I think I'm in big trouble

  • Thread starter Thread starter Menno Hershberger
  • Start date Start date
M

Menno Hershberger

Vista Home Premium.
I was searching for a file with Agent Ransack and it found it in a folder
that is 25 deep. I went into Windows Explorer and expanded it to see if it
was for real and it is! I had to copy and paste three screens together to
show it. For all I know, it is still growing. Notice all the upper ones
only have two subfolders till you get down to the 25th one. Obviously any
data for those listed at the end is being directed there, so if I moved
them all to the first branch and deleted the rest of the tree, then the
applications probably couldn't find them. How could this have happened and
how do I fix it?

http://mewnlite.com/explorer.gif
 
Vista Home Premium.
I was searching for a file with Agent Ransack and it found it in a
folder that is 25 deep. I went into Windows Explorer and expanded it
to see if it was for real and it is! I had to copy and paste three
screens together to show it. For all I know, it is still growing.
Notice all the upper ones only have two subfolders till you get down
to the 25th one. Obviously any data for those listed at the end is
being directed there, so if I moved them all to the first branch and
deleted the rest of the tree, then the applications probably couldn't
find them. How could this have happened and how do I fix it?

http://mewnlite.com/explorer.gif
Click to expand...

OK... I guess I should have shown more. I started the tree at "All Users"
which is actually under "C:\Documents and Settings". And I don't think
Vista even is even supposed to have a Documents and Settings folder.
I *do* have a Documents and Settings folder on D: drive which is my XP
partition. But that one is intact and looks normal.
So I just renamed the folder to D&S to see if it'd have any adverse
effects. So far it hasn't and Vista and XP are both working just fine.
It's a mystery to me how it got there in the first place. I'm not going to
delete it for a while till I'm sure, though.
 
Menno Hershberger said:
OK... I guess I should have shown more. I started the tree at "All Users"
which is actually under "C:\Documents and Settings". And I don't think
Vista even is even supposed to have a Documents and Settings folder.
I *do* have a Documents and Settings folder on D: drive which is my XP
partition. But that one is intact and looks normal.
So I just renamed the folder to D&S to see if it'd have any adverse
effects. So far it hasn't and Vista and XP are both working just fine.
It's a mystery to me how it got there in the first place. I'm not going to
delete it for a while till I'm sure, though.
Click to expand...


You may run into some compatibility problems if you rename the 'Documents
and Settings' junction. Search this newsgroup for past posts on junctions
and symlinks to understand more about what these are - there have been
numerous postings on this topic.

Your original problem might be a problem with Agent Ransack (it not being a
'junction aware' application), or it may relate to the permissions on the
symlink / junctions you mentioned eg the 'Everyone' deny ace being removed
from the security acl)

Paste in the output (from an elevated command prompt) for these 2 commands

icacls "C:\Users\All Users" /L
icacls "C:\ProgramData\Application Data" /L
 
You may run into some compatibility problems if you rename the
'Documents and Settings' junction. Search this newsgroup for past
posts on junctions and symlinks to understand more about what these
are - there have been numerous postings on this topic.

Your original problem might be a problem with Agent Ransack (it not
being a 'junction aware' application), or it may relate to the
permissions on the symlink / junctions you mentioned eg the 'Everyone'
deny ace being removed from the security acl)

Paste in the output (from an elevated command prompt) for these 2
commands

icacls "C:\Users\All Users" /L
icacls "C:\ProgramData\Application Data" /L
Click to expand...

C:\>icacls "C:\Users\All Users" /L
C:\Users\All Users BUILTIN\Administrators:(I)(OI)(CI)(F)
NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(F)
NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)
BUILTIN\Users:(I)(OI)(CI)(F)
Successfully processed 1 files; Failed processing 0 files

C:\>icacls "C:\ProgramData\Application Data" /L
C:\ProgramData\Application Data BUILTIN\Administrators:(I)(OI)(CI)(F)
NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(F)
NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)
BUILTIN\Users:(I)(OI)(CI)(F)
Successfully processed 1 files; Failed processing 0 files

There ya go. I hope you know what it means... :-)
 
Menno Hershberger said:
C:\>icacls "C:\Users\All Users" /L
C:\Users\All Users BUILTIN\Administrators:(I)(OI)(CI)(F)
NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(F)
NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)
BUILTIN\Users:(I)(OI)(CI)(F)
Successfully processed 1 files; Failed processing 0 files

C:\>icacls "C:\ProgramData\Application Data" /L
C:\ProgramData\Application Data BUILTIN\Administrators:(I)(OI)(CI)(F)
NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(F)
NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)
BUILTIN\Users:(I)(OI)(CI)(F)
Successfully processed 1 files; Failed processing 0 files

There ya go. I hope you know what it means... :-)
Click to expand...


Yep, your permissions are screwed up on the "C:\Users\All Users" symlink and
the "C:\ProgramData\Application Data" junction.

The output from this command

dir /al "C:\Users"

should show
<SYMLINKD> All Users [c:\ProgramData]

and the output from this command

dir /al "C:\ProgramData"
should include
<JUNCTION> Application Data [C:\ProgramData]

The permissions on both (which you can adjust via Right-click > Properties >
Security) should be

..... >icacls "C:\Users\All Users" /L
C:\Users\All Users Everyone:(DENY)(S,RD)
NT AUTHORITY\SYSTEM:(F)
Everyone:(S,RD,REA,X,RA)
BUILTIN\Administrators:(F)


icacls /? for an explanation of the terms

It would take a month of Sundays to type out a full explanation, but
hopefully that will get you started.
 
Back
Top