Coffeehouse Thread

6 posts

Forum Read Only

This forum has been made read only by the site admins. No new threads or comments can be added.

NTFS permissions.

Back to Forum: Coffeehouse
  • User profile image
    blowdart

    I'm just copying all my WHS stuff to an external drive, before reformatting and it struck me; the NTFS permissions will be tied to the WHS box, right? So when the box gets reformatted, I probably won't be able to pull everything back again, because the SIDs and UIDs will have changed?

    So how do I manage that? Is removing all permissions and giving all to EVERYONE going to be enough?

  • User profile image
    W3bbo

    blowdart wrote:
    So how do I manage that? Is removing all permissions and giving all to EVERYONE going to be enough?


    Why wouldn't it?

    It's worked for me in the past.

  • User profile image
    blowdart

    W3bbo wrote:
    
    blowdart wrote:
    So how do I manage that? Is removing all permissions and giving all to EVERYONE going to be enough?


    Why wouldn't it?

    It's worked for me in the past.


    I just wondered; I know everyone has a standard, unchanging user ID, but didn't know if NTFS was gonna bugger up because the SID of the machine changed.

  • User profile image
    W3bbo

    blowdart wrote:
    I just wondered; I know everyone has a standard, unchanging user ID, but didn't know if NTFS was gonna bugger up because the SID of the machine changed.


    In my experience, you can access stuff if "Everyone" (who'se SID is the same on all Windows installations) isn't explicitly denied. If it has (like XP's "Private Folders") then the Security pane just shows the list of unrecognised SIDs and prompts you to take ownership and reset them.

    So if you can reset DACLs by simply taking Ownership, it only really provides protection against Users who sass prevents from taking ownership (i.e. non-administrators). Is there any point in setting ACLs on your own computer then?

  • User profile image
    blowdart

    W3bbo wrote:
    
    blowdart wrote:
    I just wondered; I know everyone has a standard, unchanging user ID, but didn't know if NTFS was gonna bugger up because the SID of the machine changed.


    In my experience, you can access stuff if "Everyone" (who'se SID is the same on all Windows installations) isn't explicitly denied. If it has (like XP's "Private Folders") then the Security pane just shows the list of unrecognised SIDs and prompts you to take ownership and reset them.

    So if you can reset DACLs by simply taking Ownership, it only really provides protection against Users who sass prevents from taking ownership (i.e. non-administrators). Is there any point in setting ACLs on your own computer then?


    And of course, as I forgot, Administrator has the same UID on every box anyway, hence giving access to everyone is not needed

  • User profile image
    mig

    blowdart wrote:
    
    W3bbo wrote:
    
    blowdart wrote:
    I just wondered; I know everyone has a standard, unchanging user ID, but didn't know if NTFS was gonna bugger up because the SID of the machine changed.


    In my experience, you can access stuff if "Everyone" (who'se SID is the same on all Windows installations) isn't explicitly denied. If it has (like XP's "Private Folders") then the Security pane just shows the list of unrecognised SIDs and prompts you to take ownership and reset them.

    So if you can reset DACLs by simply taking Ownership, it only really provides protection against Users who sass prevents from taking ownership (i.e. non-administrators). Is there any point in setting ACLs on your own computer then?


    And of course, as I forgot, Administrator has the same UID on every box anyway, hence giving access to everyone is not needed


    I think the idea is to allow access only to users with a high enough privilege to take their own access if it's been denied, as long as the files aren't encrypted via EFS it should work that way. With EFS encrypting the files based on the user's SID. I could be wrong.

Conversation locked

This conversation has been locked by the site admins. No new comments can be made.