Correct, the Win7 hosts file is FC for Administrators. In this particular case, the file is under %windir%, so figuring it out is pretty easy.
For those that aren't, there is a "special permission" in the SACL that designates it as a protected file. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -----Original Message----- From: Kurt Buff [mailto:[email protected]] Sent: Wednesday, February 17, 2010 12:15 PM To: NT System Admin Issues Subject: Re: Quiz du jour I take it that, same as under XP, that Win7's hosts file is 'Full Control' for DAs? That's interesting. I wonder how it recognizes that this file (and others like it) require UAC controls? That'll definitely take some getting used to, but IMHO more security is better. Kurt On Wed, Feb 17, 2010 at 09:03, Michael B. Smith <[email protected]> wrote: > For example, you are signed in with a domain admin account to your > workstation and you want to edit your local hosts file. > > You can't, unless you start the editor with "run-as" (or start the editor > from an elevated command prompt). > > This is intentional behavior. (And I personally think a darn good one > - but if you hate it, you can disable UAC - which I regard as a > mistake.) > > Regards, > > Michael B. Smith > Consultant and Exchange MVP > http://TheEssentialExchange.com > > > -----Original Message----- > From: Kurt Buff [mailto:[email protected]] > Sent: Wednesday, February 17, 2010 11:52 AM > To: NT System Admin Issues > Subject: Re: Quiz du jour > > Can you explain a little more what this scenario is? I don't have any > experience yet with anything past WinXP/Win2k3. > > On Wed, Feb 17, 2010 at 07:50, David Lum <[email protected]> wrote: >> Today I was asked: “What’s the point of NTFS ACLs if, when having >> full control to a file I still have to run-as” >> >> >> >> I knew the answer once but a quick search comes up empty for me. Anyone? >> >> David Lum // SYSTEMS ENGINEER >> NORTHWEST EVALUATION ASSOCIATION >> (Desk) 971.222.1025 // (Cell) 503.267.9764 >> >> >> >> >> >> > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
