Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Serious bug in win7

03 Nov 2011   #21
100126439

7 64
 
 

thank you for all guys helping
i've make it through.

but its wired,
i do a test in win7 32bit that
no matter what i set a file/folder Full Control deny on Administrators Group or Administrator even SYSTEM account
using Administrator account
i still can take the permission back just uncheck the deny box without any access deny.

and i find out one more thing,
the Allow permission Administrators Group, Administrator and SYSTEM account in the testing 32bitwin7
are grey, that mean can't not remove the allow premission ,you only can add deny premission.
its same as my computer before i get the permission back.
but now i can delete the Allow permission.


My System SpecsSystem Spec
.
03 Nov 2011   #22
lehnerus2000

W7 Ultimate SP1, LM18 MATE, W10IP VM, W10 Home, #All 64 bit
 
 
Inherited Permissions

I think that "greyed out" permissions, actually indicate that the permissions are "Inherited" from a higher level.

Serious bug in win7-permissions-inherited.png

Notice that:
  • The SYSTEM permissions on E:\ are black.
  • The SYSTEM permissions on E:\Games-w7 are grey (Inherited). #
Serious bug in win7-permissions-advanced.png

This window confirms that the permissions are "Inherited".

Additional
# The forum auto-complete keeps changing my path name.


My System SpecsSystem Spec
03 Nov 2011   #23
Barman58

Windows 10 Pro x64 x2 Windows 10 Enterprise x64, Ubuntu
 
 

Quote   Quote: Originally Posted by rraod View Post
The NTFS permissions are set and imposed by the operating system and they are limited to that operating system in that physical system only.

<Snip>

So it is possible to gain access to this hard disk even if it is assigned with deny permissions to Administrators group (This group is limited to that system only), by the following three methods.

1. Remove the HDD from the system and connect it to another system with Windows (XP, Vista or 7) and take ownership and reassign permissions to include full control to Everyone group only deleting all the other permissions.

2. Make the system a dual boot system and access the HDD from second Windows OS (XP, Vista or 7) and take ownership and reassign permissions to include full control to Everyone group deleting all the other permissions.

<Snip>
Not sure if this is actually true for a specific applied Deny on the administrators group as this is always the same SID

Quote:
SID: S-1-5-32-544
Name: Administrators
Description: A built-in group. After the initial installation of the operating system, the only member of the group is the Administrator account. When a computer joins a domain, the Domain Admins group is added to the Administrators group. When a server becomes a domain controller, the Enterprise Admins group also is added to the Administrators group
[Source]

This information applies up to and including Vista but have nor been able to confirm if win7 is different

It could work out that a new OS would still see the Deny against the files for SID S-1-5-32-544 or the install would somehow override this, (a new installation would certainly not reset any permissions on other than the system drive)

Looks like I have a project to check this out when I have a suitable system to break
My System SpecsSystem Spec
.

03 Nov 2011   #24
rraod

MS Windows 7 Ultimate 64-bit SP1
 
 

Nigel,

With respect to your explanation, the role of the server is changing by adding it to the domain, or this server becoming a domain controller, the various Administrator groups are added to the original system. I agree with you.

But in my explanation I was talking about connecting the harddisk to another operating system, and not accessing this system through network. A locked hard disk with Deny permissions will prevent someone to access it while it is in the original host. But once you take it out of the host and connect it to a guest system, the security will not be bulletproof.

This is what I believe. Because the NTFS permissions are reversible once you take out the hard disk from host and connect it to a guest. All you have to do is take ownership and assume full control. They are not like encryption. Once you encrypt something and lost the key, you loose the entire thing for good. With adverse NTFS permissions you will not loose the files for good.

So please do your experimentation ASAP and give us the results. All you need is a dual boot system (preferably with two windows 7 OS's) and a separate HDD for testing. Give deny permissions to Administrators group from one windows 7 and try to remove that Deny permissions from other windows 7 OS and access the files. May be I will learn something new from this experiment.
My System SpecsSystem Spec
03 Nov 2011   #25
Barman58

Windows 10 Pro x64 x2 Windows 10 Enterprise x64, Ubuntu
 
 

I will have to see if I can break out some bits (a lot of stuff is in boxes at the moment)

I can see the issue arising because on every new system, even stand alone, the Administrators group is always the same SID [S-1-5-32-544] which is what allows you to access old data, (with permissions for a now obsolete user).

As the system would see that the files are explicitly denied for SID S-1-5-32-544,which is the current administrators group, it should respect this. The other issue is that TakeOwn is one of the permissions affected by a Deny all, so that route may be blocked.

It's certainly got me thinking

It should be possible to enable the win7 hidden administrator from the PE and use this to take ownnership and remove the block
My System SpecsSystem Spec
Reply

 Serious bug in win7




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
How to recover Win7 Pro upgrade from Win7 Home Premium post HDD crash
Greetings - This is my first time here and am very thankful for this great collection of forums and this community. I am trying to recover from a VAIO laptop HDD crash to Win7 Professional upgrade. I had finished working, shutdown Win7 Pro. cleanly. Drove home, attempted to launch Windows...
General Discussion
clone multiboot two disc win7 xp install to win7 ssd plus disk XPx64
I have a multiboot win7 /xpx64 TWO DISK system, showing win7 as the C; drive and XPx64 as D: when examining via My Computer. Cloned the C: drive (win7) using Samsung tool to same size Samsung evo SSD. When put in computer the dual boot option gone. The SSD clone of win7 runs ok, but with that in...
Installation & Setup
Dual-Boot Win7/Win7 restore points - Any special considerations?
I see Win7/XP dual-boot can have restore points issues so have to ask about best practices for Win7/Win7. Since my drive is partitioned for Win7/Win7/Data is it simply a matter of setting restore points On/Off/Off while in respective OS's?
Backup and Restore
Win7 Ultimate Update Failed to Win7 Sp1 Error Code 80073701
Hello I'm Having Problem Updating My Windows 7 Ultimate into Windows 7 Ultimate SP1 I Tried Using System Update Readiness Tool for Windows 7 (KB947821) But an Error Pops Up Please HELPP!!:cry:
Windows Updates & Activation
dual boot win7 & winxp separate drives OR upgrade to win7 professional
I've researched for awhile now & can't seem to find which is the best way to add winxp functionality to my laptop. I have office xp professional, painter7 & photopaint8 software that worked fine on winxp 32 bit thru sp3. New laptop is win7 home premium 64bit. Two 500gb hard drives. Which is...
Software
Reinstall Win7 32bit to Win7 64bit /backup disc content
Hey, I purchased the Win 7 Pro Upgrade 32bit via digitalriver, but I've been doing some reseach and probably should have selected the 64bit version. - Any ideas how I can get the 64bit version? - For those who ordered the 32bit back-up disc kit for the extra $15 and have received it,...
Backup and Restore


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 20:01.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App