These two may help.
http://www.microsoft.com/technet/pro....mspx?mfr=true
http://technet2.microsoft.com/Window....mspx?mfr=true
--
Regards,
Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect
"Will" wrote:
> Can someone tell me for Windows 2000 and Windows XP, what are the default
> permissions on the user's hive tree (HKCU in regedit)? And importantly I
> want to know do those permissions inherit from the top of the hive all the
> way to the bottom, or are there places in the middle or bottom parts of
> the
> tree that stop inheriting and hardcode their own ACL?
>
> I need to know this in detail to help support movement of profiles from
> local to domain users. We have followed the common guidance about the
> ProfileList SID entries in HKLM and changing the profile they point to.
> This trick has worked perfectly for us for Windows 2003 servers. But on
> Windows XP computers we are still missing something. Many times even
> for
> an administrative domain user, the HKLM ProfileList SID changes by adding
> a
> .BAK at the end. Ther domain user login starts to use a Documents &
> Settings\TEMP Profile as well. Since the Domain user is being given
> Full
> Control access to the new profile directory in the ACL, I'm suspecting
> that
> the different behavior in XP may be due to some permissions in the ACL for
> the registry entries in the user hive stored in the profile directory.
>
> --
> Will
>
>
Similar Threads
