by: ,
published: Aug 14, 2012,
updated: Sep 4, 2012, in
This is a complete listing of all Windows 7 file system permissions. The list was generated on a 32-bit installation with SetACL. More default permission listings can be found here.
How to Interpret the List
As mentioned above the list contains only non-inherited permissions. This means that if permission X is set on C:\ and the directory C:\Data is configured to not block inherited permissions, X is valid on C:\Data, too. The permissions of C:\Data will not be included in this listing, though, because that would increase its size by a factor of 100 at least.
If a directory is configured to not inherit permissions from its parent it is marked with “DACL(protected)” or “DACL(pseudo_protected)”. A directory that does inherit from its parent can still add permissions not present in the parent. Those are listed here, of course.
Remarks
I found hundreds of directories where inheritance is blocked but the parent’s permissions are re-set on the child. That is just bad style and should not happen. By enabling inheritance setting identical permissions on a child object becomes unnecessary. In order to keep this list concise, such redundant information was removed. For the same reason, this listing contains only non-inherited permissions.
The computer where I created this listing was a domain member and had a local user account named “Helge”.
Permission Listing
c:\
Owner: TrustedInstaller
DACL(protected+auto_inherited):
Administrators full allow no_inheritance
Administrators full allow container_inherit+object_inherit+inherit_only
SYSTEM full allow no_inheritance
SYSTEM full allow container_inherit+object_inherit+inherit_only
Users read_execute allow container_inherit+object_inherit
Authenticated Users change allow container_inherit+object_inherit+inherit_only
Authenticated Users FILE_ADD_SUBDIRECTORY allow no_inheritance
c:\$Recycle.Bin
Owner: Administrators
DACL(protected+auto_inherited):
Administrators full allow no_inheritance
Administrators full allow container_inherit+object_inherit+inherit_only
SYSTEM full allow no_inheritance
SYSTEM full allow container_inherit+object_inherit+inherit_only
Users read_execute+FILE_ADD_SUBDIRECTORY+FILE_WRITE_ATTRIBUTES allow no_inheritance
c:\$Recycle.Bin\<USER SID>
Owner: <USER>
DACL(protected):
Administrators full allow container_inherit+object_inherit
SYSTEM full allow container_inherit+object_inherit
<USER> full allow container_inherit+object_inherit
c:\Boot
Owner: TrustedInstaller
DACL(protected+auto_inherited):
TrustedInstaller full allow no_inheritance
TrustedInstaller full allow container_inherit+inherit_only
SYSTEM read_execute+write allow no_inheritance
SYSTEM full allow container_inherit+object_inherit+inherit_only
Administrators read_execute+write allow no_inheritance
Administrators full allow container_inherit+object_inherit+inherit_only
Users read_execute allow no_inheritance
Users read_execute allow container_inherit+object_inherit+inherit_only
CREATOR OWNER full allow container_inherit+object_inherit+inherit_only
c:\Documents and Settings
Owner: SYSTEM
DACL(protected+auto_inherited):
Everyone FILE_LIST_DIRECTORY deny no_inheritance
Everyone read_execute allow no_inheritance
SYSTEM full allow no_inheritance
Administrators full allow no_inheritance
c:\Program Files
Owner: TrustedInstaller
DACL(protected+auto_inherited):
TrustedInstaller full allow no_inheritance
TrustedInstaller full allow container_inherit+inherit_only
SYSTEM change allow no_inheritance
SYSTEM full allow container_inherit+object_inherit+inherit_only
Administrators change allow no_inheritance
Administrators full allow container_inherit+object_inherit+inherit_only
Users read_execute allow no_inheritance
Users read_execute allow container_inherit+object_inherit+inherit_only
CREATOR OWNER full allow container_inherit+object_inherit+inherit_only
c:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20
Owner: TrustedInstaller
DACL(protected+auto_inherited):
TrustedInstaller full allow no_inheritance
TrustedInstaller full allow container_inherit+object_inherit+inherit_only
SYSTEM read_execute allow no_inheritance
SYSTEM read_execute allow container_inherit+object_inherit+inherit_only
Administrators read_execute allow no_inheritance
Administrators read_execute allow container_inherit+object_inherit+inherit_only
Users read_execute allow no_inheritance
Users read_execute allow container_inherit+object_inherit+inherit_only
c:\Program Files\Windows Media Player\Icons
Owner: TrustedInstaller
DACL(protected+auto_inherited):
TrustedInstaller full allow no_inheritance
TrustedInstaller full allow container_inherit+object_inherit+inherit_only
SYSTEM read_execute allow no_inheritance
SYSTEM read_execute allow container_inherit+object_inherit+inherit_only
Administrators read_execute allow no_inheritance
Administrators read_execute allow container_inherit+object_inherit+inherit_only
Users read_execute allow no_inheritance
Users read_execute allow container_inherit+object_inherit+inherit_only
c:\Program Files\Windows Media Player\Visualizations
Owner: TrustedInstaller
DACL(protected+auto_inherited):
TrustedInstaller full allow no_inheritance
TrustedInstaller full allow container_inherit+object_inherit+inherit_only
SYSTEM read_execute allow no_inheritance
SYSTEM read_execute allow container_inherit+object_inherit+inherit_only
Administrators full allow no_inheritance
Administrators full allow container_inherit+object_inherit+inherit_only
Users read_execute allow no_inheritance
Users read_execute allow container_inherit+object_inherit+inherit_only
c:\Program Files\Windows Sidebar\Shared Gadgets
Owner: TrustedInstaller
DACL(protected+auto_inherited):
SYSTEM full allow no_inheritance
SYSTEM full allow container_inherit+object_inherit+inherit_only
Administrators full allow no_inheritance
Administrators full allow container_inherit+object_inherit+inherit_only
CREATOR OWNER full allow container_inherit+object_inherit+inherit_only
Users read_execute allow no_inheritance
Users read_execute allow container_inherit+object_inherit+inherit_only
c:\ProgramData
Owner: Administrators
DACL(protected+auto_inherited):
