That would be fantastic...though I retain my skepticism. :) From: Steven Peck [mailto:[email protected]] Sent: Friday, July 01, 2011 8:01 PM To: NT System Admin Issues Subject: Re: Win7 UAC - is your on or off?
I need to ask our server build team what we did to fix that issue. We used to have it, but they fixed it so it doesn't happen anymore and since the build process is automated I kjnow it's a script that puts it there. On Fri, Jul 1, 2011 at 2:37 PM, Crawford, Scott <[email protected]<mailto:[email protected]>> wrote: Either with or without makes no difference. -----Original Message----- From: Kurt Buff [mailto:[email protected]<mailto:[email protected]>] Sent: Friday, July 01, 2011 4:21 PM To: NT System Admin Issues Subject: Re: Win7 UAC - is your on or off? With, or without, System:F? On Fri, Jul 1, 2011 at 08:47, Crawford, Scott <[email protected]<mailto:[email protected]>> wrote: > All the same. Any folder whose ACL is only Administrators:F cannot be > accessed by an administrator without modification to the ACL. > > > > From: David Lum [mailto:[email protected]<mailto:[email protected]>] > Sent: Friday, July 01, 2011 10:45 AM > > To: NT System Admin Issues > Subject: RE: Win7 UAC - is your on or off? > > > > What if you go an additional folder down? I.e. c:\BrokenUAC\Admins? > > > > Dave > > > > From: Crawford, Scott > [mailto:[email protected]<mailto:[email protected]>] > Sent: Friday, July 01, 2011 8:27 AM > To: NT System Admin Issues > Subject: RE: Win7 UAC - is your on or off? > > > > Well, the programmatically part was just to make sure we're on the > same page. > > > > But, yes I want to have folders that only have perms for admins. The > problem is that with UAC, browsing these folders is impossible from > explorer.exe without it adding extra ACLs to the ACE. Even worse is > that setting these perms on the root of the drive itself gives no > option for browsing with explorer.exe. > > > > From: David Lum [mailto:[email protected]<mailto:[email protected]>] > Sent: Friday, July 01, 2011 8:29 AM > To: NT System Admin Issues > Subject: RE: Win7 UAC - is your on or off? > > > > So you're trying to create a secure folder off the root of C: that > only local administrators can access and you want to be able to do > this programmatically? > > > > Dave > > > > From: Crawford, Scott > [mailto:[email protected]<mailto:[email protected]>] > Sent: Thursday, June 30, 2011 11:51 AM > To: NT System Admin Issues > Subject: RE: Win7 UAC - is your on or off? > > > > I would be thrilled if I could right-click and run as admin for explorer. > Here's a situation, I'd love to have a solution to. > > > > Log in as a member of the administrators group, not the actual account > named Administrator. > > From an elevated cmd prompt, run the following commands. > > > > md C:\BrokenUAC > > icacls C:\BrokenUAC /grant administrators:f /inheritance:r > > > > Now, try and open that folder in explorer. Use any combination of > runas you like, but you won't be able to open it without windows > prompting you to add your specific username to the ACE. I don't want > all these extra permissions scattered around the hard drive. This will > happen for every admin that tries to access these folders and makes a mess of > things. > > > > The real kicker comes if you set these permissions on the root of a > drive (icacls \BrokenUAC /grant administrators:f /inheritance:r). In > that case, you don't even get a prompt to add permissions. It's just > flat out impossible to access that drive from explorer.exe. > > > > From: Steven Peck [mailto:[email protected]<mailto:[email protected]>] > Sent: Thursday, June 30, 2011 11:57 AM > To: NT System Admin Issues > Subject: Re: Win7 UAC - is your on or off? > > > > We leave it on on clients and servers. We do have a few individual > engineers who disable it on their servers. I could understand it if > it was on specific server/application combinations but they want it > off on all their systems. > > > > That group seems to consistently be the one with odd issues and other > random occurances. It's probably not related to turning off UAC but > evidently right clicking and choosing 'run as administrator' or > clicking on the UAC prompt is challenging. > > > > Steven Peck > > http://www.blkmtn.org > > > > On Thu, Jun 30, 2011 at 9:12 AM, Crawford, Scott > <[email protected]<mailto:[email protected]>> > wrote: > > Same here, but I do turn it off on some servers. > > > > From: Sean Rector > [mailto:[email protected]<mailto:[email protected]>] > Sent: Thursday, June 30, 2011 9:39 AM > > To: NT System Admin Issues > > Subject: RE: Win7 UAC - is your on or off? > > > > I keep it on and I'm not an admin on my machine. > > > > Sean Rector, MCSE > > > > From: [email protected]<mailto:[email protected]> > [mailto:[email protected]<mailto:[email protected]>] > Sent: Thursday, June 30, 2011 10:36 AM > > To: NT System Admin Issues > > Subject: Re: Win7 UAC - is your on or off? > > > > I used to turn it off, but now I am sold on it. Great on my desktop > > Sent from my POS BlackBerry wireless device, which may wipe itself at > any moment > > ________________________________ > > From: David Lum <[email protected]<mailto:[email protected]>> > > Date: Thu, 30 Jun 2011 14:33:22 +0000 > > To: NT System Admin > Issues<[email protected]<mailto:[email protected]>> > > ReplyTo: "NT System Admin Issues" > <[email protected]<mailto:[email protected]>> > > Subject: Win7 UAC - is your on or off? > > > > Do any of you turn this off? I had our Service Desk Manager look at me > like I had two heads when I told him I don't turn mine off and I asked > "yours is off?" and he answered "It's me, I know when I am doing > something to my system...". > > > > I swear I read somewhere there is good reason to keep UAC on and just > throttle down the prompts (with Win7 I've left it at default), but > I'll be damned if I can find it at the moment. I thought it was a > Minasi or other level of author. > > > > Desmond? > > David Lum > Systems Engineer // NWEATM > Office 503.548.5229<tel:503.548.5229> // Cell (voice/text) > 503.267.9764<tel:503.267.9764> > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to > [email protected]<mailto:[email protected]> > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to > [email protected]<mailto:[email protected]> > with the body: unsubscribe ntsysadmin > > Information Technology Manager > Virginia Opera Association > > E-Mail: [email protected]<mailto:[email protected]> > Phone: (757) 213-4548<tel:%28757%29%20213-4548> (direct line) {+} > > On Sale NOW 2011-2012 Subscriptions featuring four NEW Productions > Aida | Hansel And Gretel | Orphée | The Mikado Visit us online at > www.VaOpera.org<http://www.VaOpera.org> or call 1-866-OPERA-VA > > The vision of Virginia Opera is to enrich lives through the powerful > integration of music, voice and human drama. > > ________________________________ > > This e-mail and any attached files are confidential and intended > solely for the intended recipient(s). Unless otherwise specified, > persons unnamed as recipients may not read, distribute, copy or alter > this e-mail. Any views or opinions expressed in this e-mail belong to > the author and may not necessarily represent those of Virginia Opera. > Although precautions have been taken to ensure no viruses are present, > Virginia Opera cannot accept responsibility for any loss or damage > that may arise from the use of this e-mail or attachments. > > {*} > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to > [email protected]<mailto:[email protected]> > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to > [email protected]<mailto:[email protected]> > with the body: unsubscribe ntsysadmin > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to > [email protected]<mailto:[email protected]> > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to > [email protected]<mailto:[email protected]> > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to > [email protected]<mailto:[email protected]> > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to > [email protected]<mailto:[email protected]> > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to > [email protected]<mailto:[email protected]> > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to > [email protected]<mailto:[email protected]> > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
