace
> with authenticated users for read/list/execute. The mysterious sid is a
> user or group that the operating system no longer has a name to map to.
> For a non domain computer you could safely remove the sid from permissions
> lists. Usually this happens when a user or group was created and then
> deleted from users and groups but still remains in permissions and/or user
> rights lists. The link below is to a KB article that discusses the root
> folder excessive permissions in Windows 2000. --- Steve

Thanks a lot Steve for clarification. Yup, adding Authenticated Users is yet
another way to deal with this scenario.

Arek Iskra
MVP for Windows Server - Software Distribution

Relevant Pages

  • RE: What server hardening are you doing these days?
    ... permissions on their data, and Microsoft encourages ISVs to minimize ... I've been able to discuss ACLs and other security issues in Windows with ... Control or DAC (which is what you're referring to by the "stupid ...
  • Re: Unnown process... 5eplorer.exe
    ... do not remove the cause (a "super"-hidden .dll program) but only remove ... symptom files and registry settings. ... It has all permissions but 'copy' denied to everyone, ... then by using the Windows XP Recovery Console. ...
  • RE: dcom permissions and vista?
    ... user BLAH with Local Activation and Local Launch permissions. ... Windows Vista indeed do some changes in handling DCOM and you may need to ... Windows Vista introduces the notion of Mandatory Access Labels in security ... Microsoft Online Community Support ...
  • Re: OT: Win 7 comments
    ... I had to edit the Registry. ... This is right up there with repairing permissions, ... That's odd, consider how some of you guys bring the same habits to Windows, ... I will wait for some apps to crash. ...
  • Re: Passwords on Folders
    ... domain computer [there is also a recovery agent for a domain]. ... > Windows under which those permissions were defined. ... use NTFS on your hard drives so you can then EFS ...