Re: Resetting C-drive permissions w/o damaging data, apps, user pr
- From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 22 Dec 2005 18:22:16 -0600
Sounds good. If you get time let me know if it does what you need or
t. --- Steve
"Al Small" <AlSmall@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:D99023D4-9A1F-4F30-9A87-5E26CB0B402D@xxxxxxxxxxxxxxxx
> Steve--Thank you; I plan to follow your suggestion and use secedit with
> the
> areas filestore switch. Wishing you the blessing of Christmas--Al
>
> "Steven L Umbach" wrote:
>
>> I believe the KB article will use a security template that is in the
>> \windows\repair folder that is used during computer original
>> configuration
>> and probably is closer to what default setting would be than setup
>> security.inf. You could compare the two security templates with the
>> Security
>> Configuration and Analysis mmc snapin or viewing them with the Security
>> template mmc snapin. Either way you may want to use the /areas filestore
>> switch to change just file permissions. --- Steve
>>
>>
>> "Al Small" <AlSmall@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:A3091279-1332-446C-B4CB-2F73D51C3EE9@xxxxxxxxxxxxxxxx
>> > Steve--Thank you; secedit is sounding better, but under the
>> > circumstances
>> > which is the better solution, "secedit" or "setup security.inf" the
>> > predefined security template? Will either do the job? If so, what are
>> > pros
>> > and cons of each?--Al
>> >
>> > "Steven L Umbach" wrote:
>> >
>> >> You can go ahead an use secedit as described in the KB but you may
>> >> find
>> >> that
>> >> user/group permissions that you had defined to be other than default
>> >> probably will be changed back to default which is a fairly secure
>> >> setup
>> >> but
>> >> may deny access to non default groups that you have added. An
>> >> administer
>> >> will be able to logon to run/configure applications and manage
>> >> Ls. ---
>> >> Steve
>> >>
>> >>
>> >> "Al Small" <AlSmall@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> >> news:5B3D539F-A2DD-4682-B024-14EC0DAD3CF5@xxxxxxxxxxxxxxxx
>> >> > Ian--Thank you for sharing your experience with SECEDIT on
>> >> > FAT-to-NTFS,
>> >> > but I
>> >> > think our new machines came formatted NTFS--Simple Permissions
>> >> > (that's
>> >> > not
>> >> > FAT is it?), and I changed settings to NTFS--Special Permissions.
>> >> >
>> >> > I agree with your advice to change only Sharing Permissions and not
>> >> > NTFS
>> >> > Security Permissions. But I think the problem is not that I changed
>> >> > security
>> >> > permissions just for user Documents and Settings but for the entire
>> >> > "C"-drive, and I mistakenly pushed those changes down via
>> >> > inheritance
>> >> > to
>> >> > folders/files in all sub-directories, including Program Files and
>> >> > Windows!
>> >> > (My advice to others: never tamper while ignorant and tired.)
>> >> >
>> >> > So before I create a bigger problem, I need to know if there is
>> >> > anything I
>> >> > should know about using SECEDIT to reset defaults? For example,
>> >> > will
>> >> > I
>> >> > need
>> >> > to reload apps?
>> >> >
>> >> > --
>> >> > aws
>> >> >
>> >> >
>> >> > "Ian" wrote:
>> >> >
>> >> >> > KB 313222
>> >> >>
>> >> >> Tried this on a test machine, and it did what it was supposed to.
>> >> >> HST
>> >> >> this
>> >> >> machine had no NTFS permissions (was setup on FAT and converted)
>> >> >> not
>> >> >> sure if
>> >> >> the same would apply with unusual permissions set.
>> >> >>
>> >> >> As for the difference -- not sure.
>> >> >>
>> >> >> For controlling access to shares I'd always advocate using share
>> >> >> permissions. Share permissions are more limited in scope, but
>> >> >> behave
>> >> >> more
>> >> >> predictably. The problem with folder-permissions is that they
>> >> >> 'stick
>> >> >> to'
>> >> >> files when the files are transferred elsewhere within the same
>> >> >> tree,
>> >> >> and
>> >> >> this
>> >> >> causes no end of confusion.
>> >> >>
>> >> >> If you _are_ going to set folder-permissions, then the classic
>> >> >> pitfall
>> >> >> is
>> >> >> to
>> >> >> forget to include the Administrator(s) in the ACL. Make this
>> >> >> mistake
>> >> >> in a
>> >> >> good few places, and you'll find you've made yourself a load of
>> >> >> grief.
>> >> >> The
>> >> >> other thing to be careful of is not to create a situation in which
>> >> >> the
>> >> >> contents can't be read under whatever account the system-backup
>> >> >> runs.
>> >> >> This is
>> >> >> less likely with tape but very possible with disk-to-disk (NAS)
>> >> >> backup.
>> >> >>
>> >> >>
>> >>
>> >>
>> >>
>>
>>
>>
.
- Follow-Ups:
- References:
- Re: Resetting C-drive permissions w/o damaging data, apps, user pr
- From: Steven L Umbach
- Re: Resetting C-drive permissions w/o damaging data, apps, user pr
- From: Al Small
- Re: Resetting C-drive permissions w/o damaging data, apps, user pr
- From: Steven L Umbach
- Re: Resetting C-drive permissions w/o damaging data, apps, user pr
- From: Al Small
- Re: Resetting C-drive permissions w/o damaging data, apps, user pr
- Prev by Date: Re: Domain group policy problem!!!Help me!!
- Next by Date: Re: Windows XP User Accounts C/P Applet
- Previous by thread: Re: Resetting C-drive permissions w/o damaging data, apps, user pr
- Next by thread: Re: Resetting C-drive permissions w/o damaging data, apps, user pr
- Index(es):
Relevant Pages
|
Loading
