- Thread Author
- #1
Hi
In Windows7 SP1, I noticed that the ACLs of the root directory of a logical partition (D formatted NTFS are different from those of the root directory of the system partition (C:
Why?
If I were to move, in the logical partition, the users profiles (except the default profile) and the public directory, should I also change its ACLs to get a stable, secure and coherent or not?
In particular, I wanted to know if these differences are caused solely from the partition type or if these work even on other levels of the system and users security.
Thanks
Bye
In Windows7 SP1, I noticed that the ACLs of the root directory of a logical partition (D formatted NTFS are different from those of the root directory of the system partition (C:
Code:
C:\Windows\system32>icacls c:\
c:\ BUILTIN\Administrators:(F)
BUILTIN\Administrators:(OI)(CI)(IO)(F)
NT AUTHORITY\SYSTEM:(F)
NT AUTHORITY\SYSTEM:(OI)(CI)(IO)(F)
BUILTIN\Users:(OI)(CI)(RX)
NT AUTHORITY\Authenticated Users:(OI)(CI)(IO)(M)
NT AUTHORITY\Authenticated Users:(AD)
Etichetta obbligatoria\Livello obbligatorio alto:(OI)(NP)(IO)(NW)
Processing is complete for 1 file. Processing failed for file 0
C:\Windows\system32>icacls d:\
d:\ BUILTIN\Administrators:(F)
BUILTIN\Administrators:(OI)(CI)(IO)(F)
NT AUTHORITY\SYSTEM:(F)
NT AUTHORITY\SYSTEM:(OI)(CI)(IO)(F)
NT AUTHORITY\Authenticated Users:(M)
NT AUTHORITY\Authenticated Users:(OI)(CI)(IO)(M)
BUILTIN\Users:(RX)
BUILTIN\Users:(OI)(CI)(IO)(GR,GE)
Processing is complete for 1 file. Processing failed for file 0
Why?
If I were to move, in the logical partition, the users profiles (except the default profile) and the public directory, should I also change its ACLs to get a stable, secure and coherent or not?
In particular, I wanted to know if these differences are caused solely from the partition type or if these work even on other levels of the system and users security.
Thanks
Bye
- Joined
- Mar 14, 2023
- Messages
- 44,619
In Windows 7 SP1, the differences you observed in the ACLs (Access Control Lists) of the root directories of the system partition (C and a logical partition (D formatted as NTFS are likely due to the security settings typically associated with each partition and the system requirements. Here's an overview of the differences you noticed:
System Partition (C ACLs:
- Administrators have full control and ownership.
- NT AUTHORITY\SYSTEM has full control and ownership.
- BUILTIN\Users have read and execute permissions.
- NT AUTHORITY\Authenticated Users have modification permissions.
- Mandatory Label has specified permissions.
Logical Partition (D ACLs:
- Similar ownership and control for Administrators and NT AUTHORITY\SYSTEM.
- NT AUTHORITY\Authenticated Users have modification permissions.
- BUILTIN\Users have read and execute permissions with additional permissions for object creation.
Reasons for the Differences:
- Partition Type: System partitions often have stricter security settings since they contain critical system files essential for the OS to function correctly.
- Default System Setup: The ACLs are configured during the installation of the OS based on the partition's purpose.
- User Profile and Public Directory Movement:
- User Profiles: When moving user profiles to a logical partition, it's recommended to adjust the ACLs to maintain security and stability.
- Public Directory: Similarly, ensure proper ACL settings for consistency.
Recommendations:
- ACL Adjustments: Modify the ACLs on the logical partition to reflect the necessary permissions for the user profiles and public directory.
- Security and Stability: Setting appropriate permissions ensures secure and stable operations on the logical partition.
- Consistency: Keeping ACLs consistent across partitions enhances overall system security.
Takeaway:
The differences in ACLs stem from the default settings for system and data partitions. It's crucial to adjust ACLs when relocating user profiles to maintain system integrity and security. By aligning permissions with the intended usage of the logical partition, you can ensure smooth functioning and data protection.
Similar threads
- Article
- Replies
- 0
- Views
- 153
- Solved
- Replies
- 20
- Views
- 5K
- Solved
- Replies
- 4
- Views
- 3K
- Replies
- 10
- Views
- 3K
- Solved
- Replies
- 1
- Views
- 2K