If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#16
|
|||
|
|||
Adding Other Boot's Computer Name to list of File Security Locations?
John - the way I see it (the OP's problem) is this ;
I am well aware that he does not want to dismiss the current "private" status of the XP folders on a dual-boot system. However, as far as I am aware, making folders "private" does [should] *not* make those XP folders inaccessible to a user on the Win7 OS who is a member of the Administrators group! Members of the Administrators group, on any (previous) NT-based OS, have access across dual-boot systems, to *any* files and folders on drives belonging to their opposing OS. The OP has made sure (partly on my advice) that the folders in question have been granted Administrators-Group full-access while in the XP OS - Then, still cannot access those same folders in an Administrator-level user on the Win7 OS. Can you explain this anomaly, or do you think this is normal? == Cheers, Tim Meddick, Peckham, London. :-) "John John - MVP" wrote in message ... Larry Lindstrom wrote: On 6/8/2010 12:03 PM, Tim Meddick wrote: Security "Groups" aren't assigned SIDs - only "Users" - that's why I stressed adding the "Administrators" Group to the user-list and NOT the (built-in) user named "Administrator" Please note again the difference : Administrators = YES Administrator = NO Thanks Again Tim: Still no luck. You can't have it both ways, Larry, private is private, either the files are private or they are not. There is no "peeking" at private folders and there are no varying levels of privacy, it's all or nothing. From Windows 7 you would need to take ownership of the folder then grant yourself adequate access rights to the objects within. I can only suggest that you use standard NTFS permissions to control access to the files or that you use encryption or a third party solution. Be sure that you understand the risks of file loss if you decide to use NTFS encryption! John |
Ads |
#17
|
|||
|
|||
Adding Other Boot's Computer Name to list of File Security Locations?
John - the way I see it (the OP's problem) is this ;
I am well aware that he does not want to dismiss the current "private" status of the XP folders on a dual-boot system. However, as far as I am aware, making folders "private" does [should] *not* make those XP folders inaccessible to a user on the Win7 OS who is a member of the Administrators group! Members of the Administrators group, on any (previous) NT-based OS, have access across dual-boot systems, to *any* files and folders on drives belonging to their opposing OS. The OP has made sure (partly on my advice) that the folders in question have been granted Administrators-Group full-access while in the XP OS - Then, still cannot access those same folders in an Administrator-level user on the Win7 OS. Can you explain this anomaly, or do you think this is normal? == Cheers, Tim Meddick, Peckham, London. :-) "John John - MVP" wrote in message ... Larry Lindstrom wrote: On 6/8/2010 12:03 PM, Tim Meddick wrote: Security "Groups" aren't assigned SIDs - only "Users" - that's why I stressed adding the "Administrators" Group to the user-list and NOT the (built-in) user named "Administrator" Please note again the difference : Administrators = YES Administrator = NO Thanks Again Tim: Still no luck. You can't have it both ways, Larry, private is private, either the files are private or they are not. There is no "peeking" at private folders and there are no varying levels of privacy, it's all or nothing. From Windows 7 you would need to take ownership of the folder then grant yourself adequate access rights to the objects within. I can only suggest that you use standard NTFS permissions to control access to the files or that you use encryption or a third party solution. Be sure that you understand the risks of file loss if you decide to use NTFS encryption! John |
#18
|
|||
|
|||
Adding Other Boot's Computer Name to list of File Security Locations?
