ACL Checker?

[Wm. Scott Miller]

I've been having issues creating a new account on my Windows XP machine (all
latest updates installed). The issue was due to a incorrect ACL on a file
in my windows/system32 directory. I never touched this file directly, so
I'm thinking some installation did it as part of its install routine (most
likely overwritting the file and it getting a default set of ACLs). I have
"Use simple file sharing (Recommended)" turned off. I'm concerned that
something else is amiss and would like to find it or verify that my ACLs are
"what they should be". What I'm wondering is if there is a tool that will
check the ACLs on "expected" files to see if they are correct and/or correct
incorrectly set ACLs?

Thanks,
Scott

 

[johnsuth]

I've been having issues creating a new account on my Windows XP machine (all
latest updates installed). The issue was due to a incorrect ACL on a file
in my windows/system32 directory. I never touched this file directly, so
I'm thinking some installation did it as part of its install routine (most
likely overwritting the file and it getting a default set of ACLs). I have
"Use simple file sharing (Recommended)" turned off. I'm concerned that
something else is amiss and would like to find it or verify that my ACLs are
"what they should be". What I'm wondering is if there is a tool that will
check the ACLs on "expected" files to see if they are correct and/or correct
incorrectly set ACLs?

Given that you can change ACLs to suit your own requirements, how would any tool know what was "correct"?

 

[Wm. Scott Miller]

Install Windows. Apply all Service Packs and updates. That I figure would
be the "baseline" for checking. If any has changed from that (especially in
the Windows or System32 directories) I'd like to know (or harden the
security from that and record that). Not only that, but Microsoft seems to
have very similar permissions on almost every file in those directories (see
my other post) and these can simply be recorded by file type with exceptions
listed, which could handle files install not on the baseline system. Or how
about a tool that checks the ACLs of a system to see if there are any holes
that allow users to do things in places they shouldn't. For example, would
you give a user full control of the Windows directory? Of course not. And
I'm sure you would just be thrilled to the bone to have to check all the
ACLs on an entire server or workstation to make sure it does not have any
security holes. How about 1000 servers and workstations? If you were given
such a task, what tool(s) would you be inclined to use?

I just think that it would be a good tool to have, and was wondering if it
already existed.

Scott

 

[Colin Nash [MVP]]

I've been having issues creating a new account on my Windows XP machine
(all latest updates installed). The issue was due to a incorrect ACL on a
file in my windows/system32 directory. I never touched this file
directly, so I'm thinking some installation did it as part of its install
routine (most likely overwritting the file and it getting a default set of
ACLs). I have "Use simple file sharing (Recommended)" turned off. I'm
concerned that something else is amiss and would like to find it or verify
that my ACLs are "what they should be". What I'm wondering is if there is
a tool that will check the ACLs on "expected" files to see if they are
correct and/or correct incorrectly set ACLs?

Thanks,
Scott

Well, here's how to set them back to the defaults...

http://support.microsoft.com/?kbid=313222

(for all security settings, but you can choose to do just file permissions
as the article explains)

 

[Wm. Scott Miller]

Colin:

Thanks for the great link. Quick question though: Does that reset them
back to just install of Windows or does it know of changes made by SPs and
updates as well?

Scott