SYSTEM full allow container_inherit+object_inherit
Administrators full allow container_inherit+object_inherit
CREATOR OWNER full allow container_inherit+object_inherit+inherit_only
Users read_execute allow container_inherit+object_inherit
Users write allow container_inherit
c:\ProgramData\Application Data
Owner: SYSTEM
DACL(protected+auto_inherited):
Everyone FILE_LIST_DIRECTORY deny no_inheritance
Everyone read_execute allow no_inheritance
SYSTEM full allow no_inheritance
Administrators full allow no_inheritance
c:\ProgramData\Desktop
Owner: SYSTEM
DACL(protected+auto_inherited):
Everyone FILE_LIST_DIRECTORY deny no_inheritance
Everyone read_execute allow no_inheritance
SYSTEM full allow no_inheritance
Administrators full allow no_inheritance
c:\ProgramData\Documents
Owner: SYSTEM
DACL(protected+auto_inherited):
Everyone FILE_LIST_DIRECTORY deny no_inheritance
Everyone read_execute allow no_inheritance
SYSTEM full allow no_inheritance
Administrators full allow no_inheritance
c:\ProgramData\Favorites
Owner: SYSTEM
DACL(protected+auto_inherited):
Everyone FILE_LIST_DIRECTORY deny no_inheritance
Everyone read_execute allow no_inheritance
SYSTEM full allow no_inheritance
Administrators full allow no_inheritance
c:\ProgramData\Microsoft
Owner: Administrators
DACL(protected+auto_inherited):
SYSTEM full allow container_inherit+object_inherit
Administrators full allow container_inherit+object_inherit
Users read_execute allow container_inherit+object_inherit
Everyone read_execute allow container_inherit+object_inherit
c:\ProgramData\Microsoft\Crypto\DSS\MachineKeys
Owner: Administrators
DACL(protected+auto_inherited):
Everyone write+read allow no_inheritance
Administrators full allow no_inheritance
c:\ProgramData\Microsoft\Crypto\Keys
Owner: Administrators
DACL(protected+auto_inherited):
SYSTEM full allow container_inherit+object_inherit
Administrators full allow container_inherit+object_inherit
Everyone read allow container_inherit+object_inherit
c:\ProgramData\Microsoft\Crypto\RSA\MachineKeys
Owner: Administrators
DACL(protected+auto_inherited):
Everyone write+read allow no_inheritance
Administrators full allow no_inheritance
c:\ProgramData\Microsoft\Device Stage\Device\<GUID>
Owner: TrustedInstaller
DACL(protected+auto_inherited):
TrustedInstaller full allow no_inheritance
TrustedInstaller full allow container_inherit+inherit_only
SYSTEM change allow no_inheritance
SYSTEM full allow container_inherit+object_inherit+inherit_only
Administrators change allow no_inheritance
Administrators full allow container_inherit+object_inherit+inherit_only
Users read_execute allow no_inheritance
Users read_execute allow container_inherit+object_inherit+inherit_only
CREATOR OWNER full allow container_inherit+object_inherit+inherit_only
c:\ProgramData\Microsoft\DeviceSync
Owner: Administrators
DACL(protected+auto_inherited):
Guests full deny no_inheritance
Guests full deny container_inherit+object_inherit+inherit_only
Guest full deny no_inheritance
Guest full deny container_inherit+object_inherit+inherit_only
Everyone read_execute+write+FILE_DELETE_CHILD+WRITE_OWNER+WRITE_DAC allow no_inheritance
Everyone full allow container_inherit+object_inherit+inherit_only
SYSTEM full allow no_inheritance
c:\ProgramData\Microsoft\DRM\Server
Owner: Administrators
DACL(protected+auto_inherited):
SYSTEM full allow container_inherit+object_inherit
Administrators full allow container_inherit+object_inherit
Everyone read+FILE_ADD_SUBDIRECTORY allow container_inherit+object_inherit
c:\ProgramData\Microsoft\eHome
Owner: Administrators
DACL(protected+auto_inherited):
Administrators full allow container_inherit+object_inherit
Authenticated Users change+FILE_DELETE_CHILD allow container_inherit+object_inherit
ehSched change+FILE_DELETE_CHILD allow container_inherit+object_inherit
ehRecvr change+FILE_DELETE_CHILD allow container_inherit+object_inherit
SYSTEM full allow container_inherit
c:\ProgramData\Microsoft\Network\Connections
Owner: Administrators
DACL(protected+auto_inherited):
SYSTEM full allow no_inheritance
SYSTEM full allow container_inherit+object_inherit+inherit_only
Administrators full allow no_inheritance
Administrators full allow container_inherit+object_inherit+inherit_only
Everyone read_execute allow no_inheritance
Everyone read_execute allow container_inherit+object_inherit+inherit_only
Network Configuration Operators read_execute+write allow no_inheritance
Network Configuration Operators read_execute+write allow container_inherit+object_inherit+inherit_only
S-1-5-80-3906544942-1489856346-3706913989-164347954-1900376235 full allow no_inheritance
S-1-5-80-3906544942-1489856346-3706913989-164347954-1900376235 full allow container_inherit+object_inherit+inherit_only
c:\ProgramData\Microsoft\Network\Downloader
Owner: Administrators
DACL(protected+auto_inherited):
SYSTEM full allow no_inheritance
SYSTEM full allow container_inherit+object_inherit+inherit_only
Administrators full allow no_inheritance
Administrators full allow container_inherit+object_inherit+inherit_only
c:\ProgramData\Microsoft\RAC\Outbound
Owner: Administrators
DACL(not_protected+auto_inherited):
LOCAL SERVICE change allow no_inheritance
LOCAL SERVICE change allow container_inherit+object_inherit+inherit_only
c:\ProgramData\Microsoft\RAC\PublishedData
Owner: Administrators
DACL(not_protected+auto_inherited):
SYSTEM full allow no_inheritance
SYSTEM full allow container_inherit+object_inherit+inherit_only
Administrators full allow no_inheritance
Administrators full allow container_inherit+object_inherit+inherit_only
LOCAL SERVICE full allow no_inheritance
LOCAL SERVICE full allow container_inherit+object_inherit+inherit_only
Users full allow no_inheritance
Users full allow container_inherit+object_inherit+inherit_only
c:\ProgramData\Microsoft\RAC\StateData
Owner: Administrators
DACL(not_protected+auto_inherited):
LOCAL SERVICE change allow no_inheritance
LOCAL SERVICE change allow container_inherit+object_inherit+inherit_only
c:\ProgramData\Microsoft\RAC\Temp
Owner: Administrators
DACL(not_protected+auto_inherited):
SYSTEM full allow no_inheritance
SYSTEM full allow container_inherit+object_inherit+inherit_only
Administrators full allow no_inheritance