Anyone using M$ Outlook Express as their news reader, will be able to view
any images that you post - be they in-line (as part of the text) or as an attachment - makes no difference. Many others will be able to view any images you include as well. Although, I am obliged to stress that it is strictly *not* what is termed; accepted "netiquette". However, for expediency, if you did make an exception, and post any images, I personally would like to see them (an am able to view them as I use M$-OE)... == Cheers, Tim Meddick, Peckham, London. :-) "Larry Lindstrom" wrote in message ... On 6/8/2010 12:03 PM, Tim Meddick wrote: Security "Groups" aren't assigned SIDs - only "Users" - that's why I stressed adding the "Administrators" Group to the user-list and NOT the (built-in) user named "Administrator" Please note again the difference : Administrators = YES Administrator = NO Thanks Again Tim: Still no luck. I went into the drive's root properties, this is actually drive D:, separate from my C: drive with the system on it. Properties - Security - Add I've tried different combinations for this window's "Object Types", this time I left "Built-in security principals", "Groups" and "Users" all checked. Then I pasted "Administrators" into the "Enter the object names to select" This resulted in the "Group or user names" list adding: Administrators (DRAGON\Administrators) I then shut down XP and booted Win7. The MMC (Microsoft Management Console) was run and "larryl" was added to the "Administrators" group. And still no luck. I have PNG screenshots of all of this. I'm reluctant to post these in a newsgroup like this. But I can post them if you think it would be OK, or I could put them on my web page if you think that might be helpful. I need to spend a day or two on another project. I'll try to keep an eye on this thread, but responses may be a bit slow. Thanks Larry |
#19
|
|||
|
|||
Adding Other Boot's Computer Name to list of File Security Locations?
Anyone using M$ Outlook Express as their news reader, will be able to view
any images that you post - be they in-line (as part of the text) or as an attachment - makes no difference. Many others will be able to view any images you include as well. Although, I am obliged to stress that it is strictly *not* what is termed; accepted "netiquette". However, for expediency, if you did make an exception, and post any images, I personally would like to see them (an am able to view them as I use M$-OE)... == Cheers, Tim Meddick, Peckham, London. :-) "Larry Lindstrom" wrote in message ... On 6/8/2010 12:03 PM, Tim Meddick wrote: Security "Groups" aren't assigned SIDs - only "Users" - that's why I stressed adding the "Administrators" Group to the user-list and NOT the (built-in) user named "Administrator" Please note again the difference : Administrators = YES Administrator = NO Thanks Again Tim: Still no luck. I went into the drive's root properties, this is actually drive D:, separate from my C: drive with the system on it. Properties - Security - Add I've tried different combinations for this window's "Object Types", this time I left "Built-in security principals", "Groups" and "Users" all checked. Then I pasted "Administrators" into the "Enter the object names to select" This resulted in the "Group or user names" list adding: Administrators (DRAGON\Administrators) I then shut down XP and booted Win7. The MMC (Microsoft Management Console) was run and "larryl" was added to the "Administrators" group. And still no luck. I have PNG screenshots of all of this. I'm reluctant to post these in a newsgroup like this. But I can post them if you think it would be OK, or I could put them on my web page if you think that might be helpful. I need to spend a day or two on another project. I'll try to keep an eye on this thread, but responses may be a bit slow. Thanks Larry |
#20
|
|||
|
|||
Adding Other Boot's Computer Name to list of File Security Locations?
No, only the Owner and System have permissions on private folders, they
are off limit for all other users, including Administrators! To access the files you have to seize ownership of the folders under guise of the System account. Also, this "Make this Folder Private" option is only available when Simple File Sharing is turned on, but the folder will remain private as long as it isn't changed again, disabling Simple File Sharing does not change the private status of the folder. If you are using XP Pro disable Simple File Sharing and take a look at and make note of the permissions on one of your folders in your profile directory. Then enable simplified file sharing and make the folder private. Then disable Simple File Sharing again (to access the Security Tab) and take another look at the permissions. To remove the "private" status enable SFS again. You can also use the CACLS command to verify the permissions, for XP Home this is the easiest way, run calcs on the folder then make the folder private and run the cacls command again and compare the results, typically it will be like this: Without Private folder: C:\cacls "C:\Documents and Settings\Jean-Guy" C:\Documents and Settings\Jean-Guy NT AUTHORITY\SYSTEM:F NT AUTHORITY\SYSTEMOI)(CI)(IO)F JGZ-HOME\Jean-Guy:F JGZ-HOME\Jean-GuyOI)(CI)(IO)F BUILTIN\Administrators:F BUILTIN\AdministratorsOI)(CI)(IO)F Private folder enabled: C:\cacls "C:\Documents and Settings\Jean-Guy" C:\Documents and Settings\Jean-Guy NT AUTHORITY\SYSTEM:F NT AUTHORITY\SYSTEMOI)(CI)(IO)F JGZ-HOME\Jean-Guy:F JGZ-HOME\Jean-GuyOI)(CI)(IO)F Larry will have to rely on a different solution to protect his files while making them available on the other Windows installation. See here for more information: http://support.microsoft.com/kb/304040 John Tim Meddick wrote: John - the way I see it (the OP's problem) is this ; I am well aware that he does not want to dismiss the current "private" status of the XP folders on a dual-boot system. However, as far as I am aware, making folders "private" does [should] *not* make those XP folders inaccessible to a user on the Win7 OS who is a member of the Administrators group! Members of the Administrators group, on any (previous) NT-based OS, have access across dual-boot systems, to *any* files and folders on drives belonging to their opposing OS. The OP has made sure (partly on my advice) that the folders in question have been granted Administrators-Group full-access while in the XP OS - Then, still cannot access those same folders in an Administrator-level user on the Win7 OS. Can you explain this anomaly, or do you think this is normal? == Cheers, Tim Meddick, Peckham, London. :-) "John John - MVP" wrote in message ... Larry Lindstrom wrote: On 6/8/2010 12:03 PM, Tim Meddick wrote: Security "Groups" aren't assigned SIDs - only "Users" - that's why I stressed adding the "Administrators" Group to the user-list and NOT the (built-in) user named "Administrator" Please note again the difference : Administrators = YES Administrator = NO Thanks Again Tim: Still no luck. You can't have it both ways, Larry, private is private, either the files are private or they are not. There is no "peeking" at private folders and there are no varying levels of privacy, it's all or nothing. From Windows 7 you would need to take ownership of the folder then grant yourself adequate access rights to the objects within. I can only suggest that you use standard NTFS permissions to control access to the files or that you use encryption or a third party solution. Be sure that you understand the risks of file loss if you decide to use NTFS encryption! John |
#21
|
|||
|
|||
Adding Other Boot's Computer Name to list of File Security Locations?
No, only the Owner and System have permissions on private folders, they are off limit for all other users, including Administrators! To access the files you have to seize ownership of the folders under guise of the System account. Also, this "Make this Folder Private" option is only available when Simple File Sharing is turned on, but the folder will remain private as long as it isn't changed again, disabling Simple File Sharing does not change the private status of the folder. If you are using XP Pro disable Simple File Sharing and take a look at and make note of the permissions on one of your folders in your profile directory. Then enable simplified file sharing and make the folder private. Then disable Simple File Sharing again (to access the Security Tab) and take another look at the permissions. To remove the "private" status enable SFS again. You can also use the CACLS command to verify the permissions, for XP Home this is the easiest way, run calcs on the folder then make the folder private and run the cacls command again and compare the results, typically it will be like this: Without Private folder: C:\cacls "C:\Documents and Settings\Jean-Guy" C:\Documents and Settings\Jean-Guy NT AUTHORITY\SYSTEM:F NT AUTHORITY\SYSTEMOI)(CI)(IO)F JGZ-HOME\Jean-Guy:F JGZ-HOME\Jean-GuyOI)(CI)(IO)F BUILTIN\Administrators:F BUILTIN\AdministratorsOI)(CI)(IO)F Private folder enabled: C:\cacls "C:\Documents and Settings\Jean-Guy" C:\Documents and Settings\Jean-Guy NT AUTHORITY\SYSTEM:F NT AUTHORITY\SYSTEMOI)(CI)(IO)F JGZ-HOME\Jean-Guy:F JGZ-HOME\Jean-GuyOI)(CI)(IO)F Larry will have to rely on a different solution to protect his files while making them available on the other Windows installation. See here for more information: http://support.microsoft.com/kb/304040 John Tim Meddick wrote: John - the way I see it (the OP's problem) is this ; I am well aware that he does not want to dismiss the current "private" status of the XP folders on a dual-boot system. However, as far as I am aware, making folders "private" does [should] *not* make those XP folders inaccessible to a user on the Win7 OS who is a member of the Administrators group! Members of the Administrators group, on any (previous) NT-based OS, have access across dual-boot systems, to *any* files and folders on drives belonging to their opposing OS. The OP has made sure (partly on my advice) that the folders in question have been granted Administrators-Group full-access while in the XP OS - Then, still cannot access those same folders in an Administrator-level user on the Win7 OS. Can you explain this anomaly, or do you think this is normal? == Cheers, Tim Meddick, Peckham, London. :-) "John John - MVP" wrote in message ... Larry Lindstrom wrote: On 6/8/2010 12:03 PM, Tim Meddick wrote: Security "Groups" aren't assigned SIDs - only "Users" - that's why I stressed adding the "Administrators" Group to the user-list and NOT the (built-in) user named "Administrator" Please note again the difference : Administrators = YES Administrator = NO Thanks Again Tim: Still no luck. You can't have it both ways, Larry, private is private, either the files are private or they are not. There is no "peeking" at private folders and there are no varying levels of privacy, it's all or nothing. From Windows 7 you would need to take ownership of the folder then grant yourself adequate access rights to the objects within. I can only suggest that you use standard NTFS permissions to control access to the files or that you use encryption or a third party solution. Be sure that you understand the risks of file loss if you decide to use NTFS encryption! John |
#22
|
|||
|
|||
Adding Other Boot's Computer Name to list of File Security Locations?
