Windows 7 ACLs, partitions and users profiles

balubeto

Extraordinary Member
Hi

In Windows7 SP1, I noticed that the ACLs of the root directory of a logical partition (D:) formatted NTFS are different from those of the root directory of the system partition (C:):

Code:
C:\Windows\system32>icacls c:\
c:\ BUILTIN\Administrators:(F)
    BUILTIN\Administrators:(OI)(CI)(IO)(F)
    NT AUTHORITY\SYSTEM:(F)
    NT AUTHORITY\SYSTEM:(OI)(CI)(IO)(F)
    BUILTIN\Users:(OI)(CI)(RX)
    NT AUTHORITY\Authenticated Users:(OI)(CI)(IO)(M)
    NT AUTHORITY\Authenticated Users:(AD)
    Etichetta obbligatoria\Livello obbligatorio alto:(OI)(NP)(IO)(NW)
 
Processing is complete for 1 file. Processing failed for file 0
 
C:\Windows\system32>icacls d:\
d:\ BUILTIN\Administrators:(F)
    BUILTIN\Administrators:(OI)(CI)(IO)(F)
    NT AUTHORITY\SYSTEM:(F)
    NT AUTHORITY\SYSTEM:(OI)(CI)(IO)(F)
    NT AUTHORITY\Authenticated Users:(M)
    NT AUTHORITY\Authenticated Users:(OI)(CI)(IO)(M)
    BUILTIN\Users:(RX)
    BUILTIN\Users:(OI)(CI)(IO)(GR,GE)
 
Processing is complete for 1 file. Processing failed for file 0

Why?

If I were to move, in the logical partition, the users profiles (except the default profile) and the public directory, should I also change its ACLs to get a stable, secure and coherent or not?

In particular, I wanted to know if these differences are caused solely from the partition type or if these work even on other levels of the system and users security.

Thanks

Bye
 
Last edited:
Back
Top