Re: What right allows full access?

From: Dmitriy Kopnichev (kopn@hotbox.ru)
Date: 08/20/02 

From: "Dmitriy Kopnichev" <kopn@hotbox.ru>
Date: Tue, 20 Aug 2002 11:39:54 +0400

I granted a full access to all disk c: contents to the 'Power users' group.
How to restore the 'Power users' group default permissions?
"Roger Abell [MVP]" <mvpNOSPAM@asu.edu> wrote in message
news:up3K9EsRCHA.1672@tkmsftngp12...
>
> "Dmitriy Kopnichev" <kopn@hotbox.ru> wrote in message
> news:ugTLjRpRCHA.1652@tkmsftngp09...
> > I don't want to run Windows XP as an Administrator because of Viruses
and
> > Trojan horses, but want to have access to all files and folders.
>
> So log in as an administrator, and then grant permission to
> the Users group on those areas where your non-admin account
> does not have access. Log off from the admin account until
> you next need it for something. This did not involve taking
> ownership. There are a couple areas where even Administrators
> do not have access granted to them, and for these area only
> taking ownership as an admin _might_ be needed. But to have
> access as any account outside Administrators usually a grant
> of Change to Users is sufficient.
>
> And yes, while logged in as admin to modify permissions,
> install that anti-virus software and set it to periodically get
> signature file updates.
>
>
> --
> Roger Abell
> MS MVP (Windows Platform), MCSE, MCDBA
> Associate Expert - Windows XP ExpertZone
> http://www.microsoft.com/windowsxp/expertzone
>
>
> > "Roger Abell [MVP]" <mvpNOSPAM@asu.edu> wrote in message
> > news:eH5AXPmRCHA.3664@tkmsftngp11...
> > > "Dmitriy Kopnichev" <kopn@hotbox.ru> wrote in message
> > > news:#Jx9H0jRCHA.2456@tkmsftngp09...
> > > > Should I grant the permission for a group to take ownership per
disk?
> > >
> > > You can, if that is what you wish. But why is it so
> > > important for them to be able to take ownership?
> > >
> > > Also, say you go to the root of C: and drill into the
> > > Security tab, advanced view, highlight Everyone
> > > where this group has a grant of Read/Execute, Edit
> > > and scroll down and check to grant the permission
> > > to take ownership, apply, ok, etc.
> > > Afterwards, any account can take ownership of C:
> > > and of file/folders contained in C: except where
> > > inheritance of premissions from the C: root has
> > > been blocked and an new permissions inheritance
> > > point established (such as is the case for most dirs
> > > within a C: that is the install drive).
> > > Suppose someone now takes ownership of C:.
> > > They can now change the permissions at C: to
> > > grant their account and the SYSTEM account
> > > Full Contol, and also say to reset all premissions
> > > from there on down, leaving no other account with
> > > any permissions to anything. If there were no places
> > > where inheritance was blocked, it would be done.
> > > All of C: would be theirs and theirs alone. Now,
> > > in fact inheritance is blocked at many points in the
> > > install drive, so they will only get exclusive access
> > > to some of C: and error out when it tries to remove
> > > the inheritance blocks since they do not have the
> > > permissions to do that (unless you had gone out of
> > > your way to make it so that they did have the permission
> > > to take ownership everywhere). Anyway, you would
> > > end up with a junk system if they did this.
> > > But - that is how to do it.
> > >
> > > --
> > > Roger Abell
> > > MS MVP (Windows Platform), MCSE, MCDBA
> > > Associate Expert - Windows XP ExpertZone
> > > http://www.microsoft.com/windowsxp/expertzone
> > >
> > >
> > > > "Roger Abell [MVP]" <mvpNOSPAM@asu.edu> wrote in message
> > > > news:euFRBjhRCHA.3648@tkmsftngp11...
> > > > > "Dmitriy Kopnichev" <kopn@hotbox.ru> wrote in message
> > > > > news:u8R78egRCHA.4088@tkmsftngp09...
> > > > > > How to grant the right to Take Ownership of any resource to a
> group
> > > > > account?
> > > > >
> > > > > You cannot. The permission to take ownership must be
> > > > > granted per resource. Otherwise, as Bruce indicated, make
> > > > > the accounts members of Administrators.
> > > > >
> > > > > --
> > > > > Roger Abell
> > > > > MS MVP (Windows Platform), MCSE, MCDBA
> > > > > Associate Expert - Windows XP ExpertZone
> > > > > http://www.microsoft.com/windowsxp/expertzone
> > > > >
> > > > >
> > > > > > "BruceS" <bruce@senexet.com> wrote in message
> > > > > > news:3D5CF46B.2010302@senexet.com...
> > > > > > > Technically, it's the right to Take Ownership of any resource.
> If
> > an
> > > > > > > administrator is prevented from accessing something, he can
> always
> > > > take
> > > > > > > ownership. As the new owner he can change permissions to give
> > > himself
> > > > > > > access.
> > > > > > > -Bruce
> > > > > > >
> > > > > > > Dmitriy Kopnichev wrote:
> > > > > > >
> > > > > > > > Hello
> > > > > > > > What right allows an administrator account to have a full
> access
> > > to
> > > > > all
> > > > > > > > files?
> > > > > > > > --
> > > > > > > > Please, click Message menu, then 'Reply to all' in Outlook
> > > Express.
> > > > > This
> > > > > > > > sends your reply to the newsgroups and to
> > > > > > > > my email address at the same time. Or reply to the
newsgroups
> > and
> > > my
> > > > > > e-mail.
> > > > > > > > Mr. Dmitriy Kopnichev
> > > > > > > > e-mail: kopn@hotbox.ru
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>

Relevant Pages

  • Re: Understanding XP file permissions ? (Application Programs not following standards ?)
    ... > I've been trying to understand how file permissions in Windows NT/XP ... > Administrator account only for administrative purposes as it is ... > I also have a question about changing ownership of folders/files. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: What right allows full access?
    ... So log in as an administrator, ... Log off from the admin account until ... taking ownership as an admin _might_ be needed. ... And yes, while logged in as admin to modify permissions, ...
    (microsoft.public.windowsxp.security_admin)
  • Re: How to Lock PC Clock and Date in XP pro ?
    ... And on the Ownership of the file, that I mentioned in my other post, I must have been half asleep when I wrote that, if the other users are administrators they will be able to seize ownership of the file and do as they please with it. ... Currently there is no password access into the adm account. ... Deny Read & Execute as well as Read permissions for the Administrator group and they won't be able to launch the applet to change the time or date. ...
    (microsoft.public.windowsxp.newusers)
  • Re: Upgrade to Leopard and the issues its caused!
    ... ownership or permissions of files in your home directory? ... and this time DO NOT use the Info window or chmod to change permissions ... or ownership of files in your home folder. ... Use the new account like this ...
    (comp.sys.mac.apps)
  • Re: Security identifiers
    ... You probably need to first Take Ownership ... since the Access Denied indicates the account ... just set new permissions from a point ... >>> Does semeone knows what means that security identifier ...
    (microsoft.public.windowsxp.security_admin)