c:\ drive permissions

G

Guest

The Desktop team in our department has been deploying PC’s with the C:\ drive
permissions changed. They thought it would be convenient for the user if
everyone had full control of the entire c:\ drive.
I now need to return the c:\ drive permissions back to winxp standard. If I
go the advances security tab for the c:\ drive and edit the permissions for
the “everyone†group and change the "Everyone" permission to:
Traverse Folder / Execute File
List folder / Read Data
Read Attributes
Read Extended Attributes
Read Permissions
I then Select “This Folder Only†in the “Apply onto†drop down menu.
Now the sub directories now longer inherit the “everyone†group permissions.

Since I need this done on several hundred PC’s I have been testing
subinacl.exe
I ran the following command on a fresh winxp install to get a backup of the
default c:\ drive permissions:
subinacl /noverbose /output=c:\aclbackups.txt /file c:\

I then ran “subinacl /playfile c:\aclbackups.txt†on a PC that had the c:\
permissions changed.
The command changed the c:\ permissions back to base winxp c:\ drive
permissions but the sub folders still had inherited the “everyone†group full
control. On the advanced permissions tab of a sub directory the “Inherited
From†section showed “Parent Object†instead of “C:\â€

Any ideas on how I can change the C:\ drive and sub directories back to
winxp base permissions would be greatly appreciated.
Thanks
Nathan
 
G

Guest

Unfortunately the PC’s are still in a NT 4 Domain. I have no way of deploying
the security policy via gpo. I need to find a scriptable solution.
Thanks
Nathan
 
D

David Candy

What has GPO's got to do with it. secedit applies these templates. That is scriptable. But you need to check that it can fix what you did.
 
G

Guest

Thank you. Do have any examples on how to apply security templates via
secedit or a link to a good white paper.
Nathan
 
D

David Candy

It's all in help. I've never used it because I have never changed system permissions (well maybe on my computer not on a network). When I make changes like your IT dept I apply at the lowest level.

Syntax
secedit /configure /db FileName [/cfg FileName ] [/overwrite][/areas area1 area2...] [/log FileName] [/quiet]
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

User Permissions when Networking from Vista laptop 1
Wrong Permissions of C Drive 4
Can't view files in Recovery Partition of :D drive. 1
Fixing up messed up permissions on C: 3
Help with permissions (CACLS). 3
STUMPED: Sharing Issue on "My Documents" folder 3
Windows Installer MSI Package Won't Run 0
Access denied to Outlook 2003 pst file 2

Top