c:\ drive permissions

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

The Desktop team in our department has been deploying PC’s with the C:\ drive
permissions changed. They thought it would be convenient for the user if
everyone had full control of the entire c:\ drive.
I now need to return the c:\ drive permissions back to winxp standard. If I
go the advances security tab for the c:\ drive and edit the permissions for
the “everyone†group and change the "Everyone" permission to:
Traverse Folder / Execute File
List folder / Read Data
Read Attributes
Read Extended Attributes
Read Permissions
I then Select “This Folder Only†in the “Apply onto†drop down menu.
Now the sub directories now longer inherit the “everyone†group permissions.

Since I need this done on several hundred PC’s I have been testing
subinacl.exe
I ran the following command on a fresh winxp install to get a backup of the
default c:\ drive permissions:
subinacl /noverbose /output=c:\aclbackups.txt /file c:\

I then ran “subinacl /playfile c:\aclbackups.txt†on a PC that had the c:\
permissions changed.
The command changed the c:\ permissions back to base winxp c:\ drive
permissions but the sub folders still had inherited the “everyone†group full
control. On the advanced permissions tab of a sub directory the “Inherited
From†section showed “Parent Object†instead of “C:\â€

Any ideas on how I can change the C:\ drive and sub directories back to
winxp base permissions would be greatly appreciated.
Thanks
Nathan
 
Unfortunately the PC’s are still in a NT 4 Domain. I have no way of deploying
the security policy via gpo. I need to find a scriptable solution.
Thanks
Nathan
 
What has GPO's got to do with it. secedit applies these templates. That is scriptable. But you need to check that it can fix what you did.
 
Thank you. Do have any examples on how to apply security templates via
secedit or a link to a good white paper.
Nathan
 
It's all in help. I've never used it because I have never changed system permissions (well maybe on my computer not on a network). When I make changes like your IT dept I apply at the lowest level.

Syntax
secedit /configure /db FileName [/cfg FileName ] [/overwrite][/areas area1 area2...] [/log FileName] [/quiet]
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Media steaming from two Hard drives one p.c. 0
Permissions are a mess 1
NTFS permission 1
Wrong Permissions of C Drive 4
Help with permissions (CACLS). 3
permissions changing without notice 3
Folder Permissions 2
Owner permission for separate internal hard drive 4

Back
Top