Administrators full allow container_inherit+object_inherit+inherit_only
LOCAL SERVICE full allow no_inheritance
LOCAL SERVICE full allow container_inherit+object_inherit+inherit_only
Users full allow no_inheritance
Users full allow container_inherit+object_inherit+inherit_only
c:\ProgramData\Microsoft\Search\Data
Owner: SYSTEM
DACL(pseudo_protected):
Administrators full allow object_inherit+inherit_only
Administrators full allow container_inherit
SYSTEM full allow object_inherit+inherit_only
SYSTEM full allow container_inherit
c:\ProgramData\Microsoft\User Account Pictures
Owner: Administrators
DACL(protected+auto_inherited):
SYSTEM full allow container_inherit+object_inherit
Administrators full allow container_inherit+object_inherit
Users read_execute+FILE_ADD_FILE allow container_inherit+object_inherit
Everyone read_execute allow container_inherit+object_inherit
c:\ProgramData\Microsoft\User Account Pictures\Default Pictures
Owner: TrustedInstaller
DACL(protected+auto_inherited):
TrustedInstaller full allow no_inheritance
TrustedInstaller full allow container_inherit+inherit_only
SYSTEM change allow no_inheritance
SYSTEM full allow container_inherit+object_inherit+inherit_only
Administrators change allow no_inheritance
Administrators full allow container_inherit+object_inherit+inherit_only
Users read_execute allow no_inheritance
Users read_execute allow container_inherit+object_inherit+inherit_only
CREATOR OWNER full allow container_inherit+object_inherit+inherit_only
c:\ProgramData\Microsoft\Vault
Owner: Administrators
DACL(protected+auto_inherited):
TrustedInstaller full allow no_inheritance
TrustedInstaller full allow container_inherit+object_inherit+inherit_only
SYSTEM full allow no_inheritance
SYSTEM full allow container_inherit+object_inherit+inherit_only
Administrators full allow no_inheritance
Administrators full allow container_inherit+object_inherit+inherit_only
Users read_execute allow no_inheritance
Users read_execute allow container_inherit+object_inherit+inherit_only
c:\ProgramData\Microsoft\Windows\AIT
Owner: TrustedInstaller
DACL(protected+auto_inherited):
TrustedInstaller full allow no_inheritance
TrustedInstaller full allow container_inherit+inherit_only
SYSTEM change allow no_inheritance
SYSTEM full allow container_inherit+object_inherit+inherit_only
Administrators change allow no_inheritance
Administrators full allow container_inherit+object_inherit+inherit_only
Users read_execute allow no_inheritance
Users read_execute allow container_inherit+object_inherit+inherit_only
CREATOR OWNER full allow container_inherit+object_inherit+inherit_only
c:\ProgramData\Microsoft\Windows\DeviceMetadataStore
Owner: TrustedInstaller
DACL(protected+auto_inherited):
TrustedInstaller full allow no_inheritance
TrustedInstaller full allow container_inherit+inherit_only
SYSTEM change allow no_inheritance
SYSTEM full allow container_inherit+object_inherit+inherit_only
Administrators change allow no_inheritance
Administrators full allow container_inherit+object_inherit+inherit_only
Users read_execute allow no_inheritance
Users read_execute allow container_inherit+object_inherit+inherit_only
CREATOR OWNER full allow container_inherit+object_inherit+inherit_only
c:\ProgramData\Microsoft\Windows\DRM
Owner: SYSTEM
DACL(protected+auto_inherited):
Domain Guests full deny no_inheritance
Domain Guests full deny container_inherit+object_inherit+inherit_only
Guests full deny no_inheritance
Guests full deny container_inherit+object_inherit+inherit_only
Guest full deny no_inheritance
Guest full deny container_inherit+object_inherit+inherit_only
Everyone read_execute+write+FILE_DELETE_CHILD+WRITE_OWNER+WRITE_DAC allow no_inheritance
Everyone full allow container_inherit+object_inherit+inherit_only
SYSTEM full allow no_inheritance
c:\ProgramData\Microsoft\Windows\DRM\Cache
Owner: SYSTEM
DACL(protected+auto_inherited):
Guests full deny no_inheritance
Guests full deny container_inherit+object_inherit+inherit_only
Guest full deny no_inheritance
Guest full deny container_inherit+object_inherit+inherit_only
Everyone read_execute+write+FILE_DELETE_CHILD+WRITE_OWNER+WRITE_DAC allow no_inheritance
Everyone full allow container_inherit+object_inherit+inherit_only
SYSTEM full allow no_inheritance
c:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics
Owner: Administrators
DACL(protected+auto_inherited):
Administrators full allow no_inheritance
Administrators full allow container_inherit+object_inherit+inherit_only
SYSTEM full allow no_inheritance
SYSTEM full allow container_inherit+object_inherit+inherit_only
c:\ProgramData\Microsoft\Windows\Start Menu
Owner: Administrators
DACL(not_protected+auto_inherited):
Helge FILE_DELETE_CHILD+DELETE allow container_inherit+object_inherit+inherit_only
c:\ProgramData\Microsoft\Windows\WER\ReportArchive
Owner: Administrators
DACL(protected+auto_inherited):
Administrators full allow no_inheritance
Administrators full allow container_inherit+object_inherit+inherit_only
SYSTEM full allow no_inheritance
SYSTEM full allow container_inherit+object_inherit+inherit_only
Authenticated Users FILE_LIST_DIRECTORY allow container_inherit
LOCAL SERVICE FILE_LIST_DIRECTORY+FILE_ADD_SUBDIRECTORY allow container_inherit
NETWORK SERVICE FILE_LIST_DIRECTORY+FILE_ADD_SUBDIRECTORY allow container_inherit
SERVICE FILE_LIST_DIRECTORY+FILE_ADD_SUBDIRECTORY allow container_inherit
WRITE RESTRICTED FILE_ADD_SUBDIRECTORY allow container_inherit
c:\ProgramData\Microsoft\Windows\WER\ReportQueue
Owner: Administrators
DACL(protected+auto_inherited):
Administrators full allow no_inheritance
Administrators full allow container_inherit+object_inherit+inherit_only
SYSTEM full allow no_inheritance
SYSTEM full allow container_inherit+object_inherit+inherit_only
Authenticated Users FILE_LIST_DIRECTORY allow container_inherit
LOCAL SERVICE FILE_LIST_DIRECTORY+FILE_ADD_SUBDIRECTORY allow container_inherit
NETWORK SERVICE FILE_LIST_DIRECTORY+FILE_ADD_SUBDIRECTORY allow container_inherit
SERVICE FILE_LIST_DIRECTORY+FILE_ADD_SUBDIRECTORY allow container_inherit
WRITE RESTRICTED FILE_ADD_SUBDIRECTORY allow container_inherit
c:\ProgramData\Microsoft\Windows\WER\ReportQueue\<SUBDIRECTORY>
Owner: SYSTEM
