Adding Other Boot's Computer Name to list of File Security Locations?

[Larry Lindstrom]

Hi Folks:

I'm still not having luck giving my Win7/64's account access to my
XP account's private folders and files on the same dual boot machine.

I hoped giving both boots the same computer name and both accounts
the same name might allow me to get away with it. But that hasn't worked.

When I open the folder's Properties - Security - Add (Group or user
names) I'm asked to select a location. But the only location available
is the active (XP) boot's computer name. Even if I use a different name
for the Win7 boot, how can I add it to this list?

I hope adding the other boot's computer name to the list will be the
first step in allowing me to share these private files.

I'd prefer to have both boots use the same computer name, but it's
OK if I need to use a different name when running Wini7.

Thanks
Larry

 

[Tim Meddick]

If you boot into an Administrator-level account in your Win7 OS - you
*should* have complete access to all files / folders on the XP drive /
partition!

However, if not then try the following....

First boot to XP

Then open Explorer at the root of drive [c:]

Right-click on the [c:] drive and choose "Properties" from the menu.

Click on the "Security" tab in "(C Properties"

Click on the "Advanced" button.

Locate in the user-list the user named "Everyone" (if there is not an entry
named "Everyone" then create one using the "Add" button).

Give the user "Everyone" Full-Control (i.e. double-click on the "Everyone"
item in the user-list and chackmark the box named "Full Control")

Make sure you change the "Apply onto" box is changed to apply to "This
folder, subfolders and files"

Press [ok] to exit.

It will take a few moments for the permissions to be re-set on the entire
drive.

Re-boot into Win7 and the entire XP drive will be completely accessible to
you.

==

Cheers, Tim Meddick, Peckham, London.

 

[Larry Lindstrom]

If you boot into an Administrator-level account in your Win7 OS - you
*should* have complete access to all files / folders on the XP drive /
partition!

However, if not then try the following....

First boot to XP

Then open Explorer at the root of drive [c:]

Right-click on the [c:] drive and choose "Properties" from the menu.

Click on the "Security" tab in "(C Properties"

Click on the "Advanced" button.

Locate in the user-list the user named "Everyone" (if there is not an
entry named "Everyone" then create one using the "Add" button).

Give the user "Everyone" Full-Control (i.e. double-click on the
"Everyone" item in the user-list and chackmark the box named "Full
Control")

Make sure you change the "Apply onto" box is changed to apply to "This
folder, subfolders and files"

Press [ok] to exit.

It will take a few moments for the permissions to be re-set on the
entire drive.

Re-boot into Win7 and the entire XP drive will be completely accessible
to you.

==

Cheers, Tim Meddick, Peckham, London.

Hi Folks:

I'm still not having luck giving my Win7/64's account access to my XP
account's private folders and files on the same dual boot machine.

I hoped giving both boots the same computer name and both accounts the
same name might allow me to get away with it. But that hasn't worked.

When I open the folder's Properties - Security - Add (Group or user
names) I'm asked to select a location. But the only location available
is the active (XP) boot's computer name. Even if I use a different
name for the Win7 boot, how can I add it to this list?

I hope adding the other boot's computer name to the list will be the
first step in allowing me to share these private files.

I'd prefer to have both boots use the same computer name, but it's OK
if I need to use a different name when running Wini7.

Thanks Tim:

I understand, and I can do that.

But these are private files. I want only my account on XP and my
account on the Win 7/64 boot to have full access to these files.

The computer has the same name and workgroup, and no domain, for
each boot. My account name is the same for each boot.

Under XP the folder's security is set to allow full access to
"larryl" on "DRAGON". But when I re-boot to Win 7 as "larryl" on a
computer named "DRAGON" I'm told I don't have access to those files.

While I'd like to keep both boot's named "DRAGON", I've tried
calling the Win7 boot "DRAGON_64", but attempting to add "DRAGON_64" for
that folder's Properties - Security - Add - Location.

But DRAGON_64 isn't a choice I'm offered.

So, is there some method to allow larryl on a Win7 boot that calls
this computer "DRAGON" to have the full access to larryl's private files
created on the XP boot?

I appreciate your attempt to help me.

Thanks
Larry

 

[Tim Meddick]

The fact you gave both OSs the same username / domain is irrelevant.

