Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Windows7 ACLs - How do you deal with it?


29 Oct 2010   #1

Windows 7 Pro x64
 
 
Windows7 ACLs - How do you deal with it?

Hey everyone.....
I liked what I've seen from this forum so I decided to register and become involved

My issue has to do with folder/file security.

I've been using Windows 7 x64 for a few weeks now (coming from XP) and I've noticed that all file-level security seems to revolve around a single entity "Authenticated Users" when UAC is turned on. My goal is to make this as easy as possible, but secure; ease of access for admins, but read only access to data files for standard users. I've found this from my observations while running as an admin w/UAC on:

-If folder/file has "authenticated users" ACL as read-only access or removed completely then explorer will no longer prompt for folder/file deletion confirmation when using the right-click menu and send the item directly to the recycle bin. However, it will prompt for administrator permission (not deletion confirmation) when using the delete key! Another however, it will prompt for both deletion confirmation and administrator permission when using the shift+delete key combo.

-I can, of course, add the <created admin username> to the item with full control and be back as usual, but I'm looking for a way to keep my ACLs lean and allow portability from one system to the next (such as the same account not being on that machine and external drives).

So..........
What is the best way to secure data without adding the <created admin username> to 1000's of files and folders and without having to give administrator permission every time the admin wants to delete something? Along with keeping "users" as read-only. Should I keep "authenticated users" as modify and just create another group, add user accounts to that, and mark the ACL as deny modify? I see that authenticated users & interactive are now listed in the users group so I can't just deny the users group.

The other issue comes into to play when I run my backup scripts...UAC is killing me!

....I know what I can do, but I'm looking for ideas to see what you've come up with.
I hope that was clear
Thanks for your input!

My System SpecsSystem Spec
.

29 Oct 2010   #2

Windows 7 Ultimate x64, Mint 9
 
 

You should be able to set this in the Group Policy Editor (if you have Professional and up). Not sure how, so you would have to play around with it.

~Lordbob
My System SpecsSystem Spec
29 Oct 2010   #3

Windows 7 Pro/32 Academic. Build 7600
 
 

Hello, Nucleus7, Welcome to Seven Forums.
To answer your question "How would I deal with it?" I'm the only person that uses my PC but I have two accounts set up. One, is my password protected administrator account, which I keep logged off at all times and rarely use. The other one is my standard user account. This is the one I use all the time. It is not password protected. If anybody wants or needs to use my computer, I activate the built-in Guest account. The guest account is pretty restrictive, as you can't do much with it. Even at that, I've taken away all privileges of the guest account to access the C:\users folder completely. I keep nothing in the public folder.
My System SpecsSystem Spec
.


03 Nov 2010   #4

Windows 7 Pro x64
 
 

Thanks...I guess I just have to clutter up the ACL list.
My System SpecsSystem Spec
Reply

 Windows7 ACLs - How do you deal with it?




Thread Tools



Similar help and support threads for2: Windows7 ACLs - How do you deal with it?
Thread Forum
Better Deal? Chillout Room
ACLs, partitions and users profiles Installation & Setup
Setting of the ACLs for the root directory of a logical partition Installation & Setup
Solved what a deal (lol) Chillout Room
Windows7 64 reading windows7 32 drive? General Discussion
Windows 7 RC corrupting ACLs System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 02:36 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33