right-click C:\WINDOWS shows little UAC? shield - security?

[JimLewandowski]

I have another thread that talked about an XP transplanted internal HD that right-clicking on any folder or file had little UAC? shield icon next to DELETE and RENAME in right-click context menu. When I would delete a file/folder, it would NOT give me a delete confirmation.

I happened to right-click C:\Windows and every other folder in C: (except ones I created) have the UAC shield next to delete. They ARE owned by TrustedInstaller but I just like having the protection in case I accidentally delete them.

Can anyone on their W7 machine, right-click various system folders in C: and report if you have the UAC icon? As well, check your security -> Owner to see if it's TrustedInstaller?

Worrisome. But, I've never done a thing to any C:\ folder re: security or anything. Ever.

 

[Golden]

Do you mean you see the UAC shield directly next to Deelete in the context menu? I do not see that, but currently have UAC turned off on this computer. What level of UAC are you using?

Regards,
Golden

 

[writhziden]

I have another thread that talked about an XP transplanted internal HD that right-clicking on any folder or file had little UAC? shield icon next to DELETE and RENAME in right-click context menu. When I would delete a file/folder, it would NOT give me a delete confirmation.

I happened to right-click C:\Windows and every other folder in C: (except ones I created) have the UAC shield next to delete. They ARE owned by TrustedInstaller but I just like having the protection in case I accidentally delete them.

Can anyone on their W7 machine, right-click various system folders in C: and report if you have the UAC icon? As well, check your security -> Owner to see if it's TrustedInstaller?

Worrisome. But, I've never done a thing to any C:\ folder re: security or anything. Ever.

I have the UAC shield in the places you describe, and the owner is set to TrustedInstaller.

 

[JimLewandowski]

I have the UAC shield in the places you describe, and the owner is set to TrustedInstaller.

Doesn't that imply if you accidentally tried to delete them, you would not get confirmation?

I got my UAC shield to disappear from my transplanted XP drive by adding AUTHENTICATED USERS to the volume and folders/files.

I have UAC on and Jim is the only user (I'm also admin) and am automatically signed on by W7. My level is "default" (3rd tick mark on slider).

I've dug heavily into Win. security lately, but still don't quite understand all the nuances.

For example, if you have a folder like WindowsImageBackup which you do NOT normally have access to, you can click CONTINUE when the UAC prompt appears to be able to view it. What is really happening there (is Jim/Users being added as read/execute to that folder?)? Also, is it possible for me to make WindowsImageBackup go BACK to the way it was prior to my UAC'ing my way in? Would I just delete Jim/Users from the security for the primary folder?

 

[writhziden]

I have the UAC shield in the places you describe, and the owner is set to TrustedInstaller.

Doesn't that imply if you accidentally tried to delete them, you would not get confirmation?

I got my UAC shield to disappear from my transplanted XP drive by adding AUTHENTICATED USERS to the volume and folders/files.

I have UAC on and Jim is the only user (I'm also admin) and am automatically signed on by W7. My level is "default" (3rd tick mark on slider).

I've dug heavily into Win. security lately, but still don't quite understand all the nuances.

For example, if you have a folder like WindowsImageBackup which you do NOT normally have access to, you can click CONTINUE when the UAC prompt appears to be able to view it. What is really happening there (is Jim/Users being added as read/execute to that folder?)? Also, is it possible for me to make WindowsImageBackup go BACK to the way it was prior to my UAC'ing my way in? Would I just delete Jim/Users from the security for the primary folder?

I do not think you can delete them if UAC is turned on. I get an "Acces is Denied" message if I try. I inadvertantly answered your question about a folder going back to its prior state. You can make a folder go back to its prior state of the owner being TrustedInstaller if you have a restore point and revert to that restore point. Otherwise, there is no method I know of to change the owner back to TrustedInstaller.
I accidentally changed winsxs to have my adminstrative user as the owner tonight, and I had to revert to a restore point to undo that change (as I wasn't sure how that would affect any programs or installers that needed that folder to run and were looking for the TrustedInstaller owner).

Edit: Also, if it does add a user with read permissions, you could revert the folder back to its prior state (if that is all that was done) by removing those users with the remove button through the Edit (Permissions) button.