DACL(pseudo_protected):
Administrators full allow container_inherit+object_inherit
SYSTEM read_execute+write allow container_inherit+object_inherit
WRITE RESTRICTED write+READ_CONTROL allow container_inherit+object_inherit
c:\ProgramData\Microsoft\Windows Defender
Owner: SYSTEM
DACL(protected+auto_inherited):
TrustedInstaller full allow no_inheritance
TrustedInstaller full allow container_inherit+object_inherit+inherit_only
SYSTEM full allow no_inheritance
SYSTEM full allow container_inherit+object_inherit+inherit_only
Administrators full allow no_inheritance
Administrators full allow container_inherit+object_inherit+inherit_only
c:\ProgramData\Microsoft\Windows Defender\Definition Updates
Owner: SYSTEM
DACL(protected+auto_inherited):
TrustedInstaller full allow no_inheritance
TrustedInstaller full allow container_inherit+object_inherit+inherit_only
SYSTEM full allow no_inheritance
SYSTEM full allow container_inherit+object_inherit+inherit_only
Administrators full allow no_inheritance
Administrators full allow container_inherit+object_inherit+inherit_only
Users read_execute allow no_inheritance
Users read_execute allow container_inherit+object_inherit+inherit_only
c:\ProgramData\Microsoft\Windows NT\MSFax
Owner: SYSTEM
DACL(protected+auto_inherited):
Administrators full allow container_inherit+object_inherit
Fax full allow container_inherit+object_inherit
c:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages
Owner: SYSTEM
DACL(protected+auto_inherited):
Administrators full allow container_inherit+object_inherit
Everyone read_execute allow container_inherit+object_inherit
c:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\<LANGUAGE CODE>
Owner: TrustedInstaller
DACL(protected+auto_inherited):
TrustedInstaller full allow no_inheritance
TrustedInstaller full allow container_inherit+inherit_only
SYSTEM change allow no_inheritance
SYSTEM full allow container_inherit+object_inherit+inherit_only
Administrators change allow no_inheritance
Administrators full allow container_inherit+object_inherit+inherit_only
Users read_execute allow no_inheritance
Users read_execute allow container_inherit+object_inherit+inherit_only
CREATOR OWNER full allow container_inherit+object_inherit+inherit_only
c:\ProgramData\Microsoft\Windows NT\MSFax\Inbox
Owner: SYSTEM
DACL(protected+auto_inherited):
Administrators full allow container_inherit+object_inherit
Fax full allow container_inherit+object_inherit
c:\ProgramData\Microsoft\Windows NT\MSFax\Queue
Owner: SYSTEM
DACL(protected+auto_inherited):
Administrators full allow container_inherit+object_inherit
Fax full allow container_inherit+object_inherit
c:\ProgramData\Microsoft\Windows NT\MSFax\SentItems
Owner: SYSTEM
DACL(protected+auto_inherited):
Administrators full allow container_inherit+object_inherit
Fax full allow container_inherit+object_inherit
c:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\<LANGUAGE CODE>
Owner: TrustedInstaller
DACL(protected+auto_inherited):
TrustedInstaller full allow no_inheritance
TrustedInstaller full allow container_inherit+inherit_only
SYSTEM change allow no_inheritance
SYSTEM full allow container_inherit+object_inherit+inherit_only
Administrators change allow no_inheritance
Administrators full allow container_inherit+object_inherit+inherit_only
Users read_execute allow no_inheritance
Users read_execute allow container_inherit+object_inherit+inherit_only
CREATOR OWNER full allow container_inherit+object_inherit+inherit_only
c:\ProgramData\Microsoft\Windows NT\MSScan
Owner: TrustedInstaller
DACL(protected+auto_inherited):
TrustedInstaller full allow no_inheritance
TrustedInstaller full allow container_inherit+inherit_only
SYSTEM change allow no_inheritance
SYSTEM full allow container_inherit+object_inherit+inherit_only
Administrators change allow no_inheritance
Administrators full allow container_inherit+object_inherit+inherit_only
Users read_execute allow no_inheritance
Users read_execute allow container_inherit+object_inherit+inherit_only
CREATOR OWNER full allow container_inherit+object_inherit+inherit_only
c:\ProgramData\Microsoft\WwanSvc\Profiles
Owner: SYSTEM
DACL(protected+auto_inherited):
Guests full deny no_inheritance
Guests full deny container_inherit+object_inherit+inherit_only
TrustedInstaller full allow no_inheritance
TrustedInstaller full allow container_inherit+object_inherit+inherit_only
WwanSvc full allow no_inheritance
WwanSvc full allow container_inherit+object_inherit+inherit_only
Administrators read+FILE_ADD_SUBDIRECTORY allow container_inherit+object_inherit
SYSTEM read+FILE_ADD_SUBDIRECTORY allow container_inherit+object_inherit
Everyone read+FILE_ADD_SUBDIRECTORY allow container_inherit+object_inherit
c:\ProgramData\Start Menu
Owner: SYSTEM
DACL(protected+auto_inherited):
Everyone FILE_LIST_DIRECTORY deny no_inheritance
Everyone read_execute allow no_inheritance
SYSTEM full allow no_inheritance
Administrators full allow no_inheritance
c:\ProgramData\Templates
Owner: SYSTEM
DACL(protected+auto_inherited):
Everyone FILE_LIST_DIRECTORY deny no_inheritance
Everyone read_execute allow no_inheritance
SYSTEM full allow no_inheritance
Administrators full allow no_inheritance
c:\Recovery
Owner: SYSTEM
DACL(pseudo_protected):
Administrators full allow container_inherit+object_inherit
c:\System Volume Information
Owner: Administrators
DACL(protected):
SYSTEM full allow container_inherit+object_inherit
c:\System Volume Information\SPP
Owner: Administrators
DACL(protected):
Administrators full allow container_inherit+object_inherit
SYSTEM full allow container_inherit+object_inherit
c:\System Volume Information\SPP\OnlineMetadataCache
Owner: Administrators
DACL(protected):
Administrators full allow container_inherit+object_inherit
SYSTEM full allow container_inherit+object_inherit
c:\Users
Owner: Administrators
DACL(protected+auto_inherited):
SYSTEM full allow container_inherit+object_inherit
Administrators full allow container_inherit+object_inherit
Users read_execute allow no_inheritance
Users read_execute allow container_inherit+object_inherit+inherit_only
Everyone read_execute allow no_inheritance
Everyone read_execute allow container_inherit+object_inherit+inherit_only
c:\Users\All Users
