Re: Expanding on KB 244600?

"Joe Richards [MVP]" <humorexpress@xxxxxxxxxxx> wrote in message
news:O5fSLqhvGHA.1808@xxxxxxxxxxxxxxxxxxxxxxx
That general type of documentation, what and where MSFT apps use
something is generally unavailable. Personally I believe it is because
no one really knows and it isn't all documented. I have asked for this
on multiple occasions and always get the cold shoulder. Even for things
as recent as Active Directory attributes, etc.

Unfortunately, as I start to better understand the system, I get exactly the
same feeling. It really looks like they had large numbers of different
players all integrating together in rather random ways, and "security" was
simply something that got in their way, and the permissions they chose are
utterly random DACLs on folders and files that were the minimum needed to
get each team's code to run.

The infrastructure of DACL and SACL itself seems extremely well done, so how
frustrating it is that Microsoft's infrastructure teams produced a wonderful
security layer at the bottom, and there was apparently no coherent
application of that infrastructure on the higher levels of the OS. And
the only guidance if a customer sees that and wants to (partially) fix it is
to say that if you change default permissions in system32 Microsoft won't
support it.

--
Will


.