Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Serious bug in win7

03 Nov 2011   #21

7 64

thank you for all guys helping:)
i've make it through.

but its wired,
i do a test in win7 32bit that
no matter what i set a file/folder Full Control deny on Administrators Group or Administrator even SYSTEM account
using Administrator account
i still can take the permission back just uncheck the deny box without any access deny.

and i find out one more thing,
the Allow permission Administrators Group, Administrator and SYSTEM account in the testing 32bitwin7
are grey, that mean can't not remove the allow premission ,you only can add deny premission.
its same as my computer before i get the permission back.
but now i can delete the Allow permission.

My System SpecsSystem Spec
03 Nov 2011   #22

W7 Ultimate SP1, LM18.3 MATE, W10 Home, #All 64 bit
Inherited Permissions

I think that "greyed out" permissions, actually indicate that the permissions are "Inherited" from a higher level.

Serious bug in win7-permissions-inherited.png

Notice that:
  • The SYSTEM permissions on E:\ are black.
  • The SYSTEM permissions on E:\Games-w7 are grey (Inherited). #
Serious bug in win7-permissions-advanced.png

This window confirms that the permissions are "Inherited".

# The forum auto-complete keeps changing my path name.

My System SpecsSystem Spec
03 Nov 2011   #23

Windows 10 Pro x64 x3, Ubuntu

Quote   Quote: Originally Posted by rraod View Post
The NTFS permissions are set and imposed by the operating system and they are limited to that operating system in that physical system only.


So it is possible to gain access to this hard disk even if it is assigned with deny permissions to Administrators group (This group is limited to that system only), by the following three methods.

1. Remove the HDD from the system and connect it to another system with Windows (XP, Vista or 7) and take ownership and reassign permissions to include full control to Everyone group only deleting all the other permissions.

2. Make the system a dual boot system and access the HDD from second Windows OS (XP, Vista or 7) and take ownership and reassign permissions to include full control to Everyone group deleting all the other permissions.

Not sure if this is actually true for a specific applied Deny on the administrators group as this is always the same SID

SID: S-1-5-32-544
Name: Administrators
Description: A built-in group. After the initial installation of the operating system, the only member of the group is the Administrator account. When a computer joins a domain, the Domain Admins group is added to the Administrators group. When a server becomes a domain controller, the Enterprise Admins group also is added to the Administrators group

This information applies up to and including Vista but have nor been able to confirm if win7 is different

It could work out that a new OS would still see the Deny against the files for SID S-1-5-32-544 or the install would somehow override this, (a new installation would certainly not reset any permissions on other than the system drive)

Looks like I have a project to check this out when I have a suitable system to break
My System SpecsSystem Spec

03 Nov 2011   #24

MS Windows 7 Ultimate 64-bit SP1


With respect to your explanation, the role of the server is changing by adding it to the domain, or this server becoming a domain controller, the various Administrator groups are added to the original system. I agree with you.

But in my explanation I was talking about connecting the harddisk to another operating system, and not accessing this system through network. A locked hard disk with Deny permissions will prevent someone to access it while it is in the original host. But once you take it out of the host and connect it to a guest system, the security will not be bulletproof.

This is what I believe. Because the NTFS permissions are reversible once you take out the hard disk from host and connect it to a guest. All you have to do is take ownership and assume full control. They are not like encryption. Once you encrypt something and lost the key, you loose the entire thing for good. With adverse NTFS permissions you will not loose the files for good.

So please do your experimentation ASAP and give us the results. All you need is a dual boot system (preferably with two windows 7 OS's) and a separate HDD for testing. Give deny permissions to Administrators group from one windows 7 and try to remove that Deny permissions from other windows 7 OS and access the files. May be I will learn something new from this experiment. :)
My System SpecsSystem Spec
03 Nov 2011   #25

Windows 10 Pro x64 x3, Ubuntu

I will have to see if I can break out some bits (a lot of stuff is in boxes at the moment)

I can see the issue arising because on every new system, even stand alone, the Administrators group is always the same SID [S-1-5-32-544] which is what allows you to access old data, (with permissions for a now obsolete user).

As the system would see that the files are explicitly denied for SID S-1-5-32-544,which is the current administrators group, it should respect this. The other issue is that TakeOwn is one of the permissions affected by a Deny all, so that route may be blocked.

It's certainly got me thinking

It should be possible to enable the win7 hidden administrator from the PE and use this to take ownnership and remove the block
My System SpecsSystem Spec

 Serious bug in win7

Thread Tools

Similar help and support threads
Thread Forum
How to recover Win7 Pro upgrade from Win7 Home Premium post HDD crash
Greetings - This is my first time here and am very thankful for this great collection of forums and this community. I am trying to recover from a VAIO laptop HDD crash to Win7 Professional upgrade. I had finished working, shutdown Win7 Pro. cleanly. Drove home, attempted to launch Windows...
General Discussion
clone multiboot two disc win7 xp install to win7 ssd plus disk XPx64
I have a multiboot win7 /xpx64 TWO DISK system, showing win7 as the C; drive and XPx64 as D: when examining via My Computer. Cloned the C: drive (win7) using Samsung tool to same size Samsung evo SSD. When put in computer the dual boot option gone. The SSD clone of win7 runs ok, but with that in...
Installation & Setup
Dual Boot - Win7 and XP - Access denied to files when booting in Win7
Hi there, hoping someone can help... I've eventually managed to get a dual boot system going. I've installed Win7 on one hard drive and Win XP Pro on another. I've still got to figure out how to get a dual boot menu going, but in the meantime I press the F10 key during Boot-up of the machine...
General Discussion
dual boot win7 & winxp separate drives OR upgrade to win7 professional
I've researched for awhile now & can't seem to find which is the best way to add winxp functionality to my laptop. I have office xp professional, painter7 & photopaint8 software that worked fine on winxp 32 bit thru sp3. New laptop is win7 home premium 64bit. Two 500gb hard drives. Which is...
A fresh win7 install over a win7/vista dual boot system ?
Hello all, I have a vaio laptop with a dual boot win7/vista setup. I simply want to format the whole drive back to one large c:\drive, then reinstall windows 7. I have heard horror stories of people saying their boot manager becomes corrupted. or goes missing. I enclose a snapshot of my hard...
Installation & Setup

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 10:24.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App