Owner: SYSTEM
DACL(protected+auto_inherited):
Everyone FILE_LIST_DIRECTORY deny no_inheritance
Everyone read_execute allow no_inheritance
SYSTEM full allow no_inheritance
Administrators full allow no_inheritance
c:\Users\Default\AppData\Local\Application Data
Owner: SYSTEM
DACL(not_protected+auto_inherited):
Everyone FILE_LIST_DIRECTORY deny no_inheritance
c:\Users\Default\AppData\Local\History
Owner: SYSTEM
DACL(not_protected+auto_inherited):
Everyone FILE_LIST_DIRECTORY deny no_inheritance
c:\Users\Default\AppData\Local\Temporary Internet Files
Owner: SYSTEM
DACL(not_protected+auto_inherited):
Everyone FILE_LIST_DIRECTORY deny no_inheritance
c:\Users\Default\Application Data
Owner: SYSTEM
DACL(not_protected+auto_inherited):
Everyone FILE_LIST_DIRECTORY deny no_inheritance
c:\Users\Default\Cookies
Owner: SYSTEM
DACL(not_protected+auto_inherited):
Everyone FILE_LIST_DIRECTORY deny no_inheritance
c:\Users\Default\Documents\My Music
Owner: SYSTEM
DACL(not_protected+auto_inherited):
Everyone FILE_LIST_DIRECTORY deny no_inheritance
c:\Users\Default\Documents\My Pictures
Owner: SYSTEM
DACL(not_protected+auto_inherited):
Everyone FILE_LIST_DIRECTORY deny no_inheritance
c:\Users\Default\Documents\My Videos
Owner: SYSTEM
DACL(not_protected+auto_inherited):
Everyone FILE_LIST_DIRECTORY deny no_inheritance
c:\Users\Default\Local Settings
Owner: SYSTEM
DACL(not_protected+auto_inherited):
Everyone FILE_LIST_DIRECTORY deny no_inheritance
c:\Users\Default\My Documents
Owner: SYSTEM
DACL(not_protected+auto_inherited):
Everyone FILE_LIST_DIRECTORY deny no_inheritance
c:\Users\Default\NetHood
Owner: SYSTEM
DACL(not_protected+auto_inherited):
Everyone FILE_LIST_DIRECTORY deny no_inheritance
c:\Users\Default\PrintHood
Owner: SYSTEM
DACL(not_protected+auto_inherited):
Everyone FILE_LIST_DIRECTORY deny no_inheritance
c:\Users\Default\Recent
Owner: SYSTEM
DACL(not_protected+auto_inherited):
Everyone FILE_LIST_DIRECTORY deny no_inheritance
c:\Users\Default\SendTo
Owner: SYSTEM
DACL(not_protected+auto_inherited):
Everyone FILE_LIST_DIRECTORY deny no_inheritance
c:\Users\Default\Start Menu
Owner: SYSTEM
DACL(not_protected+auto_inherited):
Everyone FILE_LIST_DIRECTORY deny no_inheritance
c:\Users\Default\Templates
Owner: SYSTEM
DACL(not_protected+auto_inherited):
Everyone FILE_LIST_DIRECTORY deny no_inheritance
c:\Users\Default User
Owner: SYSTEM
DACL(protected+auto_inherited):
Everyone FILE_LIST_DIRECTORY deny no_inheritance
Everyone read_execute allow no_inheritance
SYSTEM full allow no_inheritance
Administrators full allow no_inheritance
c:\Users\Helge
Owner: SYSTEM
DACL(protected):
SYSTEM full allow container_inherit+object_inherit
Administrators full allow container_inherit+object_inherit
Helge full allow container_inherit+object_inherit
c:\Users\Helge\AppData\Local\Application Data
Owner: SYSTEM
DACL(not_protected+auto_inherited):
Everyone FILE_LIST_DIRECTORY deny no_inheritance
c:\Users\Helge\AppData\Local\History
Owner: SYSTEM
DACL(not_protected+auto_inherited):
Everyone FILE_LIST_DIRECTORY deny no_inheritance
c:\Users\Helge\AppData\Local\Microsoft\Windows\WER\ReportArchive
Owner: Helge
DACL(pseudo_protected):
Administrators full allow container_inherit+object_inherit
Helge full allow container_inherit+object_inherit
c:\Users\Helge\AppData\Local\Temporary Internet Files
Owner: SYSTEM
DACL(not_protected+auto_inherited):
Everyone FILE_LIST_DIRECTORY deny no_inheritance
c:\Users\Helge\Application Data
Owner: SYSTEM
DACL(not_protected+auto_inherited):
Everyone FILE_LIST_DIRECTORY deny no_inheritance
c:\Users\Helge\Cookies
Owner: SYSTEM
DACL(not_protected+auto_inherited):
Everyone FILE_LIST_DIRECTORY deny no_inheritance
c:\Users\Helge\Documents\My Music
Owner: SYSTEM
DACL(not_protected+auto_inherited):
Everyone FILE_LIST_DIRECTORY deny no_inheritance
c:\Users\Helge\Documents\My Pictures
Owner: SYSTEM
DACL(not_protected+auto_inherited):
Everyone FILE_LIST_DIRECTORY deny no_inheritance
c:\Users\Helge\Documents\My Videos
Owner: SYSTEM
DACL(not_protected+auto_inherited):
Everyone FILE_LIST_DIRECTORY deny no_inheritance
c:\Users\Helge\Local Settings
Owner: SYSTEM
DACL(not_protected+auto_inherited):
Everyone FILE_LIST_DIRECTORY deny no_inheritance
c:\Users\Helge\My Documents
Owner: SYSTEM
DACL(not_protected+auto_inherited):
Everyone FILE_LIST_DIRECTORY deny no_inheritance
c:\Users\Helge\NetHood
Owner: SYSTEM
DACL(not_protected+auto_inherited):
Everyone FILE_LIST_DIRECTORY deny no_inheritance
c:\Users\Helge\PrintHood
Owner: SYSTEM
DACL(not_protected+auto_inherited):
Everyone FILE_LIST_DIRECTORY deny no_inheritance
c:\Users\Helge\Recent
Owner: SYSTEM
DACL(not_protected+auto_inherited):
Everyone FILE_LIST_DIRECTORY deny no_inheritance
c:\Users\Helge\SendTo
Owner: SYSTEM
DACL(not_protected+auto_inherited):
Everyone FILE_LIST_DIRECTORY deny no_inheritance
c:\Users\Helge\Start Menu
Owner: SYSTEM
DACL(not_protected+auto_inherited):
Everyone FILE_LIST_DIRECTORY deny no_inheritance
c:\Users\Helge\Templates
Owner: SYSTEM
DACL(not_protected+auto_inherited):
Everyone FILE_LIST_DIRECTORY deny no_inheritance
c:\Users\Public
Owner: Administrators
DACL(protected+auto_inherited):
Administrators full allow container_inherit+object_inherit
CREATOR OWNER full allow container_inherit+object_inherit+inherit_only
SYSTEM full allow container_inherit+object_inherit
INTERACTIVE change+FILE_DELETE_CHILD allow container_inherit+object_inherit+inherit_only
INTERACTIVE read_execute+FILE_ADD_FILE+FILE_ADD_SUBDIRECTORY allow no_inheritance
SERVICE change+FILE_DELETE_CHILD allow container_inherit+object_inherit+inherit_only
SERVICE read_execute+FILE_ADD_FILE+FILE_ADD_SUBDIRECTORY allow no_inheritance
BATCH change+FILE_DELETE_CHILD allow container_inherit+object_inherit+inherit_only
BATCH read_execute+FILE_ADD_FILE+FILE_ADD_SUBDIRECTORY allow no_inheritance
c:\Users\Public\Desktop
Owner: Administrators
DACL(protected+auto_inherited):
Administrators full allow container_inherit+object_inherit
INTERACTIVE read_execute allow container_inherit+object_inherit
SYSTEM full allow container_inherit+object_inherit
Helge FILE_DELETE_CHILD+DELETE allow container_inherit+object_inherit+inherit_only
c:\Users\Public\Documents\My Music
Owner: SYSTEM
