Hi to all,
i had last week many troubles with permissions and windoss managing.
This ought me to recovery my installations with success but real
@***^##angry
My goal was to adjust permissions in my two disks NTFS :

1 C: Windows2000
2 D: XP Home (Even if is not Pro I can manage permissions with cacls)

in a way that W2000 users and powerusers can't access to important files
(even system) in XP.


I supposed that booting Windows 2000 and changing there the permissions in
disk 2 (D) could not interfere with my XP permissions so i changed them
making mistakes (i modified Creator owner and System ) and XP NOT WORKS AT
ALL

Because i had to work a lot to restore the good order i want ask you (if you
know) :

Changing only permissions like: W2000\Users or W2000\PowerusersName in
W2000 could safe unchanged my XP\Permissions or this acts even on XP\USERS
etc..?

Why XP\Users aren't available in W2000 Permission Tab ? This would have
prevented my mistakes.

Have any other idea to manage permissions so to reach the goal ? Or any url
that can help me to understand how?

Thank you for any answer

By To The Next
GroAn

GroAn wrote in :

> Hi to all,
> i had last week many troubles with permissions and windoss
> managing. This ought me to recovery my installations with success
> but real @***^##angry
> My goal was to adjust permissions in my two disks NTFS :
>
> 1 C: Windows2000
> 2 D: XP Home (Even if is not Pro I can manage permissions with
> cacls)
>
> in a way that W2000 users and powerusers can't access to important
> files (even system) in XP.
>
>
> I supposed that booting Windows 2000 and changing there the
> permissions in disk 2 (D) could not interfere with my XP
> permissions so i changed them making mistakes (i modified Creator
> owner and System ) and XP NOT WORKS AT ALL
>
> Because i had to work a lot to restore the good order i want ask
> you (if you know) :
>
> Changing only permissions like: W2000\Users or
> W2000\PowerusersName in W2000 could safe unchanged my
> XP\Permissions or this acts even on XP\USERS etc..?
>
> Why XP\Users aren't available in W2000 Permission Tab ? This
> would have prevented my mistakes.
>
> Have any other idea to manage permissions so to reach the goal ?
> Or any url that can help me to understand how?

The ACLs are stored in the file system, but interpreted/applied in
the OS. Setting a W2K account ACE on file and then looking from XP,
there is no matching account (SID). BUILT-IN Accounts are more
likely transparent. EVERYONE:Deny All will most likely be just as
disastrous if set from either OS.

Never tried what you want, but think it likely to be a lot of work.
Possibly involving Authenticated Users

Hopefully someone has a better answer for you. Like volume locking
utils or encryption.

Thank you David and Mark for your answers,

I don't give up easily, or ...at least i want to understand better how it
works.
Thank you for suggesting encryption may be i'll do, but now i i want to
enlight the problem and i ask you:

> The Windows 2000 installation has no concept of the XP
> installation. It doesn't know who the XP users are, so
> it can't let you give permissions to those users.

OK , I will do no changes before i find a possible way, but may be that's
important:
I noticed that one of the reasons cause i have no available XP/Users (groups
even) in W2000 is
that when i installed i chose a different computer name in the two O.S.
May be that setting permissions like CommonNamePC/Users (Builtin) or
CommonNamePC/Administrator will work in both?

The permissions are stored on the
> files themselves, it's not stored in the OS. Changing
> permissions of a file changes it for all OS's on the
> system.

This sounds me strange.. when i had problems (changed XP permissions) i
tried to recovery XP installation from CD. It as far as i know rewrites my
system folder, but when i restart i was no able to boot it again.
I had to change the permissions to Everyone Full Control to boot and to
restore in default XP permissions.
So it seems to me the permissions are stored in file system (O.S.) nor in
files themselfes. Can you explain me how it works ?

> If they don't have Administrator rights, they just have
> to boot to a repair-type disk and they can have free rein
> on your files there also.
If they can access BIOS or Reset it i know

> With physical access to a computer, anything that is not
> encrypted is easily accessed.

OK, I was thinking only to limit dangers to XP from Web Connected in W2000
(chat, filesharing...)
Of course The best is to set right connections and policies and i do...It's
just a protection more to prevent be ****en ;-)

Thanks,
By To The Next

GroAn


> >-----Original Message-----
> >Hi to all,
> >i had last week many troubles with permissions and
> windoss managing.
> >This ought me to recovery my installations with success
> but real
> >@***^##angry
> >My goal was to adjust permissions in my two disks NTFS :
> >
> >1 C: Windows2000
> >2 D: XP Home (Even if is not Pro I can manage
> permissions with cacls)
> >
> >in a way that W2000 users and powerusers can't access to
> important files
> >(even system) in XP.

No more thoughts ? Thanks anyway.

--
ByToTheNext

GroAn

"GroAn" > ha scritto nel messaggio
...
> Thank you David and Mark for your answers,
>
> I don't give up easily, or ...at least i want to understand better how it
> works.
> Thank you for suggesting encryption may be i'll do, but now i i want to
> enlight the problem and i ask you:
>
> > The Windows 2000 installation has no concept of the XP
> > installation. It doesn't know who the XP users are, so
> > it can't let you give permissions to those users.
>
> OK , I will do no changes before i find a possible way, but may be
that's
> important:
> I noticed that one of the reasons cause i have no available XP/Users
(groups
> even) in W2000 is
> that when i installed i chose a different computer name in the two O.S.
> May be that setting permissions like CommonNamePC/Users (Builtin) or
> CommonNamePC/Administrator will work in both?
>
> The permissions are stored on the
> > files themselves, it's not stored in the OS. Changing
> > permissions of a file changes it for all OS's on the
> > system.
>
> This sounds me strange.. when i had problems (changed XP permissions) i
> tried to recovery XP installation from CD. It as far as i know rewrites my
> system folder, but when i restart i was no able to boot it again.
> I had to change the permissions to Everyone Full Control to boot and to
> restore in default XP permissions.
> So it seems to me the permissions are stored in file system (O.S.) nor in
> files themselfes. Can you explain me how it works ?
>
> > If they don't have Administrator rights, they just have
> > to boot to a repair-type disk and they can have free rein
> > on your files there also.
> If they can access BIOS or Reset it i know
>
> > With physical access to a computer, anything that is not
> > encrypted is easily accessed.
>
> OK, I was thinking only to limit dangers to XP from Web Connected in
W2000
> (chat, filesharing...)
> Of course The best is to set right connections and policies and i
do...It's
> just a protection more to prevent be ****en ;-)
>
> Thanks,
> By To The Next
>
> GroAn
>
>
> > >-----Original Message-----
> > >Hi to all,
> > >i had last week many troubles with permissions and
> > windoss managing.
> > >This ought me to recovery my installations with success
> > but real
> > >@***^##angry
> > >My goal was to adjust permissions in my two disks NTFS :
> > >
> > >1 C: Windows2000
> > >2 D: XP Home (Even if is not Pro I can manage
> > permissions with cacls)
> > >
> > >in a way that W2000 users and powerusers can't access to
> > important files
> > >(even system) in XP.
>
>
>
>