Tech Off Post

Single Post Permalink

View Thread: Can't modify file in system root despite giving My acc/USER group Full access?
  • User profile image
    androidi

    AndyC said:

    The obvious question would be "Why not just write the temp file to the temp directory in the first place?"

     

    Putting that aside for a moment, the default ACLs on C:\ dont allow the creation of files, only folders. So if the file isn't pre-existing it's definitely going to fail without Administrator rights. Assuming you have pre-created the file, dumping the ACLs and posting them here in SDDL will probably mke it easier to figure out what's going on.

     

    It might also depend on how you're manipulating the file, attempting to write to it by recreating it might fall foul of the parent folder's NTFS permissions (though NT does some funky stuff to try to prevent that).

    I don't know what util gives best output, here's the output from AccessChk -v thefile:

     

    High Mandatory Level [No-Write-Up]
      RW TST\MyAccount
            FILE_ALL_ACCESS
      RW BUILTIN\Users
            FILE_ALL_ACCESS
      RW BUILTIN\Administrators
            FILE_ALL_ACCESS
      RW NT AUTHORITY\SYSTEM
            FILE_ALL_ACCESS
      RW NT AUTHORITY\Authenticated Users
            FILE_ADD_FILE
            FILE_ADD_SUBDIRECTORY
            FILE_APPEND_DATA
            FILE_EXECUTE
            FILE_LIST_DIRECTORY
            FILE_READ_ATTRIBUTES
            FILE_READ_DATA
            FILE_READ_EA
            FILE_TRAVERSE
            FILE_WRITE_ATTRIBUTES
            FILE_WRITE_DATA
            FILE_WRITE_EA
            DELETE
            SYNCHRONIZE
            READ_CONTROL