A username on a NT-based Windows OS, is, in effect, a friendly name.

For instance, My full username is "Tim" but if you look in the registry,
the computer knows me as user :
S-1-5-21-1957994488-1004336348-682003330-1003

....a unique ID!! Stands to reason doesn't it? As if there were no unique
ID assigned to simple user names, then everyone connected to a network who
happened to have the same username would be able to access each other's
files!!!

Is your Win7 account an administrator-level account?

If so, and you still can't gain access to the XP files, then do as I first
suggested, but instead of adding "Everyone" add "Administrators" (that's
Administrators NOT Administrator) to the users granted access from the root
of [c:] drive.

That way, normal users should not be able to gain access to the "private"
files, but as an admin-level user - you would!

By default, all files and folders on an XP drive, should have granted
access to the Administrators group, but if one has "made this folder
private" then I guess that the Administrators group may have been removed
from the granted user-list.

==

Cheers, Tim Meddick, Peckham, London.

If you boot into an Administrator-level account in your Win7 OS - you
*should* have complete access to all files / folders on the XP drive /
partition!

However, if not then try the following....

First boot to XP

Then open Explorer at the root of drive [c:]

Right-click on the [c:] drive and choose "Properties" from the menu.

Click on the "Security" tab in "(C Properties"

Click on the "Advanced" button.

Locate in the user-list the user named "Everyone" (if there is not an
entry named "Everyone" then create one using the "Add" button).

Give the user "Everyone" Full-Control (i.e. double-click on the
"Everyone" item in the user-list and chackmark the box named "Full
Control")

Make sure you change the "Apply onto" box is changed to apply to "This
folder, subfolders and files"

Press [ok] to exit.

It will take a few moments for the permissions to be re-set on the
entire drive.

Re-boot into Win7 and the entire XP drive will be completely accessible
to you.

==

Cheers, Tim Meddick, Peckham, London.

Hi Folks:

I'm still not having luck giving my Win7/64's account access to my XP
account's private folders and files on the same dual boot machine.

I hoped giving both boots the same computer name and both accounts the
same name might allow me to get away with it. But that hasn't worked.

When I open the folder's Properties - Security - Add (Group or user
names) I'm asked to select a location. But the only location available
is the active (XP) boot's computer name. Even if I use a different
name for the Win7 boot, how can I add it to this list?

I hope adding the other boot's computer name to the list will be the
first step in allowing me to share these private files.

I'd prefer to have both boots use the same computer name, but it's OK
if I need to use a different name when running Wini7.

Thanks Tim:

I understand, and I can do that.

But these are private files. I want only my account on XP and my
account on the Win 7/64 boot to have full access to these files.

The computer has the same name and workgroup, and no domain, for each
boot. My account name is the same for each boot.

Under XP the folder's security is set to allow full access to "larryl"
on "DRAGON". But when I re-boot to Win 7 as "larryl" on a computer named
"DRAGON" I'm told I don't have access to those files.

While I'd like to keep both boot's named "DRAGON", I've tried calling
the Win7 boot "DRAGON_64", but attempting to add "DRAGON_64" for that
folder's Properties - Security - Add - Location.

But DRAGON_64 isn't a choice I'm offered.

So, is there some method to allow larryl on a Win7 boot that calls
this computer "DRAGON" to have the full access to larryl's private files
created on the XP boot?

I appreciate your attempt to help me.

Thanks
Larry

 

[Larry Lindstrom]

The fact you gave both OSs the same username / domain is irrelevant.

A username on a NT-based Windows OS, is, in effect, a friendly name.

For instance, My full username is "Tim" but if you look in the registry,
the computer knows me as user :
S-1-5-21-1957994488-1004336348-682003330-1003

...a unique ID!! Stands to reason doesn't it? As if there were no unique
ID assigned to simple user names, then everyone connected to a network
who happened to have the same username would be able to access each
other's files!!!

Thanks again Tim:

That does make sense, which is probably the reason your following
suggestion isn't working.

Is your Win7 account an administrator-level account?
Yes.

If so, and you still can't gain access to the XP files, then do as I
first suggested, but instead of adding "Everyone" add "Administrators"
(that's Administrators NOT Administrator) to the users granted access
from the root of [c:] drive.

