In XP you used to be able to reset the NTFS permissions on a drive using using the secedit tool and the templates that MS provided. I can't see how to do this in Vista as there are no templates under c:\windows\security\templates any more and the defltbase.inf template in c:\windows\inf hardly touches any of the filesystem.
If you actually look at the contents of defltbase.inf it does have a lot entries for filesystem security but most of them are commented out with a semi-colon. It's the commented out ones for %systemroot% and %systemdirectory% that I'm interested in though. Why would MS put these entries in simply to comment them out.? It's not as if you can even edit the defltbase.inf file to change this either as Vista permissions don't allow it!
I'm i missing something here or is this strange setup by design?
I realise I can set these perms with group policy but would setting filesystem permissions for say C:\, and C:\windows not effect logon times for users big time?
Curiously, if you go to set filesystem permissions via GP, when the pop-up interface appears to allow you to set the permissions it automatically gives you the default permissions for CREATOR OWNER, SYSTEM, Administrators and Users in the DACL. Where are these permissions coming from?
05-05-2009
Similar Threads 
