ACLs, partitions and users profiles

Discussion in 'Windows 7' started by balubeto, Jun 23, 2012.

  1. balubeto

    balubeto MDL Senior Member

    Dec 22, 2009
    461
    9
    10
    #1 balubeto, Jun 23, 2012
    Last edited by a moderator: Apr 20, 2017
    Hi

    In Windows7 SP1, I noticed that the ACLs of the root directory of a logical partition (D:) formatted NTFS are different from those of the root directory of the system partition (C:):

    Code:
    C:\Windows\system32>icacls c:\
    c:\ BUILTIN\Administrators:(F)
        BUILTIN\Administrators:(OI)(CI)(IO)(F)
        NT AUTHORITY\SYSTEM:(F)
        NT AUTHORITY\SYSTEM:(OI)(CI)(IO)(F)
        BUILTIN\Users:(OI)(CI)(RX)
        NT AUTHORITY\Authenticated Users:(OI)(CI)(IO)(M)
        NT AUTHORITY\Authenticated Users:(AD)
        Etichetta obbligatoria\Livello obbligatorio alto:(OI)(NP)(IO)(NW)
     
    Processing is complete for 1 file. Processing failed for file 0
     
    C:\Windows\system32>icacls d:\
    d:\ BUILTIN\Administrators:(F)
        BUILTIN\Administrators:(OI)(CI)(IO)(F)
        NT AUTHORITY\SYSTEM:(F)
        NT AUTHORITY\SYSTEM:(OI)(CI)(IO)(F)
        NT AUTHORITY\Authenticated Users:(M)
        NT AUTHORITY\Authenticated Users:(OI)(CI)(IO)(M)
        BUILTIN\Users:(RX)
        BUILTIN\Users:(OI)(CI)(IO)(GR,GE)
     
    Processing is complete for 1 file. Processing failed for file 0
    
    Why?

    If I were to move, in the logical partition, the users profiles (except the default profile) and the public directory, should I also change its ACLs to get a stable, secure and coherent or not?

    In particular, I wanted to know if these differences are caused solely from the partition type or if these work even on other levels of the system and users security.

    Thanks

    Bye
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...