Re: Adding XP in another partition users into Vi$ta

From: "FromTheRafters" <erratic@xxxxxxxxxxxxxxxxx>
Date: Thu, 16 Oct 2008 17:01:53 -0400

"Man-wai Chang ToDie (33.6k)" <toylet.toylet@xxxxxxxxx> wrote in message
news:%235UxUA0LJHA.5660@xxxxxxxxxxxxxxxxxxxxxxx

Under Vi$ta:
First, I removed all accounts that could access folder X. Then I let user
Y to take control of the folder, including subfolders. I only want Vi$ta's
user Y to access that folder.

Was user Y elevated when you took ownership?

I've been wanting to ask the experts in this group about this
for awhile anyway, so here it goes.

When an SID is created by a limited user with an admin token
(elevated standard account) is the "owner" field different than
it would be without the admin token? In other words, is it only
possible to be accepted as the "owner" if you are attempting
access as that same user again also elevated?

Then I boot back into XP:
XP's Administrator as well as user could no longer access folder X, unless
I let XP's Admin to take control of folder X. But if I did that, when I
booted back into Vi$ta, Vi$ta's user Y could no longer access folder X.

Have you tried elevating Vista's Y user when attempting access of
folder X? Not because it needs elevated privileges, but because it
needs "owner" to match the SID - just in case the split token is what
is causing this confusion. Thereafter you should be able to allow any
standard user account you want to assume ownership.

Sorry if this isn't helpful, but maybe you would have better luck
in the micro$oft.pubic.windoze.vi$ta.insecurity newsgroup.

.

Follow-Ups:
- Re: Adding XP in another partition users into Vi$ta
  - From: Jimmy Brush

References:
- Adding XP in another partition users into Vi$ta
  - From: Man-wai Chang ToDie (33.6k)
- Re: Adding XP in another partition users into Vi$ta
  - From: Jimmy Brush
- Re: Adding XP in another partition users into Vi$ta
  - From: Man-wai Chang ToDie (33.6k)
- Re: Adding XP in another partition users into Vi$ta
  - From: Jimmy Brush
- Re: Adding XP in another partition users into Vi$ta
  - From: Man-wai Chang ToDie (33.6k)

Prev by Date: Re: You should be aware of the threat.
Next by Date: Re: You should be aware of the threat.
Previous by thread: Re: Adding XP in another partition users into Vi$ta
Next by thread: Re: Adding XP in another partition users into Vi$ta
Index(es):
- Date
- Thread

Relevant Pages

Re: Adding XP in another partition users into Vi$ta
... I removed all accounts that could access folder X. ... Then I let user Y to take control of the folder, ... XP's Administrator as well as user could no longer access folder X, unless I let XP's Admin to take control of folder X. ...
(microsoft.public.windows.vista.security)
unsetting read-only
... I am running Windows XP Home Edition. ... macro which creates a data file into an existing non- ... Access folder. ...
(microsoft.public.windowsxp.security_admin)
Re: Trust ip-address in a specific folder?
... > specific folder as far as I know. ... What I want is that the admin user can only ... > access folder A when logging in from pc A. This will increase the integrity ... No firewall is going to limit users to a FOLDER on a node, ...
(comp.security.firewalls)
New Security Group Does Not Work
... I am simply creating a new security group with the name of "staff." ... control in the permissions and security tabs. ... User is unable to access folder. ...
(microsoft.public.windows.server.sbs)
Re: Help with configuration
... to redirect their My Documents folder to a share on the fileserver. ... GPo, if it is already redirecting by default? ... account profile is blank, also). ... Your GPO settings do not apply to your Terminal Server. ...
(microsoft.public.windows.terminal_services)