DACL(protected+auto_inherited):
Everyone FILE_LIST_DIRECTORY deny no_inheritance
Everyone read_execute allow no_inheritance
SYSTEM full allow no_inheritance
Administrators full allow no_inheritance
c:\Users\Public\Documents\My Pictures
Owner: SYSTEM
DACL(protected+auto_inherited):
Everyone FILE_LIST_DIRECTORY deny no_inheritance
Everyone read_execute allow no_inheritance
SYSTEM full allow no_inheritance
Administrators full allow no_inheritance
c:\Users\Public\Documents\My Videos
Owner: SYSTEM
DACL(protected+auto_inherited):
Everyone FILE_LIST_DIRECTORY deny no_inheritance
Everyone read_execute allow no_inheritance
SYSTEM full allow no_inheritance
Administrators full allow no_inheritance
c:\Users\Public\Recorded TV
Owner: Administrators
DACL(not_protected+auto_inherited):
ehSched change+FILE_DELETE_CHILD allow container_inherit+object_inherit
ehRecvr change+FILE_DELETE_CHILD allow container_inherit+object_inherit
c:\Windows
Owner: TrustedInstaller
DACL(protected+auto_inherited):
TrustedInstaller full allow no_inheritance
TrustedInstaller full allow container_inherit+inherit_only
SYSTEM change allow no_inheritance
SYSTEM full allow container_inherit+object_inherit+inherit_only
Administrators change allow no_inheritance
Administrators full allow container_inherit+object_inherit+inherit_only
Users read_execute allow no_inheritance
Users read_execute allow container_inherit+object_inherit+inherit_only
CREATOR OWNER full allow container_inherit+object_inherit+inherit_only
c:\Windows\AppCompat\Programs
Owner: Administrators
DACL(protected+auto_inherited):
Administrators full allow container_inherit+object_inherit
SYSTEM full allow container_inherit+object_inherit
Users FILE_TRAVERSE+READ_CONTROL allow container_inherit+object_inherit
TrustedInstaller full allow container_inherit+object_inherit
c:\Windows\AppPatch\Custom
Owner: TrustedInstaller
DACL(protected+auto_inherited):
TrustedInstaller full allow no_inheritance
TrustedInstaller full allow container_inherit+inherit_only
SYSTEM change allow no_inheritance
SYSTEM full allow container_inherit+object_inherit+inherit_only
Administrators change allow no_inheritance
Administrators full allow container_inherit+object_inherit+inherit_only
Users read_execute allow no_inheritance
Users read_execute allow container_inherit+object_inherit+inherit_only
CREATOR OWNER full allow container_inherit+inherit_only
c:\Windows\Boot
Owner: TrustedInstaller
DACL(protected+auto_inherited):
TrustedInstaller full allow no_inheritance
TrustedInstaller full allow container_inherit+object_inherit+inherit_only
SYSTEM read_execute allow no_inheritance
SYSTEM read_execute allow container_inherit+object_inherit+inherit_only
Administrators read_execute allow no_inheritance
Administrators read_execute allow container_inherit+object_inherit+inherit_only
Users read_execute allow no_inheritance
Users read_execute allow container_inherit+object_inherit+inherit_only
c:\Windows\CSC\v2.0.6
Owner: Administrators
DACL(pseudo_protected):
SYSTEM full allow no_inheritance
c:\Windows\CSC\v2.0.6\namespace
Owner: SYSTEM
DACL(not_protected):
SYSTEM full allow no_inheritance
c:\Windows\CSC\v2.0.6\temp
Owner: SYSTEM
DACL(not_protected):
SYSTEM full allow no_inheritance
c:\Windows\debug\WIA
Owner: SYSTEM
DACL(pseudo_protected):
SYSTEM full allow container_inherit+object_inherit
Administrators full allow container_inherit+object_inherit
LOCAL SERVICE change+FILE_DELETE_CHILD allow container_inherit+object_inherit
Authenticated Users change+FILE_DELETE_CHILD allow container_inherit+object_inherit
c:\Windows\diagnostics
Owner: TrustedInstaller
DACL(protected+auto_inherited):
TrustedInstaller full allow no_inheritance
TrustedInstaller full allow container_inherit+object_inherit+inherit_only
SYSTEM read_execute allow no_inheritance
SYSTEM read_execute allow container_inherit+object_inherit+inherit_only
Administrators read_execute allow no_inheritance
Administrators read_execute allow container_inherit+object_inherit+inherit_only
Users read_execute allow no_inheritance
Users read_execute allow container_inherit+object_inherit+inherit_only
c:\Windows\Help\Corporate
Owner: Administrators
DACL(protected+auto_inherited):
Users read_execute allow no_inheritance
Users read_execute allow container_inherit+object_inherit+inherit_only
Administrators full allow no_inheritance
Administrators full allow container_inherit+object_inherit+inherit_only
SYSTEM full allow no_inheritance
SYSTEM full allow container_inherit+object_inherit+inherit_only
Administrators full allow no_inheritance
CREATOR OWNER full allow container_inherit+object_inherit+inherit_only
c:\Windows\Help\OEM
Owner: Administrators
DACL(protected+auto_inherited):
Users read_execute allow no_inheritance
Users read_execute allow container_inherit+object_inherit+inherit_only
Administrators full allow no_inheritance
Administrators full allow container_inherit+object_inherit+inherit_only
SYSTEM full allow no_inheritance
SYSTEM full allow container_inherit+object_inherit+inherit_only
Administrators full allow no_inheritance
CREATOR OWNER full allow container_inherit+object_inherit+inherit_only
c:\Windows\inf\TAPISRV\<LANGUAGE CODE>
Owner: TrustedInstaller
DACL(protected+auto_inherited):
TrustedInstaller full allow no_inheritance
TrustedInstaller full allow container_inherit+object_inherit+inherit_only
SYSTEM read_execute allow no_inheritance
SYSTEM read_execute allow container_inherit+object_inherit+inherit_only
Administrators read_execute allow no_inheritance
Administrators read_execute allow container_inherit+object_inherit+inherit_only
Users read_execute allow no_inheritance
Users read_execute allow container_inherit+object_inherit+inherit_only
c:\Windows\Installer
Owner: Administrators
DACL(pseudo_protected):
SYSTEM full allow container_inherit+object_inherit
Everyone read_execute allow container_inherit+object_inherit
Administrators full allow container_inherit+object_inherit
c:\Windows\LiveKernelReports
Owner: Administrators
DACL(protected+auto_inherited):
Administrators full allow no_inheritance
Administrators full allow container_inherit+object_inherit+inherit_only
SYSTEM full allow no_inheritance
