VISTA BUGS: Vista security

1) c:\documents and settings\Default User has a shortcut icon, where
does it really link to? microsoft forgot to put the real location on the
properties tab.

2) why did one the NEW Microsoft networking wizards set Deny / Everyone in
the Advanced Security tab for some of the core user folders on my system!

3) why is it so easy to now to get "inconsistant" folder security errors
when I'm trying to do complex but understandable security rights.

4) this is not new to microsoft.. look at some of these issues turning up in
MS Exchange..
http://support.microsoft.com/kb/823017

5) why should I have to search using DSACLS to locate all the DENY EVERYONE
bugs by Microsoft wizards..

6) i feel sorry for an end user.. they would have no choice but to reinstall
their system... me.. I'll debug it right down to machine code to resolve if
I have to lol





--
Regards,
Hamish Ahern.
http://www.limitless.co.nz/EvoScan
http://www.limitless.co.nz/Cables

The answers are in my article on ACLs in the June issue of TechNet Magazine.
The article is not live yet, but will be on newstands and at
http://www.microsoft.com/technet/tec...6/default.aspx
shortly. A longer version is in chapter 4 of the Vista Security Book (link
below).

The short version of the answer is that these junction points are there to
ensure that poorly written applications designed for Windows 2000 and XP do
not break. The ACL is there to wean people off using the old file system name
space.


---
Your question may already be answered in Windows Vista Security:
http://www.amazon.com/gp/product/047...otectyourwi-20


"Hamish Ahern" wrote:

> 1) c:\documents and settings\Default User has a shortcut icon, where
> does it really link to? microsoft forgot to put the real location on the
> properties tab.
>
> 2) why did one the NEW Microsoft networking wizards set Deny / Everyone in
> the Advanced Security tab for some of the core user folders on my system!
>
> 3) why is it so easy to now to get "inconsistant" folder security errors
> when I'm trying to do complex but understandable security rights.
>
> 4) this is not new to microsoft.. look at some of these issues turning up in
> MS Exchange..
> http://support.microsoft.com/kb/823017
>
> 5) why should I have to search using DSACLS to locate all the DENY EVERYONE
> bugs by Microsoft wizards..
>
> 6) i feel sorry for an end user.. they would have no choice but to reinstall
> their system... me.. I'll debug it right down to machine code to resolve if
> I have to lol
>
>
>
>
>
> --
> Regards,
> Hamish Ahern.
> http://www.limitless.co.nz/EvoScan
> http://www.limitless.co.nz/Cables
>
>
>

lol the short version answer could almost be mistaken for 'Vista is backwards compatible with poorly written applications by becoming one itself' :P

Actually that's a little bit harsh.. But I couldn't resist. I must admit Vista has seriously annoyed me recently, but what did I expect? a finished product!? Either way, it's a step in the right direction, and I look forward to the service pack (but please don't rush it MS just because multi-nationals are waiting for it before crossing over).

I do however have one question about Vista security, in all these years, why is the Remote Registry service still enabled by default? Does anyone even use it?

Nah, the errors I'm getting aren't mentioned in your book.. they are bugs
in the MS ACL system.. I can clearly see the numerous issues using a
debugger.

We'll have to wait for the servicepack to fix these things..



Regards,
Hamish Ahern.

--
Regards,
Hamish Ahern.
http://www.limitless.co.nz/EvoScan
http://www.limitless.co.nz/Cables
"Jesper" <Jesper@discussions.microsoft.com> wrote in message
news:04E0C50A-4FFA-46CC-98B2-CF799201B3CD@microsoft.com...
> The answers are in my article on ACLs in the June issue of TechNet
> Magazine.
> The article is not live yet, but will be on newstands and at
> http://www.microsoft.com/technet/tec...6/default.aspx
> shortly. A longer version is in chapter 4 of the Vista Security Book (link
> below).
>
> The short version of the answer is that these junction points are there to
> ensure that poorly written applications designed for Windows 2000 and XP
> do
> not break. The ACL is there to wean people off using the old file system
> name
> space.
>
>
> ---
> Your question may already be answered in Windows Vista Security:
> http://www.amazon.com/gp/product/047...otectyourwi-20
>
>
> "Hamish Ahern" wrote:
>
>> 1) c:\documents and settings\Default User has a shortcut icon, where
>> does it really link to? microsoft forgot to put the real location on the
>> properties tab.
>>
>> 2) why did one the NEW Microsoft networking wizards set Deny / Everyone
>> in
>> the Advanced Security tab for some of the core user folders on my system!
>>
>> 3) why is it so easy to now to get "inconsistant" folder security errors
>> when I'm trying to do complex but understandable security rights.
>>
>> 4) this is not new to microsoft.. look at some of these issues turning up
>> in
>> MS Exchange..
>> http://support.microsoft.com/kb/823017
>>
>> 5) why should I have to search using DSACLS to locate all the DENY
>> EVERYONE
>> bugs by Microsoft wizards..
>>
>> 6) i feel sorry for an end user.. they would have no choice but to
>> reinstall
>> their system... me.. I'll debug it right down to machine code to resolve
>> if
>> I have to lol
>>
>>
>>
>>
>>
>> --
>> Regards,
>> Hamish Ahern.
>> http://www.limitless.co.nz/EvoScan
>> http://www.limitless.co.nz/Cables
>>
>>
>>