All the same. Any folder whose ACL is only Administrators:F cannot be accessed by an administrator without modification to the ACL.
From: David Lum [mailto:[email protected]] Sent: Friday, July 01, 2011 10:45 AM To: NT System Admin Issues Subject: RE: Win7 UAC - is your on or off? What if you go an additional folder down? I.e. c:\BrokenUAC\Admins? Dave From: Crawford, Scott [mailto:[email protected]]<mailto:[mailto:[email protected]]> Sent: Friday, July 01, 2011 8:27 AM To: NT System Admin Issues Subject: RE: Win7 UAC - is your on or off? Well, the programmatically part was just to make sure we're on the same page. But, yes I want to have folders that only have perms for admins. The problem is that with UAC, browsing these folders is impossible from explorer.exe without it adding extra ACLs to the ACE. Even worse is that setting these perms on the root of the drive itself gives no option for browsing with explorer.exe. From: David Lum [mailto:[email protected]]<mailto:[mailto:[email protected]]> Sent: Friday, July 01, 2011 8:29 AM To: NT System Admin Issues Subject: RE: Win7 UAC - is your on or off? So you're trying to create a secure folder off the root of C: that only local administrators can access and you want to be able to do this programmatically? Dave From: Crawford, Scott [mailto:[email protected]]<mailto:[mailto:[email protected]]> Sent: Thursday, June 30, 2011 11:51 AM To: NT System Admin Issues Subject: RE: Win7 UAC - is your on or off? I would be thrilled if I could right-click and run as admin for explorer. Here's a situation, I'd love to have a solution to. Log in as a member of the administrators group, not the actual account named Administrator. >From an elevated cmd prompt, run the following commands. md C:\BrokenUAC icacls C:\BrokenUAC /grant administrators:f /inheritance:r Now, try and open that folder in explorer. Use any combination of runas you like, but you won't be able to open it without windows prompting you to add your specific username to the ACE. I don't want all these extra permissions scattered around the hard drive. This will happen for every admin that tries to access these folders and makes a mess of things. The real kicker comes if you set these permissions on the root of a drive (icacls \BrokenUAC /grant administrators:f /inheritance:r). In that case, you don't even get a prompt to add permissions. It's just flat out impossible to access that drive from explorer.exe. From: Steven Peck [mailto:[email protected]]<mailto:[mailto:[email protected]]> Sent: Thursday, June 30, 2011 11:57 AM To: NT System Admin Issues Subject: Re: Win7 UAC - is your on or off? We leave it on on clients and servers. We do have a few individual engineers who disable it on their servers. I could understand it if it was on specific server/application combinations but they want it off on all their systems. That group seems to consistently be the one with odd issues and other random occurances. It's probably not related to turning off UAC but evidently right clicking and choosing 'run as administrator' or clicking on the UAC prompt is challenging. Steven Peck http://www.blkmtn.org On Thu, Jun 30, 2011 at 9:12 AM, Crawford, Scott <[email protected]<mailto:[email protected]>> wrote: Same here, but I do turn it off on some servers. From: Sean Rector [mailto:[email protected]<mailto:[email protected]>] Sent: Thursday, June 30, 2011 9:39 AM To: NT System Admin Issues Subject: RE: Win7 UAC - is your on or off? I keep it on and I'm not an admin on my machine. Sean Rector, MCSE From: [email protected]<mailto:[email protected]> [mailto:[email protected]]<mailto:[mailto:[email protected]]> Sent: Thursday, June 30, 2011 10:36 AM To: NT System Admin Issues Subject: Re: Win7 UAC - is your on or off? I used to turn it off, but now I am sold on it. Great on my desktop Sent from my POS BlackBerry wireless device, which may wipe itself at any moment ________________________________ From: David Lum <[email protected]<mailto:[email protected]>> Date: Thu, 30 Jun 2011 14:33:22 +0000 To: NT System Admin Issues<[email protected]<mailto:[email protected]>> ReplyTo: "NT System Admin Issues" <[email protected]<mailto:[email protected]>> Subject: Win7 UAC - is your on or off? Do any of you turn this off? I had our Service Desk Manager look at me like I had two heads when I told him I don't turn mine off and I asked "yours is off?" and he answered "It's me, I know when I am doing something to my system...". I swear I read somewhere there is good reason to keep UAC on and just throttle down the prompts (with Win7 I've left it at default), but I'll be damned if I can find it at the moment. I thought it was a Minasi or other level of author. Desmond? David Lum Systems Engineer // NWEATM Office 503.548.5229<tel:503.548.5229> // Cell (voice/text) 503.267.9764<tel:503.267.9764> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin Information Technology Manager Virginia Opera Association E-Mail: [email protected]<mailto:[email protected]> Phone: (757) 213-4548<tel:%28757%29%20213-4548> (direct line) {+} On Sale NOW 2011-2012 Subscriptions featuring four NEW Productions Aida | Hansel And Gretel | Orphée | The Mikado Visit us online at www.VaOpera.org<http://www.vaopera.org/> or call 1-866-OPERA-VA The vision of Virginia Opera is to enrich lives through the powerful integration of music, voice and human drama. ________________________________ This e-mail and any attached files are confidential and intended solely for the intended recipient(s). Unless otherwise specified, persons unnamed as recipients may not read, distribute, copy or alter this e-mail. Any views or opinions expressed in this e-mail belong to the author and may not necessarily represent those of Virginia Opera. Although precautions have been taken to ensure no viruses are present, Virginia Opera cannot accept responsibility for any loss or damage that may arise from the use of this e-mail or attachments. {*} ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