SYSTEM full allow container_inherit+object_inherit+inherit_only
c:\Windows\Logs\HomeGroup
Owner: HomeGroupProvider
DACL(protected+auto_inherited):
HomeGroupProvider full allow container_inherit+object_inherit
SYSTEM full allow container_inherit+object_inherit
Administrators full allow container_inherit+object_inherit
c:\Windows\Logs\SystemRestore
Owner: Administrators
DACL(protected):
Administrators full allow container_inherit+object_inherit
SYSTEM full allow container_inherit+object_inherit
c:\Windows\ModemLogs
Owner: Administrators
DACL(protected+auto_inherited):
NETWORK SERVICE write+read+DELETE allow no_inheritance
NETWORK SERVICE write+read+DELETE allow container_inherit+object_inherit+inherit_only
SYSTEM full allow no_inheritance
SYSTEM full allow container_inherit+object_inherit+inherit_only
Administrators full allow no_inheritance
Administrators full allow container_inherit+object_inherit+inherit_only
c:\Windows\PLA\Reports
Owner: TrustedInstaller
DACL(protected+auto_inherited):
TrustedInstaller full allow no_inheritance
TrustedInstaller full allow container_inherit+inherit_only
SYSTEM change allow no_inheritance
SYSTEM full allow container_inherit+object_inherit+inherit_only
Administrators change allow no_inheritance
Administrators full allow container_inherit+object_inherit+inherit_only
CREATOR OWNER full allow container_inherit+object_inherit+inherit_only
Performance Log Users read_execute+FILE_ADD_FILE allow container_inherit+object_inherit
c:\Windows\PLA\Rules
Owner: TrustedInstaller
DACL(protected+auto_inherited):
TrustedInstaller full allow no_inheritance
TrustedInstaller full allow container_inherit+inherit_only
SYSTEM change allow no_inheritance
SYSTEM full allow container_inherit+object_inherit+inherit_only
Administrators change allow no_inheritance
Administrators full allow container_inherit+object_inherit+inherit_only
CREATOR OWNER full allow container_inherit+object_inherit+inherit_only
Performance Log Users read_execute+FILE_ADD_FILE allow container_inherit+object_inherit
c:\Windows\PLA\System
Owner: Administrators
DACL(not_protected+auto_inherited):
SYSTEM full allow container_inherit+object_inherit
Administrators full allow container_inherit+object_inherit
pla change+FILE_DELETE_CHILD allow container_inherit+object_inherit+inherit_only
c:\Windows\PLA\Templates
Owner: TrustedInstaller
DACL(protected+auto_inherited):
TrustedInstaller full allow no_inheritance
TrustedInstaller full allow container_inherit+inherit_only
SYSTEM change allow no_inheritance
SYSTEM full allow container_inherit+object_inherit+inherit_only
Administrators change allow no_inheritance
Administrators full allow container_inherit+object_inherit+inherit_only
CREATOR OWNER full allow container_inherit+object_inherit+inherit_only
Performance Log Users read_execute+FILE_ADD_FILE allow container_inherit+object_inherit
c:\Windows\Prefetch
Owner: Administrators
DACL(protected+auto_inherited):
Administrators full allow no_inheritance
Administrators full allow container_inherit+object_inherit+inherit_only
c:\Windows\Registration
Owner: Administrators
DACL(protected+auto_inherited):
Administrators full allow object_inherit
Everyone read_execute allow object_inherit
SYSTEM full allow object_inherit
c:\Windows\Registration\CRMLog
Owner: Administrators
DACL(protected+auto_inherited):
Administrators write+read+FILE_DELETE_CHILD+WRITE_OWNER+WRITE_DAC+DELETE allow container_inherit+object_inherit
SYSTEM write+read+FILE_DELETE_CHILD+WRITE_OWNER+WRITE_DAC+DELETE allow container_inherit+object_inherit
Users read+FILE_ADD_FILE allow no_inheritance
Users write+read+DELETE allow object_inherit+inherit_only
c:\Windows\RemotePackages
Owner: Administrators
DACL(not_protected+auto_inherited):
SYSTEM full allow container_inherit+inherit_only
Administrators full allow container_inherit+inherit_only
Authenticated Users read_execute allow no_inheritance
Authenticated Users read_execute allow container_inherit+object_inherit+inherit_only
c:\Windows\rescache
Owner: TrustedInstaller
DACL(protected+auto_inherited):
TrustedInstaller full allow no_inheritance
TrustedInstaller full allow container_inherit+object_inherit+inherit_only
SYSTEM read_execute allow no_inheritance
SYSTEM read_execute allow container_inherit+object_inherit+inherit_only
Administrators read_execute allow no_inheritance
Administrators read_execute allow container_inherit+object_inherit+inherit_only
Users read_execute allow no_inheritance
Users read_execute allow container_inherit+object_inherit+inherit_only
c:\Windows\schemas\EAPHost
Owner: TrustedInstaller
DACL(protected+auto_inherited):
TrustedInstaller full allow no_inheritance
TrustedInstaller full allow container_inherit+object_inherit+inherit_only
SYSTEM read_execute allow no_inheritance
SYSTEM read_execute allow container_inherit+object_inherit+inherit_only
Administrators read_execute allow no_inheritance
Administrators read_execute allow container_inherit+object_inherit+inherit_only
Users read_execute allow no_inheritance
Users read_execute allow container_inherit+object_inherit+inherit_only
c:\Windows\schemas\EAPMethods
Owner: TrustedInstaller
DACL(protected+auto_inherited):
TrustedInstaller full allow no_inheritance
TrustedInstaller full allow container_inherit+object_inherit+inherit_only
SYSTEM read_execute allow no_inheritance
SYSTEM read_execute allow container_inherit+object_inherit+inherit_only
Administrators read_execute allow no_inheritance
Administrators read_execute allow container_inherit+object_inherit+inherit_only
Users read_execute allow no_inheritance
Users read_execute allow container_inherit+object_inherit+inherit_only
c:\Windows\schemas\TSWorkSpace
Owner: TrustedInstaller
DACL(protected+auto_inherited):
TrustedInstaller full allow no_inheritance
TrustedInstaller full allow container_inherit+object_inherit+inherit_only
SYSTEM read_execute allow no_inheritance
SYSTEM read_execute allow container_inherit+object_inherit+inherit_only
Administrators read_execute allow no_inheritance
Administrators read_execute allow container_inherit+object_inherit+inherit_only
Users read_execute allow no_inheritance
Users read_execute allow container_inherit+object_inherit+inherit_only
c:\Windows\security\audit
