Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Windows7 ACLs - How do you deal with it?

29 Oct 2010   #1

Windows 7 Pro x64
Windows7 ACLs - How do you deal with it?

Hey everyone.....
I liked what I've seen from this forum so I decided to register and become involved

My issue has to do with folder/file security.

I've been using Win7 x64 for a few weeks now (coming from XP) and I've noticed that all file-level security seems to revolve around a single entity "Authenticated Users" when UAC is turned on. My goal is to make this as easy as possible, but secure; ease of access for admins, but read only access to data files for standard users. I've found this from my observations while running as an admin w/UAC on:

-If folder/file has "authenticated users" ACL as read-only access or removed completely then explorer will no longer prompt for folder/file deletion confirmation when using the right-click menu and send the item directly to the recycle bin. However, it will prompt for administrator permission (not deletion confirmation) when using the delete key! Another however, it will prompt for both deletion confirmation and administrator permission when using the shift+delete key combo.

-I can, of course, add the <created admin username> to the item with full control and be back as usual, but I'm looking for a way to keep my ACLs lean and allow portability from one system to the next (such as the same account not being on that machine and external drives).

What is the best way to secure data without adding the <created admin username> to 1000's of files and folders and without having to give administrator permission every time the admin wants to delete something? Along with keeping "users" as read-only. Should I keep "authenticated users" as modify and just create another group, add user accounts to that, and mark the ACL as deny modify? I see that authenticated users & interactive are now listed in the users group so I can't just deny the users group.

The other issue comes into to play when I run my backup scripts...UAC is killing me!

....I know what I can do, but I'm looking for ideas to see what you've come up with.
I hope that was clear
Thanks for your input!

My System SpecsSystem Spec
29 Oct 2010   #2

Windows 7 Ultimate x64, Mint 9

You should be able to set this in the Group Policy Editor (if you have Professional and up). Not sure how, so you would have to play around with it.

My System SpecsSystem Spec
29 Oct 2010   #3

Windows 7 Pro/32 Academic. Build 7600

Hello, Nucleus7, Welcome to Seven Forums.
To answer your question "How would I deal with it?" I'm the only person that uses my PC but I have two accounts set up. One, is my password protected administrator account, which I keep logged off at all times and rarely use. The other one is my standard user account. This is the one I use all the time. It is not password protected. If anybody wants or needs to use my computer, I activate the built-in Guest account. The guest account is pretty restrictive, as you can't do much with it. Even at that, I've taken away all privileges of the guest account to access the C:\users folder completely. I keep nothing in the public folder.
My System SpecsSystem Spec

03 Nov 2010   #4

Windows 7 Pro x64

Thanks...I guess I just have to clutter up the ACL list.
My System SpecsSystem Spec

 Windows7 ACLs - How do you deal with it?

Thread Tools

Similar help and support threads
Thread Forum
Windows7 32bit OEM Productkey to activate Windows7 retail x64bit
My pc came with preinstalled Windows 7 x32, later I came to know it is an OEM version.. now i want to switch to x64 architecture(same Windows edition), ..can I do a clean install Windows 7 x64 (retail) over my Windows 7 x32bit(OEM)....and use my OEM product key to activate it?
Windows Updates & Activation
Failed install windows7 home to windows7 enterprise
I have an HP Compaq dx2000mt desktop that has windows7 32bit enterprise installed on it. I tried to install windows7 home 32bit to replace the enterprise OS. As I was installing it stated the old OS would be marked, XXX.old and it went forward, then came to a point where there were booting errors....
Installation & Setup
Setting of the ACLs for the root directory of a logical partition
HI I have Windows 7 SP1 and I should only move the users profiles (without the default profile) and the public folder in a NTFS logical partition. I should modify the ACLs of the root directory (\) of the logical partition to still have a coherent and stable system or not? If so, how should...
Installation & Setup
Windows7 64 reading windows7 32 drive?
My new computer arrived today with Windows7 64 installed. (happydance) My old computer has Windows7 32 installed. Before I start attacking both computers, thought I better ask beforehand or the b/f will 'kill' me :rolleyes: Can I remove the hard drive from the old computer, install it as a...
General Discussion
Windows 7 RC corrupting ACLs
I've been using Windows 7 RC 7100 for a few weeks. Today, I was testing sleep mode and manually put the system to S3 sleep. The system tried to enter sleep state and then the whole system hang. I rebooted the PC and found out 4 of my partitions on various disks are inaccessible. Somehow, the...
System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 14:08.
Twitter Facebook