ran caclc on "c:\program files" no /e on XP Home

K

kurt ruby

I inadvertantly did add the /e switch on the entire "Program Files"
directory on my WinXP Home system. Searching through Google groups, I
see there is a command for WinXP Pro to restore the settings but not
on Home. Norton AntiVirus Corporate Edition was failing to start. I
was able to get it running by manually putting the following ACL with
CACLS.exe.
c:\Program Files BUILTIN\Users:(OI)(CI)F
BUILTIN\Administrators:(OI)(CI)F
NT AUTHORITY\SYSTEM:(OI)(CI)F
THEPOWER\Kurtis:(OI)(CI)F
I ran CACLS.exe on another directory and see the following:
c:\downl BUILTIN\Administrators:F
BUILTIN\Administrators:(OI)(CI)(IO)F
NT AUTHORITY\SYSTEM:F
NT AUTHORITY\SYSTEM:(OI)(CI)(IO)F
THEPOWER\Kurtis:F
CREATOR OWNER:(OI)(CI)(IO)F
BUILTIN\Users:R
BUILTIN\Users:(OI)(CI)(IO)(special access:)
GENERIC_READ
GENERIC_EXECUTE

BUILTIN\Users:(CI)(special access:)
FILE_APPEND_DATA

BUILTIN\Users:(CI)(special access:)
FILE_WRITE_DATA

Everyone:(OI)(CI)C

I am thinking I should have similar ACL on C:\Program Files but can't
seem to get CACLS.exe to add the other special permissions.

Anyone help me out, short of reinstalling?

Thanks...
 
C

Colin Nash - [MVP Windows Hardware]

Have you tried restoring back to a previous restore point? (Start -->
Accessories --> System Tools --> System Restore)
 
R

Roger Abell [MVP]

To fine tone the permissions you would need to use an
F8 safe mode boot and access the Security dialog in the
properties of C:\Program Files

Note that c:\Program Files normally has its own permissions,
unlike what would exist on C:\somenewdirectory

C:\>cacls "c:\program files"
c:\Program Files BUILTIN\Users:R
BUILTIN\Users:(OI)(CI)(IO)(special access:)
GENERIC_READ
GENERIC_EXECUTE
BUILTIN\Power Users:C
BUILTIN\Power Users:(OI)(CI)(IO)C
BUILTIN\Administrators:F
BUILTIN\Administrators:(OI)(CI)(IO)F
NT AUTHORITY\SYSTEM:F
NT AUTHORITY\SYSTEM:(OI)(CI)(IO)F
BUILTIN\Administrators:F
CREATOR OWNER:(OI)(CI)(IO)F
 
K

Kent W. England [MVP]

Roger said:
Note that c:\Program Files normally has its own permissions,
unlike what would exist on C:\somenewdirectory

C:\>cacls "c:\program files"
c:\Program Files BUILTIN\Users:R
BUILTIN\Users:(OI)(CI)(IO)(special access:)
GENERIC_READ
GENERIC_EXECUTE
BUILTIN\Power Users:C
BUILTIN\Power Users:(OI)(CI)(IO)C
BUILTIN\Administrators:F
BUILTIN\Administrators:(OI)(CI)(IO)F
NT AUTHORITY\SYSTEM:F
NT AUTHORITY\SYSTEM:(OI)(CI)(IO)F
BUILTIN\Administrators:F
CREATOR OWNER:(OI)(CI)(IO)F
Click to expand...

If you use the GUI, then the above is

Administrators Full Control This folder, all subfolders and files
SYSTEM Full Control This folder, all subfolders and files
CREATOR OWNER Full Control Subfolders
Power Users Change This folder ...
Users Read This folder ...

Owner should be Administrators group, but might be the Administrator
account.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Need help with CACLS or XCACLS 6
No access on shares WinXPSP2 from Windows Server 2003 SP2 1
Interpreting Cacls Output 2
How can I use icacls to acheive the same deny results as with the 1
Cannot delete folders 2
Need help fixing Vista 3
Vista/WMI error 2
Drive issues, Reinstall XP on second drive, " Access Denied" NTSF 10

Top