|
RE: Users group can't run attrib.exe or subst.exe
Hello Keith,
|> 1) I can't add TrustedInstallers back to the ACLs list - it says it
doesn't
|> exist
There isn't an easy way if any way to add the TrustedInstaller ACL back to
files
|> 2) I add back Users with ReadAndExecute and a few days later that entry
has
|> been stripped out (again)
|>
|> Anybody have any idea what is going on? I suspect either Group Policy or
|> System File Protection but I'm not sure how to find out if that is what
is
|> causing this.
System file protection would not strip the ACL from the file. It could be
Group Policy, it could be a security template that is being pushed out by
an administrator
You can check the SFC entries by examining this log file:
At the command prompt, type the following command, and then press ENTER:
findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >sfcdetails.txt
Thanks,
Darrell Gorter[MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights
--------------------
|> From: "Keith Hill [MVP]" <r_keith_hill@mailhot.moc_no_spam_I>
|> Subject: Users group can't run attrib.exe or subst.exe
|> Date: Wed, 26 Sep 2007 18:53:51 -0600
|> Lines: 1
|> Message-ID: <7CF30A86-854B-4F06-965D-7CF28F87FBFE@microsoft.com>
|> MIME-Version: 1.0
|> Content-Type: text/plain;
|> format=flowed;
|> charset="iso-8859-1";
|> reply-type=original
|> Content-Transfer-Encoding: 7bit
|> X-Priority: 3
|> X-MSMail-Priority: Normal
|> Importance: Normal
|> X-Newsreader: Microsoft Windows Live Mail 12.0.1184
|> X-MimeOLE: Produced By Microsoft MimeOLE V12.0.1184
|> X-MS-CommunityGroup-MessageCategory:
{E4FCE0A9-75B4-4168-BFF9-16C22D8747EC}
|> X-MS-CommunityGroup-PostID: {7CF30A86-854B-4F06-965D-7CF28F87FBFE}
|> Newsgroups:
microsoft.public.windows.vista.administration_acco unts_passwords
|> NNTP-Posting-Host: cosiapat1.net.americas.agilent.com 192.25.240.225
|> Path: TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSF TNGP02.phx.gbl
|> Xref: TK2MSFTNGHUB02.phx.gbl
microsoft.public.windows.vista.administration_acco unts_passwords:5701
|> X-Tomcat-NG:
microsoft.public.windows.vista.administration_acco unts_passwords
|>
|> For some reason, my Vista Enterprise system has reset permissions on a
|> number of EXEs in the windows system32 dir and now I have to elevate to
|> execute
|> attrib.exe and subst.exe. The following EXEs are affected:
|>
|> C:\Windows\System32\at.exe
|> C:\Windows\System32\attrib.exe
|> C:\Windows\System32\cacls.exe
|> C:\Windows\System32\debug.exe
|> C:\Windows\System32\DRWATSON.EXE
|> C:\Windows\System32\edlin.exe
|> C:\Windows\System32\eventcreate.exe
|> C:\Windows\System32\ftp.exe
|> C:\Windows\System32\net.exe
|> C:\Windows\System32\net1.exe
|> C:\Windows\System32\netsh.exe
|> C:\Windows\System32\reg.exe
|> C:\Windows\System32\regedt32.exe
|> C:\Windows\System32\regsvr32.exe
|> C:\Windows\System32\runas.exe
|> C:\Windows\System32\sc.exe
|> C:\Windows\System32\subst.exe
|> C:\Windows\System32\telnet.exe
|>
|> Their ACLs are:
|>
|> AccessToString : NT AUTHORITY\INTERACTIVE Allow ReadAndExecute,
Synchronize
|> NT AUTHORITY\SYSTEM Allow FullControl
|> BUILTIN\Administrators Allow FullControl
|>
|> And they should be:
|>
|> AccessToString : NT AUTHORITY\SYSTEM Allow ReadAndExecute, Synchronize
|> BUILTIN\Administrators Allow ReadAndExecute,
Synchronize
|> BUILTIN\Users Allow ReadAndExecute, Synchronize
|> NT SERVICE\TrustedInstaller Allow FullControl
|>
|> What's annoying the hell out of me is that:
|>
|> 1) I can't add TrustedInstallers back to the ACLs list - it says it
doesn't
|> exist
|> 2) I add back Users with ReadAndExecute and a few days later that entry
has
|> been stripped out (again)
|>
|> Anybody have any idea what is going on? I suspect either Group Policy or
|> System File Protection but I'm not sure how to find out if that is what
is
|> causing this.
|>
|> --
|> Keith
|>
|>
|>
|>
|>
|>
|>
|
Linear Mode