John, I keep telling you, the OP has MANUALLY REPLACED the "Administrators"
group in his WinXP installation, and granted it full-access for those "private" folders!! But STILL cannot access them with an user belonging to the "Administrators" group in Win7! == Cheers, Tim Meddick, Peckham, London. :-) "John John - MVP" wrote in message ... No, only the Owner and System have permissions on private folders, |
#23
|
|||
|
|||
Adding Other Boot's Computer Name to list of File Security Locations?
John, I keep telling you, the OP has MANUALLY REPLACED the "Administrators"
group in his WinXP installation, and granted it full-access for those "private" folders!! But STILL cannot access them with an user belonging to the "Administrators" group in Win7! == Cheers, Tim Meddick, Peckham, London. :-) "John John - MVP" wrote in message ... No, only the Owner and System have permissions on private folders, |
#24
|
|||
|
|||
Adding Other Boot's Computer Name to list of File Security Locations?
On 6/9/2010 4:05 PM, Tim Meddick wrote:
John, I keep telling you, the OP has MANUALLY REPLACED the "Administrators" group in his WinXP installation, and granted it full-access for those "private" folders!! But STILL cannot access them with an user belonging to the "Administrators" group in Win7! == Cheers, Tim Meddick, Peckham, London. :-) "John John - MVP" wrote in message ... No, only the Owner and System have permissions on private folders, Thanks Again Tim and John: First, perhaps I have my nomenclature wrong. Is "private" some special flag or designation of a particular kind of file or folder? Other people will occasionally be using this PC. I'd like to have some files that only I can read or modify. I'd like these available only "larryl" on either XP or Win7. This is the meaning I attach to the word "Private". I will be the only administrator of this PC, so allowing only "administrators" access should be safe enough. I'm curious as to why I can't do the same with "larryl" when accompanied with a location that specifies the Win7 boot of this machine. I'll be posting the screen shots in another post. Thanks Larry |
#25
|
|||
|
|||
Adding Other Boot's Computer Name to list of File Security Locations?
On 6/9/2010 4:05 PM, Tim Meddick wrote:
John, I keep telling you, the OP has MANUALLY REPLACED the "Administrators" group in his WinXP installation, and granted it full-access for those "private" folders!! But STILL cannot access them with an user belonging to the "Administrators" group in Win7! == Cheers, Tim Meddick, Peckham, London. :-) "John John - MVP" wrote in message ... No, only the Owner and System have permissions on private folders, Thanks Again Tim and John: First, perhaps I have my nomenclature wrong. Is "private" some special flag or designation of a particular kind of file or folder? Other people will occasionally be using this PC. I'd like to have some files that only I can read or modify. I'd like these available only "larryl" on either XP or Win7. This is the meaning I attach to the word "Private". I will be the only administrator of this PC, so allowing only "administrators" access should be safe enough. I'm curious as to why I can't do the same with "larryl" when accompanied with a location that specifies the Win7 boot of this machine. I'll be posting the screen shots in another post. Thanks Larry |
#26
|
|||
|
|||
Adding Other Boot's Computer Name to list of File Security Locations?
