Serious bug in win7

Page 3 of 3 FirstFirst 123

  1. 100126439
    Posts : 7
    7 64
    Thread Starter
       New #21

    thank you for all guys helping:)
    i've make it through.

    but its wired,
    i do a test in win7 32bit that
    no matter what i set a file/folder Full Control deny on Administrators Group or Administrator even SYSTEM account
    using Administrator account
    i still can take the permission back just uncheck the deny box without any access deny.

    and i find out one more thing,
    the Allow permission Administrators Group, Administrator and SYSTEM account in the testing 32bitwin7
    are grey, that mean can't not remove the allow premission ,you only can add deny premission.
    its same as my computer before i get the permission back.
    but now i can delete the Allow permission.
      My Computer
    Quote Quote

  3. lehnerus2000
    Posts : 4,049
    W7 Ultimate SP1, LM19.2 MATE, W10 Home 1703, W10 Pro 1703 VM, #All 64 bit
       New #22

    Inherited Permissions


    I think that "greyed out" permissions, actually indicate that the permissions are "Inherited" from a higher level.

    Serious bug in win7-permissions-inherited.png

    Notice that:

    • The SYSTEM permissions on E:\ are black.
    • The SYSTEM permissions on E:\Games-w7 are grey (Inherited). #

    Serious bug in win7-permissions-advanced.png

    This window confirms that the permissions are "Inherited".

    Additional
    # The forum auto-complete keeps changing my path name.
    Last edited by lehnerus2000; 19 Nov 2011 at 19:34. Reason: Additional
      My Computer
    Quote Quote

  4. Barman58
    Posts : 31,249
    Windows 11 Pro x64 [Latest Release and Release Preview]
       New #23

    rraod said:
    The NTFS permissions are set and imposed by the operating system and they are limited to that operating system in that physical system only.

    <Snip>

    So it is possible to gain access to this hard disk even if it is assigned with deny permissions to Administrators group (This group is limited to that system only), by the following three methods.

    1. Remove the HDD from the system and connect it to another system with Windows (XP, Vista or 7) and take ownership and reassign permissions to include full control to Everyone group only deleting all the other permissions.

    2. Make the system a dual boot system and access the HDD from second Windows OS (XP, Vista or 7) and take ownership and reassign permissions to include full control to Everyone group deleting all the other permissions.

    <Snip>
    Not sure if this is actually true for a specific applied Deny on the administrators group as this is always the same SID

    SID: S-1-5-32-544
    Name: Administrators
    Description: A built-in group. After the initial installation of the operating system, the only member of the group is the Administrator account. When a computer joins a domain, the Domain Admins group is added to the Administrators group. When a server becomes a domain controller, the Enterprise Admins group also is added to the Administrators group
    [Source]

    This information applies up to and including Vista but have nor been able to confirm if win7 is different

    It could work out that a new OS would still see the Deny against the files for SID S-1-5-32-544 or the install would somehow override this, (a new installation would certainly not reset any permissions on other than the system drive)

    Looks like I have a project to check this out when I have a suitable system to break
      My Computers
    Quote Quote

  6. rraod
    Posts : 742
    MS Windows 7 Ultimate 64-bit SP1
       New #24

    Nigel,

    With respect to your explanation, the role of the server is changing by adding it to the domain, or this server becoming a domain controller, the various Administrator groups are added to the original system. I agree with you.

    But in my explanation I was talking about connecting the harddisk to another operating system, and not accessing this system through network. A locked hard disk with Deny permissions will prevent someone to access it while it is in the original host. But once you take it out of the host and connect it to a guest system, the security will not be bulletproof.

    This is what I believe. Because the NTFS permissions are reversible once you take out the hard disk from host and connect it to a guest. All you have to do is take ownership and assume full control. They are not like encryption. Once you encrypt something and lost the key, you loose the entire thing for good. With adverse NTFS permissions you will not loose the files for good.

    So please do your experimentation ASAP and give us the results. All you need is a dual boot system (preferably with two windows 7 OS's) and a separate HDD for testing. Give deny permissions to Administrators group from one windows 7 and try to remove that Deny permissions from other windows 7 OS and access the files. May be I will learn something new from this experiment. :)
      My Computer
    Quote Quote

  7. Barman58
    Posts : 31,249
    Windows 11 Pro x64 [Latest Release and Release Preview]
       New #25

    I will have to see if I can break out some bits (a lot of stuff is in boxes at the moment)

    I can see the issue arising because on every new system, even stand alone, the Administrators group is always the same SID [S-1-5-32-544] which is what allows you to access old data, (with permissions for a now obsolete user).

    As the system would see that the files are explicitly denied for SID S-1-5-32-544,which is the current administrators group, it should respect this. The other issue is that TakeOwn is one of the permissions affected by a Deny all, so that route may be blocked.

    It's certainly got me thinking

    It should be possible to enable the win7 hidden administrator from the PE and use this to take ownnership and remove the block
      My Computers
    Quote Quote

 
Page 3 of 3 FirstFirst 123

  Related Discussions
Greetings - This is my first time here and am very thankful for this great collection of forums and this community. I am trying to recover from a VAIO laptop HDD crash to Win7 Professional upgrade. I had finished working, shutdown Win7 Pro. cleanly. Drove home, attempted to launch Windows...
I have a multiboot win7 /xpx64 TWO DISK system, showing win7 as the C; drive and XPx64 as D: when examining via My Computer. Cloned the C: drive (win7) using Samsung tool to same size Samsung evo SSD. When put in computer the dual boot option gone. The SSD clone of win7 runs ok, but with that in...
Hi there, hoping someone can help... I've eventually managed to get a dual boot system going. I've installed Win7 on one hard drive and Win XP Pro on another. I've still got to figure out how to get a dual boot menu going, but in the meantime I press the F10 key during Boot-up of the machine...
I've researched for awhile now & can't seem to find which is the best way to add winxp functionality to my laptop. I have office xp professional, painter7 & photopaint8 software that worked fine on winxp 32 bit thru sp3. New laptop is win7 home premium 64bit. Two 500gb hard drives. Which is...
Hello all, I have a vaio laptop with a dual boot win7/vista setup. I simply want to format the whole drive back to one large c:\drive, then reinstall windows 7. I have heard horror stories of people saying their boot manager becomes corrupted. or goes missing. I enclose a snapshot of my hard...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 14:47.
Find Us