If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Permissions in disarray after clean install
My security permissions appear to be screwed after re-installing Windows XP
Home. In connection with the clean install, I deleted two user accounts for which I manually copied their files to a second hard drive. Now I notice that the owner for many files is "Unknown" or has what I believe is an SID. How do I best clean this up? 1) (a) Is it best to set the owner to "Administrators Group" at a high level on the drive and ensure I select "Replace owner on subcontainers and object" to let the change trickle down? (b) Is this better than assigning the actual original owner which might be a limited user? (c) Is it safe to remove all the Unknown users (i.e. SID) showing in the security permissions? 2) For allowing users access to the second hard drive (D: drive) where I have "My Documents", is it better to provide full control to "Authenticated Users" instead of "Users" Group? Or is there a group that is even more secure? Of course, for each users' "My Documents" folder I will provide access only to each individual user. 3) I notice my external hard drive has the root and the complete drive with full control to "Everybody". Is this insecure or must it be this way on an external drive since it can be hooked up to any computer? Thanks for any help. |
Ads |
#2
|
|||
|
|||
Permissions in disarray after clean install
Replies inline
"Holmes" wrote in message ... My security permissions appear to be screwed after re-installing Windows XP Home. In connection with the clean install, I deleted two user accounts for which I manually copied their files to a second hard drive. Now I notice that the owner for many files is "Unknown" or has what I believe is an SID. How do I best clean this up? A user name is an alias for an SID. Your reinstallation deleted all accounts, but your copy of the files to another disk left them with the SID of a now deleted account Since Windows never reuses an SID, these files have an unknown user. So, what you do is to change the ownership. Refer the the Help & Support discussion on "How to take ownership of files and folders." 1) (a) Is it best to set the owner to "Administrators Group" at a high level on the drive and ensure I select "Replace owner on subcontainers and object" to let the change trickle down? (b) Is this better than assigning the actual original owner which might be a limited user? (c) Is it safe to remove all the Unknown users (i.e. SID) showing in the security permissions? "Adminstrators Group" is not a user name. I would not expect that changing the owner to "Administrators Group" to be successful. I would first add accounts for each of the original users. I would then give ownership of the top level folder to the correct new account. I would give that new account full control. I would give SYSTEM full control (this is Windows, and it needs full control). I would give members of the administrators group full control. 2) For allowing users access to the second hard drive (D: drive) where I have "My Documents", is it better to provide full control to "Authenticated Users" instead of "Users" Group? Or is there a group that is even more secure? Of course, for each users' "My Documents" folder I will provide access only to each individual user. The last choice is more secure. You should realize though that any member of the administrators group can change permissions at any time for any reason. 3) I notice my external hard drive has the root and the complete drive with full control to "Everybody". Is this insecure or must it be this way on an external drive since it can be hooked up to any computer? "Everybody" means all accounts on the system. I would give "Everybody" read access. If you connect the disk to another system, a member of the administrators group can make whatever changes to permissions that are needed. Thanks for any help. Jim |
#3
|
|||
|
|||
Permissions in disarray after clean install
Holmes wrote:
My security permissions appear to be screwed after re-installing Windows XP Home. In connection with the clean install, I deleted two user accounts for which I manually copied their files to a second hard drive. Now I notice that the owner for many files is "Unknown" or has what I believe is an SID. How do I best clean this up? 1) (a) Is it best to set the owner to "Administrators Group" at a high level on the drive and ensure I select "Replace owner on subcontainers and object" to let the change trickle down? (b) Is this better than assigning the actual original owner which might be a limited user? (c) Is it safe to remove all the Unknown users (i.e. SID) showing in the security permissions? 2) For allowing users access to the second hard drive (D: drive) where I have "My Documents", is it better to provide full control to "Authenticated Users" instead of "Users" Group? Or is there a group that is even more secure? Of course, for each users' "My Documents" folder I will provide access only to each individual user. 3) I notice my external hard drive has the root and the complete drive with full control to "Everybody". Is this insecure or must it be this way on an external drive since it can be hooked up to any computer? Move/copy all the files that you put on the secondary drive to a FAT32 formatted system (assuming no files there are more than 4G in size by themselves), format the secindary drive using your fresh install with NTFS to ensure it is clean - move/copy all the files back. No more strange permissions - it just inherits what was on the newly formatted drive. (The FAT32 copy/move eiminates all security information - as FAT32 has no place to store it) As far as 1, 2, 3... 1) a) Depends on your intentions. b) Depends on your intentions. c) Yes. 2) Better? Depends on your intentions. Secure - maybe - although in order to be a user of the computer, you'd have to be authenticated. ;-) As for your 'of course' - that's nto a given - you'd have to set it that way. 3) Insecure - yeah - I suppose. However - your deduction is generally correct - although nothing keeps someone with physical access to any drive formatted with NTFS from taking ownership of all files on it and thus gaining access. -- Shenan Stanley MS-MVP -- How To Ask Questions The Smart Way http://www.catb.org/~esr/faqs/smart-questions.html |
#4
|
|||
|
|||
Permissions in disarray after clean install
Shenan Stanley wrote:
Move/copy all the files that you put on the secondary drive to a FAT32 formatted system (assuming no files there are more than 4G in size by themselves), format the secindary drive using your fresh install with NTFS to ensure it is clean - move/copy all the files back. No more strange permissions - it just inherits what was on the newly formatted drive. (The FAT32 copy/move eiminates all security information - as FAT32 has no place to store it) As far as 1, 2, 3... 1) a) Depends on your intentions. b) Depends on your intentions. c) Yes. 2) Better? Depends on your intentions. Secure - maybe - although in order to be a user of the computer, you'd have to be authenticated. ;-) As for your 'of course' - that's nto a given - you'd have to set it that way. 3) Insecure - yeah - I suppose. However - your deduction is generally correct - although nothing keeps someone with physical access to any drive formatted with NTFS from taking ownership of all files on it and thus gaining access. "secondary" -- Shenan Stanley MS-MVP -- How To Ask Questions The Smart Way http://www.catb.org/~esr/faqs/smart-questions.html |
Thread Tools | |
Display Modes | |
|
|