![]() |
![]() | ![]() | ![]() | ![]() | ![]() | ![]() | ![]() |
| Welcome to Windows Vista Forums. Our forum is dedicated to helping you find solutions with any problems, errors or issues you are experiencing with Windows Vista. The Vista forum also covers news and updates and has an extensive Windows Vista tutorial section that covers a wide range of tips and tricks. |
| |||||||
![]() |
| |
| | #1 (permalink) |
| | Permissions on SUBST.EXE, ATTRIB.EXE, et al getting reset For some reason, my Vista Enterprise system has reset permissions on a number of EXEs in the windows system32 dir and now I have to elevate to execute attrib.exe and subst.exe. This isn't the case on my home Vista Ultimate PC. What's even weirder is that when the perms get screwed up the properties dialog for that file looks like you are editing a .PIF file. It has a whole bunch of extra tabs related to console stuff. The following EXEs are affected: C:\Windows\System32\at.exe C:\Windows\System32\attrib.exe C:\Windows\System32\cacls.exe C:\Windows\System32\debug.exe C:\Windows\System32\DRWATSON.EXE C:\Windows\System32\edlin.exe C:\Windows\System32\eventcreate.exe C:\Windows\System32\ftp.exe C:\Windows\System32\net.exe C:\Windows\System32\net1.exe C:\Windows\System32\netsh.exe C:\Windows\System32\reg.exe C:\Windows\System32\regedt32.exe C:\Windows\System32\regsvr32.exe C:\Windows\System32\runas.exe C:\Windows\System32\sc.exe C:\Windows\System32\subst.exe C:\Windows\System32\telnet.exe Their ACLs are: AccessToString : NT AUTHORITY\INTERACTIVE Allow ReadAndExecute, Synchronize NT AUTHORITY\SYSTEM Allow FullControl BUILTIN\Administrators Allow FullControl And they should be: AccessToString : NT AUTHORITY\SYSTEM Allow ReadAndExecute, Synchronize BUILTIN\Administrators Allow ReadAndExecute, Synchronize BUILTIN\Users Allow ReadAndExecute, Synchronize NT SERVICE\TrustedInstaller Allow FullControl What's annoying the hell out of me is that: 1) I can't add TrustedInstallers back to the ACLs list - it says it doesn't exist 2) I add back Users with ReadAndExecute and a few days later that entry has been stripped out (again) Anybody have any idea what is going on? I suspect either Group Policy or System File Protection but I'm not sure how to find out if that is what is causing this. -- Keith |
My System Specs![]() |
| | #2 (permalink) |
| | RE: Permissions on SUBST.EXE, ATTRIB.EXE, et al getting reset Could there be a group policy that is setting these permissions? Do you have some third-party security guide installed? TrustedInstaller doesn't exist. It is a service, not a user. You would need to use icacls to add it to an ACL. --- Your question may already be answered in Windows Vista Security: http://www.amazon.com/gp/product/047...otectyourwi-20 "Keith Hill" wrote: Quote: > For some reason, my Vista Enterprise system has reset permissions on a > number of EXEs in the windows system32 dir and now I have to elevate to > execute attrib.exe and subst.exe. This isn't the case on my home Vista > Ultimate PC. What's even weirder is that when the perms get screwed up the > properties dialog for that file looks like you are editing a .PIF file. It > has a whole bunch of extra tabs related to console stuff. > > The following EXEs are affected: > > C:\Windows\System32\at.exe > C:\Windows\System32\attrib.exe > C:\Windows\System32\cacls.exe > C:\Windows\System32\debug.exe > C:\Windows\System32\DRWATSON.EXE > C:\Windows\System32\edlin.exe > C:\Windows\System32\eventcreate.exe > C:\Windows\System32\ftp.exe > C:\Windows\System32\net.exe > C:\Windows\System32\net1.exe > C:\Windows\System32\netsh.exe > C:\Windows\System32\reg.exe > C:\Windows\System32\regedt32.exe > C:\Windows\System32\regsvr32.exe > C:\Windows\System32\runas.exe > C:\Windows\System32\sc.exe > C:\Windows\System32\subst.exe > C:\Windows\System32\telnet.exe > > Their ACLs are: > > AccessToString : NT AUTHORITY\INTERACTIVE Allow ReadAndExecute, Synchronize > NT AUTHORITY\SYSTEM Allow FullControl > BUILTIN\Administrators Allow FullControl > > And they should be: > > AccessToString : NT AUTHORITY\SYSTEM Allow ReadAndExecute, Synchronize > BUILTIN\Administrators Allow ReadAndExecute, Synchronize > BUILTIN\Users Allow ReadAndExecute, Synchronize > NT SERVICE\TrustedInstaller Allow FullControl > > What's annoying the hell out of me is that: > > 1) I can't add TrustedInstallers back to the ACLs list - it says it doesn't > exist > 2) I add back Users with ReadAndExecute and a few days later that entry has > been stripped out (again) > > Anybody have any idea what is going on? I suspect either Group Policy or > System File Protection but I'm not sure how to find out if that is what is > causing this. > > -- > Keith > > > > > > > > |
My System Specs![]() |
![]() |
| Thread Tools | |
| |
Similar Threads | ||||
| Thread | Forum | |||
| Users group can't run attrib.exe or subst.exe | Vista account administration | |||
| Users can't run subst.exe or attrib.exe ?? | Vista file management | |||
| Admin permissions reset | Vista account administration | |||
| Reset Permissions | PowerShell | |||
| NTFS Security Permissions (HOW TO RESET?) | Vista security | |||