I did, and that doesn't work either. Probably for the same reason
simple user names don't work. I'm guessing the "Administrators" group
on the XP boot has a different SID from "Administrators" on the Win7
boot. Otherwise, it would be setting itself up for the same
vulnerability you describe above. All "Administrators" group users of
that computer would have access to all files of any computer that grant
access to "Administrators".

When setting up file permissions, with <Properties - Security - Add
- From this location - Add>. The only location is "DRAGON". I'm
guessing this identifies a computer. For some reason my other XP, a
MediaCenter PC, "TFA", is not in the list of locations, even though it
is available in Window Explore "My Network Places".

Just curious, how would I get "TFA", the other PC's name, in that
location list.

That's why the subject for this thread is what it is.

Perhaps I misunderstand the purpose of the location list. If I can
get the Win7 Boot computer referenced in the locations list, is that a
first step in granting these permissions?

As stated, I appreciate your assistance.

Thanks
Larry

 

[Tim Meddick]

Security "Groups" aren't assigned SIDs - only "Users" - that's why I
stressed adding the "Administrators" Group to the user-list and NOT the
(built-in) user named "Administrator"

Please note again the difference :

Administrators = YES
Administrator = NO

==

Cheers, Tim Meddick, Peckham, London.

The fact you gave both OSs the same username / domain is irrelevant.

A username on a NT-based Windows OS, is, in effect, a friendly name.

For instance, My full username is "Tim" but if you look in the registry,
the computer knows me as user :
S-1-5-21-1957994488-1004336348-682003330-1003

...a unique ID!! Stands to reason doesn't it? As if there were no unique
ID assigned to simple user names, then everyone connected to a network
who happened to have the same username would be able to access each
other's files!!!

Thanks again Tim:

That does make sense, which is probably the reason your following
suggestion isn't working.

Is your Win7 account an administrator-level account?
Yes.

If so, and you still can't gain access to the XP files, then do as I
first suggested, but instead of adding "Everyone" add "Administrators"
(that's Administrators NOT Administrator) to the users granted access
from the root of [c:] drive.

I did, and that doesn't work either. Probably for the same reason
simple user names don't work. I'm guessing the "Administrators" group on
the XP boot has a different SID from "Administrators" on the Win7 boot.
Otherwise, it would be setting itself up for the same vulnerability you
describe above. All "Administrators" group users of that computer would
have access to all files of any computer that grant access to
"Administrators".

When setting up file permissions, with <Properties - Security - Add -
From this location - Add>. The only location is "DRAGON". I'm guessing
this identifies a computer. For some reason my other XP, a MediaCenter
PC, "TFA", is not in the list of locations, even though it is available
in Window Explore "My Network Places".

Just curious, how would I get "TFA", the other PC's name, in that
location list.

That's why the subject for this thread is what it is.

Perhaps I misunderstand the purpose of the location list. If I can
get the Win7 Boot computer referenced in the locations list, is that a
first step in granting these permissions?

As stated, I appreciate your assistance.

Thanks
Larry

 

[Larry Lindstrom]

Security "Groups" aren't assigned SIDs - only "Users" - that's why I
stressed adding the "Administrators" Group to the user-list and NOT the
(built-in) user named "Administrator"

Please note again the difference :

Administrators = YES
Administrator = NO

Thanks Again Tim:

Still no luck.

I went into the drive's root properties, this is actually drive D:,
separate from my C: drive with the system on it.

<Properties - Security - Add>

I've tried different combinations for this window's
"Object Types", this time I left "Built-in security
principals", "Groups" and "Users" all checked.

Then I pasted "Administrators" into the "Enter the
object names to select"

This resulted in the "Group or user names" list adding:

Administrators (DRAGON\Administrators)

I then shut down XP and booted Win7.

The MMC (Microsoft Management Console) was run and "larryl" was
added to the "Administrators" group.

And still no luck.

I have PNG screenshots of all of this. I'm reluctant to post these
in a newsgroup like this. But I can post them if you think it would be
OK, or I could put them on my web page if you think that might be helpful.

I need to spend a day or two on another project. I'll try to keep
an eye on this thread, but responses may be a bit slow.