He also needs to replace the inheritance flag on all the files and
folders within the folder hierarchy, he has to propagate and replace permissions entries on all child objects. John Tim Meddick wrote: John, I keep telling you, the OP has MANUALLY REPLACED the "Administrators" group in his WinXP installation, and granted it full-access for those "private" folders!! But STILL cannot access them with an user belonging to the "Administrators" group in Win7! == Cheers, Tim Meddick, Peckham, London. :-) "John John - MVP" wrote in message ... No, only the Owner and System have permissions on private folders, |
#27
|
|||
|
|||
Adding Other Boot's Computer Name to list of File Security Locations?
He also needs to replace the inheritance flag on all the files and folders within the folder hierarchy, he has to propagate and replace permissions entries on all child objects. John Tim Meddick wrote: John, I keep telling you, the OP has MANUALLY REPLACED the "Administrators" group in his WinXP installation, and granted it full-access for those "private" folders!! But STILL cannot access them with an user belonging to the "Administrators" group in Win7! == Cheers, Tim Meddick, Peckham, London. :-) "John John - MVP" wrote in message ... No, only the Owner and System have permissions on private folders, |
#28
|
|||
|
|||
Adding Other Boot's Computer Name to list of File Security Locations?
Agreed...
== Cheers, Tim Meddick, Peckham, London. :-) "John John - MVP" wrote in message ... He also needs to replace the inheritance flag on all the files and folders within the folder hierarchy, he has to propagate and replace permissions entries on all child objects. John clipped |
#29
|
|||
|
|||
Adding Other Boot's Computer Name to list of File Security Locations?
Agreed...
== Cheers, Tim Meddick, Peckham, London. :-) "John John - MVP" wrote in message ... He also needs to replace the inheritance flag on all the files and folders within the folder hierarchy, he has to propagate and replace permissions entries on all child objects. John clipped |
#30
|
|||
|
|||
Adding Other Boot's Computer Name to list of File Security Locations?
The term "Private" is a Windows term - used when creating a new profile (a
new user), you are asked : "Do you want to make your files and folders private?" and if you answer "Yes" to this ; the system automatically re-sets file and folder security permissions to REMOVE the "Administrator's" group access to that user's profile and, ergo, their "My Documents" folder also. That will just leave the "user" and "SYSTEM" as the only users granted access. From what you have been posting, I believe that you have a competent grasp of the security file and folder permissions and how to add / remove users / groups from them. As John has been saying (in this thread), you need to not only add the "Administrator's" group (with full-access granted to it) to the folder that contains all the folders / files you want to be able to access in a Win7 admin-level account, but also, tick the box labelled : "Inherit from parent the permission entries that apply to child objects. Include these with entries explicitly defined here" ....the word "parent" in this instance, refers to the folder you are changing permissions on - i.e. the current folder. *NB Once a folder has the "Administrator's" group added to it's security permissions, and with all the granted access boxes ticked (i.e. full-access granted to it) - then ANY user that is a member of the "Administrator's" group in ANY Windows version, can then have access to it - not only the operating system in which the folder was created / set permissions, but ANY version of Windows that can "see" the drive the folder is on. As you by now may realise; this is NOT so for the user named "Administrator" - as this user, though named "Administrator" , has a unique SID assigned to it - not so with groups. In fact - that IS the reason for "groups" in NTFS file-system security. == Cheers, Tim Meddick, Peckham, London. :-) "Larry Lindstrom" wrote in message ... clipped Thanks Again Tim and John: First, perhaps I have my nomenclature wrong. Is "private" some special flag or designation of a particular kind of file or folder? Other people will occasionally be using this PC. I'd like to have some files that only I can read or modify. I'd like these available only "larryl" on either XP or Win7. This is the meaning I attach to the word "Private". I will be the only administrator of this PC, so allowing only "administrators" access should be safe enough. I'm curious as to why I can't do the same with "larryl" when accompanied with a location that specifies the Win7 boot of this machine. I'll be posting the screen shots in another post. Thanks Larry |
Thread Tools | |
Display Modes | |
|
|