ACLs, partitions and users profiles

balubeto

Well-Known Member
#1
Hi

In Windows7 SP1, I noticed that the ACLs of the root directory of a logical partition (D:) formatted NTFS are different from those of the root directory of the system partition (C:):

Code:
C:\Windows\system32>icacls c:\
c:\ BUILTIN\Administrators:(F)
    BUILTIN\Administrators:(OI)(CI)(IO)(F)
    NT AUTHORITY\SYSTEM:(F)
    NT AUTHORITY\SYSTEM:(OI)(CI)(IO)(F)
    BUILTIN\Users:(OI)(CI)(RX)
    NT AUTHORITY\Authenticated Users:(OI)(CI)(IO)(M)
    NT AUTHORITY\Authenticated Users:(AD)
    Etichetta obbligatoria\Livello obbligatorio alto:(OI)(NP)(IO)(NW)
 
Processing is complete for 1 file. Processing failed for file 0
 
C:\Windows\system32>icacls d:\
d:\ BUILTIN\Administrators:(F)
    BUILTIN\Administrators:(OI)(CI)(IO)(F)
    NT AUTHORITY\SYSTEM:(F)
    NT AUTHORITY\SYSTEM:(OI)(CI)(IO)(F)
    NT AUTHORITY\Authenticated Users:(M)
    NT AUTHORITY\Authenticated Users:(OI)(CI)(IO)(M)
    BUILTIN\Users:(RX)
    BUILTIN\Users:(OI)(CI)(IO)(GR,GE)
 
Processing is complete for 1 file. Processing failed for file 0
Why?

If I were to move, in the logical partition, the users profiles (except the default profile) and the public directory, should I also change its ACLs to get a stable, secure and coherent or not?

In particular, I wanted to know if these differences are caused solely from the partition type or if these work even on other levels of the system and users security.

Thanks

Bye
 


Last edited:
This website is not affiliated, owned, or endorsed by Microsoft Corporation. It is a member of the Microsoft Partner Program.