Re: ran caclc on "c:\program files" no /e on XP Home

From: Roger Abell [MVP] (mvpNoSpam_at_asu.edu)
Date: 01/30/04 

Date: Fri, 30 Jan 2004 03:19:02 -0700

To fine tone the permissions you would need to use an
F8 safe mode boot and access the Security dialog in the
properties of C:\Program Files

Note that c:\Program Files normally has its own permissions,
unlike what would exist on C:\somenewdirectory

C:\>cacls "c:\program files"
c:\Program Files BUILTIN\Users:R
                 BUILTIN\Users:(OI)(CI)(IO)(special access:)
                                           GENERIC_READ
                                           GENERIC_EXECUTE
                 BUILTIN\Power Users:C
                 BUILTIN\Power Users:(OI)(CI)(IO)C
                 BUILTIN\Administrators:F
                 BUILTIN\Administrators:(OI)(CI)(IO)F
                 NT AUTHORITY\SYSTEM:F
                 NT AUTHORITY\SYSTEM:(OI)(CI)(IO)F
                 BUILTIN\Administrators:F
                 CREATOR OWNER:(OI)(CI)(IO)F

"kurt ruby" <kurtis318@charter.net> wrote in message
news:5bd34e7e.0401292035.5280b30d@posting.google.com...
> I inadvertantly did add the /e switch on the entire "Program Files"
> directory on my WinXP Home system. Searching through Google groups, I
> see there is a command for WinXP Pro to restore the settings but not
> on Home. Norton AntiVirus Corporate Edition was failing to start. I
> was able to get it running by manually putting the following ACL with
> CACLS.exe.
> c:\Program Files BUILTIN\Users:(OI)(CI)F
> BUILTIN\Administrators:(OI)(CI)F
> NT AUTHORITY\SYSTEM:(OI)(CI)F
> THEPOWER\Kurtis:(OI)(CI)F
> I ran CACLS.exe on another directory and see the following:
> c:\downl BUILTIN\Administrators:F
> BUILTIN\Administrators:(OI)(CI)(IO)F
> NT AUTHORITY\SYSTEM:F
> NT AUTHORITY\SYSTEM:(OI)(CI)(IO)F
> THEPOWER\Kurtis:F
> CREATOR OWNER:(OI)(CI)(IO)F
> BUILTIN\Users:R
> BUILTIN\Users:(OI)(CI)(IO)(special access:)
> GENERIC_READ
> GENERIC_EXECUTE
>
> BUILTIN\Users:(CI)(special access:)
> FILE_APPEND_DATA
>
> BUILTIN\Users:(CI)(special access:)
> FILE_WRITE_DATA
>
> Everyone:(OI)(CI)C
>
> I am thinking I should have similar ACL on C:\Program Files but can't
> seem to get CACLS.exe to add the other special permissions.
>
> Anyone help me out, short of reinstalling?
>
> Thanks...

Relevant Pages

  • Re: HTTP 401.3 error: Please help - Urgent.
    ... Do you get this error for all URLs, or only those involving .CFM. ... get boooted out due to HTTP 401.3: ACL error. ... I have a ADS security group of ALL USERS with read permissions and I ...
    (microsoft.public.inetserver.iis)
  • Re: Migrationn from Exch 5.5 on NT to Exch 2003 on 2003
    ... Security translation can be performed automatically for objects migrated by ... you may use subinacl to replace the ACL. ... Using the Command Line to Edit Multiple Subdirectory Permissions ... Now what i am doing is migrating from an NT ...
    (microsoft.public.windows.server.migration)
  • Re: Win2k - Account Operator not working properly
    ... You very likely have other ACL issues other than what was mentioned and I can point them out here for you for free or you can pay someone $200-500 an hour to come check it out. ... In order for that to result in inheritence protection it means the schema had to be modified. ... set the account in the GUI to inherit from its parents. ... Used the delegation wizard, on the top level OU, to assign the desired permissions. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Migrationn from Exch 5.5 on NT to Exch 2003 on 2003
    ... Jason Tan wrote: ... Security translation is a function of ADMT 2.0 that updates access control lists when migrating objects across domains. ... subinacl is recommended to reset the permissions in this scenario. ... you may use subinacl to replace the ACL. ...
    (microsoft.public.windows.server.migration)
  • Re: Security Group Keeps getting removed???
    ... ACL on all security principals (users, groups, and machine accounts) present ... Delegated permissions are not available and inheritance is automatically ... AdminSDHolder Object Affects Delegation of Control for Past Administrator ...
    (microsoft.public.windows.server.active_directory)
Quantcast