Re: Restore original ACL rights of ...\system32\* - how ?
From: Colin Nash [MVP] (x_at_x)
Date: 08/21/04
- Next message: dms: "sp2 cd"
- Previous message: NoNoBadDog!: "Re: SP 1"
- In reply to: Tobias Alte: "Restore original ACL rights of ...\system32\* - how ?"
- Next in thread: Roger Abell [MVP]: "Re: Restore original ACL rights of ...\system32\* - how ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 20 Aug 2004 18:58:03 -0400
"Tobias Alte" <nospam@you-guess-it.org> wrote in message
news:opsc0w0hmvmmdu9g@2biased...
> Hi,
>
> I know I should't have been messing around with the cacls.exe tool in this
> folder, but unfortunatly it happend.
>
> I am working in a one person/multi-user environment with a special user
> account for internet access. This account has only non-priviledged user
> rights ( using win xp home sp2 ). The thought of changing some ACL for
> this non-priviledged user came up because I am using the CA ezArmor Suite
> ( Firewall / Anti-Virus ) to add some protection to my PC. Using the
> non-priviledged internet account I was not able to use the Autodownload
> feature to update the virus definitions because of missing priviledges. So
> it came up to me to change the ACLs in the softwares folder ( ..\CA\* )
> which worked out quit nice.
>
> But now to the problem: During the operation I was using the
> non-priviledged account and so had to use the runas command to have the
> needed priviledges to run cacls.exe .
>
> At the directory above the one I was going to chang I was using this
> command:
>
> d:\programs\security\ca\>runas /profile /user:<COMPNAME>\admin "cacls * /T
> /E /G VORDEFINIERT\Benutzer:F"
>
> ( note: I am using a german windows so I guess the VORDEFINIERT\Benutzer
> would be something like PREDEFINED\User in a english version )
>
> As expected after password input a commandline window was poping-up that
> performed the requested operations, but to my surprise it was working on
> the c:\windows\system32 directory and not as the expected one (
> d:\programs\security\ca\ ). So I did CTRL-C as fast as I could to stop
> the process, but of course was not fast enough.
>
> So now I have a windows\system32 directory with Full access for
> non-priviledged users which is quite annoying from the security
> perspective I wanted to improve by using the non-priviledged account for
> internet access.
>
> So my question is:
>
> Is there a way to restore the original ACL settings for the c:\windows\
> directory without a fresh install of the system ?
>
> Or an other way ? I know cacls.exe may do the job but how do you grant
> special rights only ( like GENERIC_READ, GENERIC_EXECUTE or
> FILE_GENERIC_READ ) which had been the original rights of some folders
> ( catroot ) for the non-priviledge user ?
>
>
> Thx for advice
> Tobias Alte
>
> --
How To Reset Security Settings Back to the Defaults (Windows XP)
http://support.microsoft.com/default.aspx?scid=kb;en-us;313222
- Next message: dms: "sp2 cd"
- Previous message: NoNoBadDog!: "Re: SP 1"
- In reply to: Tobias Alte: "Restore original ACL rights of ...\system32\* - how ?"
- Next in thread: Roger Abell [MVP]: "Re: Restore original ACL rights of ...\system32\* - how ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