 

[JimLewandowski]

I do not think you can delete them if UAC is turned on. I get an "Acces is Denied" message if I try. I inadvertantly answered your question about a folder going back to its prior state. You can make a folder go back to its prior state of the owner being TrustedInstaller if you have a restore point and revert to that restore point. Otherwise, there is no method I know of to change the owner back to TrustedInstaller.
I accidentally changed winsxs to have my adminstrative user as the owner tonight, and I had to revert to a restore point to undo that change (as I wasn't sure how that would affect any programs or installers that needed that folder to run and were looking for the TrustedInstaller owner).

Edit: Also, if it does add a user with read permissions, you could revert the folder back to its prior state (if that is all that was done) by removing those users with the remove button through the Edit (Permissions) button.

OK. I think I understand. When I double-click (UAC prompts) to get access to WindowsImageBackup, for example, Jim/User is simply being added as read/execute access but the owner stays the same. If I wrestle ownership away from TrustedInstaller, there's no way for me to return the ownership should Jim/user force ownership (properties -> security -> advanced -> owner). However, if I WERE the owner, can't I delete myself from the users lists (primary security panel, click on Delete/Remove)? I'd think NTFS would assign some other SID as the owner as there has to be some owner for each file/folder/drive.

Thanks for the great/info and being the guinea pig on this.

Edit: But wait, if I have "special" permissions, doesn't that give me the right to assign the ownership of said file/folder to any other group/person/SID?

 

[writhziden]

I do not think you can delete them if UAC is turned on. I get an "Acces is Denied" message if I try. I inadvertantly answered your question about a folder going back to its prior state. You can make a folder go back to its prior state of the owner being TrustedInstaller if you have a restore point and revert to that restore point. Otherwise, there is no method I know of to change the owner back to TrustedInstaller.
I accidentally changed winsxs to have my adminstrative user as the owner tonight, and I had to revert to a restore point to undo that change (as I wasn't sure how that would affect any programs or installers that needed that folder to run and were looking for the TrustedInstaller owner).

Edit: Also, if it does add a user with read permissions, you could revert the folder back to its prior state (if that is all that was done) by removing those users with the remove button through the Edit (Permissions) button.

OK. I think I understand. When I double-click (UAC prompts) to get access to WindowsImageBackup, for example, Jim/User is simply being added as read/execute access but the owner stays the same. If I wrestle ownership away from TrustedInstaller, there's no way for me to return the ownership should Jim/user force ownership (properties -> security -> advanced -> owner). However, if I WERE the owner, can't I delete myself from the users lists (primary security panel, click on Delete/Remove)? I'd think NTFS would assign some other SID as the owner as there has to be some owner for each file/folder/drive.

Thanks for the great/info and being the guinea pig on this.

Edit: But wait, if I have "special" permissions, doesn't that give me the right to assign the ownership of said file/folder to any other group/person/SID?

I have deleted myself from the list before, but I was still considered the owner. The owner is the user with permissions to edit who gets control of what, so even deleting the user does not revoke the owner's rights to change permissions. This makes sense because if you deleted the main user from permissions, who would have the ability to edit what permissions other users get?

 

[Corazon]

Also consider that you're not just a user on your own, but part of one or more groups as well - most importantly, the Administrators group. You may have separate access rights for yourself personally and for your groups as a whole - the effective permissions will then be a combination of these.

 

[JimLewandowski]

Also consider that you're not just a user on your own, but part of one or more groups as well - most importantly, the Administrators group. You may have separate access rights for yourself personally and for your groups as a whole - the effective permissions will then be a combination of these.

I just learned a new one this weekend. I did my first "backup" (vs. system image which I've done before). There's a Backup Operators group that I'm now in.

 

[JimLewandowski]

I have deleted myself from the list before, but I was still considered the owner. The owner is the user with permissions to edit who gets control of what, so even deleting the user does not revoke the owner's rights to change permissions. This makes sense because if you deleted the main user from permissions, who would have the ability to edit what permissions other users get?

If you deleted yourself from ACCESS to a file/folder, does that mean you get the security denied popup when you now try to access it? Or since you're the owner, does W7 let you in by default?

 

[writhziden]

If you deleted yourself from ACCESS to a file/folder, does that mean you get the security denied popup when you now try to access it? Or since you're the owner, does W7 let you in by default?

The owner will get an access is denied popup until the owner's username is added to the permissions by the owner.