Thanks
Larry

 

[John John - MVP]

Thanks Again Tim:

Still no luck.

You can't have it both ways, Larry, private is private, either the files
are private or they are not. There is no "peeking" at private folders
and there are no varying levels of privacy, it's all or nothing. From
Windows 7 you would need to take ownership of the folder then grant
yourself adequate access rights to the objects within. I can only
suggest that you use standard NTFS permissions to control access to the
files or that you use encryption or a third party solution. Be sure
that you understand the risks of file loss if you decide to use NTFS
encryption!

John

 

[Tim Meddick]

John - the way I see it (the OP's problem) is this ;

I am well aware that he does not want to dismiss the current "private"
status of the XP folders on a dual-boot system.

However, as far as I am aware, making folders "private" does [should] *not*
make those XP folders inaccessible to a user on the Win7 OS who is a member
of the Administrators group!

Members of the Administrators group, on any (previous) NT-based OS, have
access across dual-boot systems, to *any* files and folders on drives
belonging to their opposing OS.

The OP has made sure (partly on my advice) that the folders in question
have been granted Administrators-Group full-access while in the XP OS -
Then, still cannot access those same folders in an Administrator-level user
on the Win7 OS.

Can you explain this anomaly, or do you think this is normal?

==

Cheers, Tim Meddick, Peckham, London.

 

[Tim Meddick]

Anyone using M$ Outlook Express as their news reader, will be able to view
any images that you post - be they in-line (as part of the text) or as an
attachment - makes no difference.

Many others will be able to view any images you include as well.

Although, I am obliged to stress that it is strictly *not* what is termed;
accepted "netiquette".

However, for expediency, if you did make an exception, and post any images,
I personally would like to see them (an am able to view them as I use
M$-OE)...

==

Cheers, Tim Meddick, Peckham, London.

 

[John John - MVP]

No, only the Owner and System have permissions on private folders, they
are off limit for all other users, including Administrators! To access
the files you have to seize ownership of the folders under guise of the
System account. Also, this "Make this Folder Private" option is only
available when Simple File Sharing is turned on, but the folder will
remain private as long as it isn't changed again, disabling Simple File
Sharing does not change the private status of the folder.

If you are using XP Pro disable Simple File Sharing and take a look at
and make note of the permissions on one of your folders in your profile
directory. Then enable simplified file sharing and make the folder
private. Then disable Simple File Sharing again (to access the Security
Tab) and take another look at the permissions. To remove the "private"
status enable SFS again. You can also use the CACLS command to verify
the permissions, for XP Home this is the easiest way, run calcs on the
folder then make the folder private and run the cacls command again and
compare the results, typically it will be like this:


Without Private folder:

C:\>cacls "C:\Documents and Settings\Jean-Guy"
C:\Documents and Settings\Jean-Guy NT AUTHORITY\SYSTEM:F
NT AUTHORITY\SYSTEMOI)(CI)(IO)F
JGZ-HOME\Jean-Guy:F
JGZ-HOME\Jean-GuyOI)(CI)(IO)F
BUILTIN\Administrators:F
BUILTIN\AdministratorsOI)(CI)(IO)F

Private folder enabled:

C:\>cacls "C:\Documents and Settings\Jean-Guy"
C:\Documents and Settings\Jean-Guy NT AUTHORITY\SYSTEM:F
NT AUTHORITY\SYSTEMOI)(CI)(IO)F
JGZ-HOME\Jean-Guy:F
JGZ-HOME\Jean-GuyOI)(CI)(IO)F


Larry will have to rely on a different solution to protect his files
while making them available on the other Windows installation.

See here for more information:
http://support.microsoft.com/kb/304040

John

John - the way I see it (the OP's problem) is this ;

I am well aware that he does not want to dismiss the current "private"
status of the XP folders on a dual-boot system.

However, as far as I am aware, making folders "private" does [should]
*not* make those XP folders inaccessible to a user on the Win7 OS who is
a member of the Administrators group!

Members of the Administrators group, on any (previous) NT-based OS, have
access across dual-boot systems, to *any* files and folders on drives
belonging to their opposing OS.

