RE: The finer points of NTFS ACLs (was: Software installs on new PCs)

2010-04-28 Thread Ralph Smith
Sorry, I was just skimming through the messages and missed that. Should have checked first. -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Wednesday, April 28, 2010 11:18 PM To: NT System Admin Issues Subject: Re: The finer points of NTFS ACLs (was: Software

RE: The finer points of NTFS ACLs (was: Software installs on new PCs)

2010-04-28 Thread Ralph Smith
rs". -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Wednesday, April 28, 2010 10:31 PM To: NT System Admin Issues Subject: Re: The finer points of NTFS ACLs (was: Software installs on new PCs) On Wed, Apr 28, 2010 at 5:35 PM, James Rankin wrote: > I did

Re: The finer points of NTFS ACLs (was: Software installs on new PCs)

2010-04-28 Thread Ben Scott
On Wed, Apr 28, 2010 at 11:11 PM, Ralph Smith wrote: > Does this address your issue?  This is from From Article ID: 310316: Try about four messages back in the thread. ;-) Thanks anyway. :) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~

RE: The finer points of NTFS ACLs (was: Software installs on new PCs)

2010-04-28 Thread Ralph Smith
alue only applies to Windows XP and to Windows Server 2003. The value does not affect Windows 2000." -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Wednesday, April 28, 2010 10:31 PM To: NT System Admin Issues Subject: Re: The finer points of NTFS ACLs (was:

Re: The finer points of NTFS ACLs (was: Software installs on new PCs)

2010-04-28 Thread Ben Scott
On Wed, Apr 28, 2010 at 5:35 PM, James Rankin wrote: > I didn't know that you were asking users to actually perform the moveone > of the benefits of us being a fairly small and linear organisation is that > stuff doesn't tend to get moved from drive to drive too often. If it gets moved from

Re: The finer points of NTFS ACLs (was: Software installs on new PCs)

2010-04-28 Thread James Rankin
I didn't know that you were asking users to actually perform the moveone of the benefits of us being a fairly small and linear organisation is that stuff doesn't tend to get moved from drive to drive too often. On 28 April 2010 21:04, Ben Scott wrote: > On Wed, Apr 28, 2010 at 12:55 PM, Jame

Re: The finer points of NTFS ACLs (was: Software installs on new PCs)

2010-04-28 Thread Jon Harris
I read a Technet article written by the Scripting Guys and did just this for PS. They even recommended that it be run periodically just to keep some help desk type or sort of knowledgeable user from messing up the perms. They did offer some suggestions as to how often but they did not have a hard

Re: The finer points of NTFS ACLs (was: Software installs on new PCs)

2010-04-28 Thread Ben Scott
On Wed, Apr 28, 2010 at 1:30 PM, Crawford, Scott wrote: > MoveSecurityAttributes > http://support.microsoft.com/kb/310316 Ah, that looked very promising for a moment. But then I saw what Bill Mayo saw: It apparently requires permission to modify the ACL, and we don't allow that. It's also a

Re: The finer points of NTFS ACLs (was: Software installs on new PCs)

2010-04-28 Thread Ben Scott
On Wed, Apr 28, 2010 at 12:55 PM, James Rankin wrote: > I don't know whether removing Creator Owner from the ACL actually updates or > changes the owner in any way. It doesn't change the owner, but that doesn't matter. "CREATOR OWNER" is a magic ACE that turns into whatever the owner is/was se

Re: The finer points of NTFS ACLs (was: Software installs on new PCs)

2010-04-28 Thread Andrew S. Baker
Copy the files to the new location. Or, reapply the perms by script -ASB: http://XeeSM.com/AndrewBaker Sent from my Motorola Droid On Apr 28, 2010 12:45 PM, "Ben Scott" wrote: On Wed, Apr 28, 2010 at 11:54 AM, James Rankin wrote: > We see this problem where people create folders under shared

RE: The finer points of NTFS ACLs (was: Software installs on new PCs)

2010-04-28 Thread Mayo, Bill
Sent: Wednesday, April 28, 2010 1:31 PM To: NT System Admin Issues Subject: RE: The finer points of NTFS ACLs (was: Software installs on new PCs) The values you want are HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Fo rceCopyAclwithFile HKEY_LOCAL_MACHINE\SOFTWARE\Mi

RE: The finer points of NTFS ACLs (was: Software installs on new PCs)

2010-04-28 Thread Crawford, Scott
- From: Mayo, Bill [mailto:bem...@pittcountync.gov] Sent: Wednesday, April 28, 2010 12:08 PM To: NT System Admin Issues Subject: RE: The finer points of NTFS ACLs (was: Software installs on new PCs) +infinity We do exactly what you describe, and I always have issues (mostly when doing file

RE: The finer points of NTFS ACLs (was: Software installs on new PCs)

2010-04-28 Thread Mayo, Bill
+infinity We do exactly what you describe, and I always have issues (mostly when doing file migrations due to server moves) related to people copying files from one secured directory to another and the permissions not getting updated. When the permissions are set to inherit from parent, it seems

Re: The finer points of NTFS ACLs (was: Software installs on new PCs)

2010-04-28 Thread James Rankin
I don't know whether removing Creator Owner from the ACL actually updates or changes the owner in any way. Probably need to test it, but the reason I took ownership back was to ensure that Administrators was always the owner. No matter what the permissions on the folder above, a user creating a ne