Ah. The SACL makes sense. Thanks for the explanation.
A friend of mine got me a copy of Win7 Ultimate from the company store. I suppose it's time to put it on my Lenovo T61 (currently running XP) to get familiar with it. I'll post on a different thread about that - I'll probably have a few questions. Kurt On Wed, Feb 17, 2010 at 09:24, Michael B. Smith <[email protected]> wrote: > Correct, the Win7 hosts file is FC for Administrators. > > In this particular case, the file is under %windir%, so figuring it out is > pretty easy. > > For those that aren't, there is a "special permission" in the SACL that > designates it as a protected file. > > Regards, > > Michael B. Smith > Consultant and Exchange MVP > http://TheEssentialExchange.com > > > -----Original Message----- > From: Kurt Buff [mailto:[email protected]] > Sent: Wednesday, February 17, 2010 12:15 PM > To: NT System Admin Issues > Subject: Re: Quiz du jour > > I take it that, same as under XP, that Win7's hosts file is 'Full Control' > for DAs? > > That's interesting. I wonder how it recognizes that this file (and others > like it) require UAC controls? > > That'll definitely take some getting used to, but IMHO more security is > better. > > Kurt > > On Wed, Feb 17, 2010 at 09:03, Michael B. Smith <[email protected]> wrote: >> For example, you are signed in with a domain admin account to your >> workstation and you want to edit your local hosts file. >> >> You can't, unless you start the editor with "run-as" (or start the editor >> from an elevated command prompt). >> >> This is intentional behavior. (And I personally think a darn good one >> - but if you hate it, you can disable UAC - which I regard as a >> mistake.) >> >> Regards, >> >> Michael B. Smith >> Consultant and Exchange MVP >> http://TheEssentialExchange.com >> >> >> -----Original Message----- >> From: Kurt Buff [mailto:[email protected]] >> Sent: Wednesday, February 17, 2010 11:52 AM >> To: NT System Admin Issues >> Subject: Re: Quiz du jour >> >> Can you explain a little more what this scenario is? I don't have any >> experience yet with anything past WinXP/Win2k3. >> >> On Wed, Feb 17, 2010 at 07:50, David Lum <[email protected]> wrote: >>> Today I was asked: “What’s the point of NTFS ACLs if, when having >>> full control to a file I still have to run-as” >>> >>> >>> >>> I knew the answer once but a quick search comes up empty for me. Anyone? >>> >>> David Lum // SYSTEMS ENGINEER >>> NORTHWEST EVALUATION ASSOCIATION >>> (Desk) 971.222.1025 // (Cell) 503.267.9764 >>> >>> >>> >>> >>> >>> >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ >> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ >> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