The OP has made sure (partly on my advice) that the folders in question
have been granted Administrators-Group full-access while in the XP OS -
Then, still cannot access those same folders in an Administrator-level
user on the Win7 OS.

Can you explain this anomaly, or do you think this is normal?

==

Cheers, Tim Meddick, Peckham, London.

You can't have it both ways, Larry, private is private, either the
files are private or they are not. There is no "peeking" at private
folders and there are no varying levels of privacy, it's all or
nothing. From Windows 7 you would need to take ownership of the
folder then grant yourself adequate access rights to the objects
within. I can only suggest that you use standard NTFS permissions to
control access to the files or that you use encryption or a third
party solution. Be sure that you understand the risks of file loss if
you decide to use NTFS encryption!

John

 

[Tim Meddick]

John, I keep telling you, the OP has MANUALLY REPLACED the "Administrators"
group in his WinXP installation, and granted it full-access for those
"private" folders!!

But STILL cannot access them with an user belonging to the "Administrators"
group in Win7!

==

Cheers, Tim Meddick, Peckham, London.

 

[Larry Lindstrom]

John, I keep telling you, the OP has MANUALLY REPLACED the
"Administrators" group in his WinXP installation, and granted it
full-access for those "private" folders!!

But STILL cannot access them with an user belonging to the
"Administrators" group in Win7!

==

Cheers, Tim Meddick, Peckham, London.

Thanks Again Tim and John:

First, perhaps I have my nomenclature wrong. Is "private" some
special flag or designation of a particular kind of file or folder?

Other people will occasionally be using this PC. I'd like to have
some files that only I can read or modify. I'd like these available
only "larryl" on either XP or Win7. This is the meaning I attach to the
word "Private".

I will be the only administrator of this PC, so allowing only
"administrators" access should be safe enough. I'm curious as to why I
can't do the same with "larryl" when accompanied with a location that
specifies the Win7 boot of this machine.

I'll be posting the screen shots in another post.

Thanks
Larry

 

[John John - MVP]

He also needs to replace the inheritance flag on all the files and
folders within the folder hierarchy, he has to propagate and replace
permissions entries on all child objects.

John

 

[Tim Meddick]

Agreed...

==

Cheers, Tim Meddick, Peckham, London.

 

[Tim Meddick]

The term "Private" is a Windows term - used when creating a new profile (a
new user), you are asked : "Do you want to make your files and folders
private?" and if you answer "Yes" to this ; the system automatically
re-sets file and folder security permissions to REMOVE the
"Administrator's" group access to that user's profile and, ergo, their "My
Documents" folder also.

That will just leave the "user" and "SYSTEM" as the only users granted
access.

From what you have been posting, I believe that you have a competent grasp
of the security file and folder permissions and how to add / remove users /
groups from them.

As John has been saying (in this thread), you need to not only add the
"Administrator's" group (with full-access granted to it) to the folder that
contains all the folders / files you want to be able to access in a Win7
admin-level account, but also, tick the box labelled :

"Inherit from parent the permission entries that apply to child objects.
Include these with entries explicitly defined here"

....the word "parent" in this instance, refers to the folder you are
changing permissions on - i.e. the current folder.

*NB Once a folder has the "Administrator's" group added to it's security
permissions, and with all the granted access boxes ticked (i.e. full-access
granted to it) - then ANY user that is a member of the "Administrator's"
group in ANY Windows version, can then have access to it - not only the
operating system in which the folder was created / set permissions, but ANY
version of Windows that can "see" the drive the folder is on.

As you by now may realise; this is NOT so for the user named
"Administrator" - as this user, though named "Administrator" , has a
unique SID assigned to it - not so with groups.

In fact - that IS the reason for "groups" in NTFS file-system security.

==

Cheers, Tim Meddick, Peckham, London.

 

[Larry Lindstrom]

Agreed...

==

Cheers, Tim Meddick, Peckham, London.

Thanks Again Tim and John:

I'm sorry I've abandoned my own thread. I've been overwhelmed with
a tide of work.

At this point I'm wondering. I've loaded Win7/64 on that other
drive. It's been useful for running remote assistant on my client's
Win7 system.

Any reason not to move everything over to Win7 as my base system,
and just use the XP partition for compatibility testing?

Thanks
Larry