Owner: Administrators
DACL(protected+auto_inherited):
Administrators full allow container_inherit+object_inherit
SYSTEM full allow container_inherit+object_inherit
c:\Windows\ServiceProfiles\LocalService
Owner: Administrators
DACL(protected+auto_inherited):
SYSTEM full allow container_inherit+object_inherit
Administrators full allow container_inherit+object_inherit
LOCAL SERVICE full allow container_inherit+object_inherit
c:\Windows\ServiceProfiles\NetworkService
Owner: Administrators
DACL(protected+auto_inherited):
SYSTEM full allow container_inherit+object_inherit
Administrators full allow container_inherit+object_inherit
NETWORK SERVICE full allow container_inherit+object_inherit
c:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\Icon Files
Owner: NETWORK SERVICE
DACL(not_protected+auto_inherited):
INTERACTIVE read allow container_inherit+object_inherit
c:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\SCPD
Owner: NETWORK SERVICE
DACL(not_protected+auto_inherited):
LOCAL SERVICE read allow container_inherit+object_inherit
c:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache
Owner: NETWORK SERVICE
DACL(protected+auto_inherited):
SYSTEM full allow container_inherit+object_inherit
Administrators full allow container_inherit+object_inherit
sppsvc write+read+DELETE allow container_inherit+object_inherit
Everyone read allow container_inherit+object_inherit
c:\Windows\servicing
Owner: TrustedInstaller
DACL(protected+auto_inherited):
TrustedInstaller full allow no_inheritance
TrustedInstaller full allow container_inherit+object_inherit+inherit_only
SYSTEM read_execute allow no_inheritance
SYSTEM read_execute allow container_inherit+object_inherit+inherit_only
Administrators read_execute allow no_inheritance
Administrators read_execute allow container_inherit+object_inherit+inherit_only
Users read_execute allow no_inheritance
Users read_execute allow container_inherit+object_inherit+inherit_only
c:\Windows\servicing\Editions
Owner: TrustedInstaller
DACL(protected+auto_inherited):
TrustedInstaller full allow no_inheritance
TrustedInstaller full allow container_inherit+inherit_only
SYSTEM change allow no_inheritance
SYSTEM full allow container_inherit+object_inherit+inherit_only
Administrators change allow no_inheritance
Administrators full allow container_inherit+object_inherit+inherit_only
Users read_execute allow no_inheritance
Users read_execute allow container_inherit+object_inherit+inherit_only
CREATOR OWNER full allow container_inherit+object_inherit+inherit_only
c:\Windows\Speech\Common
Owner: TrustedInstaller
DACL(protected+auto_inherited):
TrustedInstaller full allow no_inheritance
TrustedInstaller full allow container_inherit+object_inherit+inherit_only
SYSTEM read_execute allow no_inheritance
SYSTEM read_execute allow container_inherit+object_inherit+inherit_only
Administrators read_execute allow no_inheritance
Administrators read_execute allow container_inherit+object_inherit+inherit_only
Users read_execute allow no_inheritance
Users read_execute allow container_inherit+object_inherit+inherit_only
c:\Windows\Speech\Engines\Lexicon\<LANGUAGE CODE>
Owner: TrustedInstaller
DACL(protected+auto_inherited):
TrustedInstaller full allow no_inheritance
TrustedInstaller full allow container_inherit+object_inherit+inherit_only
SYSTEM read_execute allow no_inheritance
SYSTEM read_execute allow container_inherit+object_inherit+inherit_only
Administrators read_execute allow no_inheritance
Administrators read_execute allow container_inherit+object_inherit+inherit_only
Users read_execute allow no_inheritance
Users read_execute allow container_inherit+object_inherit+inherit_only
c:\Windows\Speech\Engines\SR\<LANGUAGE CODE>
Owner: TrustedInstaller
DACL(protected+auto_inherited):
TrustedInstaller full allow no_inheritance
TrustedInstaller full allow container_inherit+object_inherit+inherit_only
SYSTEM read_execute allow no_inheritance
SYSTEM read_execute allow container_inherit+object_inherit+inherit_only
Administrators read_execute allow no_inheritance
Administrators read_execute allow container_inherit+object_inherit+inherit_only
Users read_execute allow no_inheritance
Users read_execute allow container_inherit+object_inherit+inherit_only
c:\Windows\System32\AdvancedInstallers
Owner: TrustedInstaller
DACL(protected+auto_inherited):
TrustedInstaller full allow no_inheritance
TrustedInstaller full allow container_inherit+object_inherit+inherit_only
SYSTEM read_execute allow no_inheritance
SYSTEM read_execute allow container_inherit+object_inherit+inherit_only
Administrators read_execute allow no_inheritance
Administrators read_execute allow container_inherit+object_inherit+inherit_only
Users read_execute allow no_inheritance
Users read_execute allow container_inherit+object_inherit+inherit_only
c:\Windows\System32\appmgmt
Owner: SYSTEM
DACL(pseudo_protected):
SYSTEM full allow container_inherit+object_inherit
Administrators full allow container_inherit+object_inherit
Everyone read_execute allow no_inheritance
c:\Windows\System32\appmgmt\S-1-5-18
Owner: SYSTEM
DACL(not_protected):
SYSTEM read_execute allow container_inherit+object_inherit
c:\Windows\System32\Boot
Owner: TrustedInstaller
DACL(protected+auto_inherited):
TrustedInstaller full allow no_inheritance
TrustedInstaller full allow container_inherit+object_inherit+inherit_only
SYSTEM read_execute allow no_inheritance
SYSTEM read_execute allow container_inherit+object_inherit+inherit_only
Administrators read_execute allow no_inheritance
Administrators read_execute allow container_inherit+object_inherit+inherit_only
Users read_execute allow no_inheritance
Users read_execute allow container_inherit+object_inherit+inherit_only
c:\Windows\System32\catroot
Owner: Administrators
DACL(not_protected+auto_inherited):
CryptSvc full allow no_inheritance
CryptSvc full allow container_inherit+object_inherit+inherit_only
c:\Windows\System32\catroot2
Owner: Administrators
DACL(not_protected+auto_inherited):
CryptSvc full allow no_inheritance
CryptSvc full allow container_inherit+object_inherit+inherit_only
c:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}
Owner: NETWORK SERVICE
DACL(not_protected+auto_inherited):
CryptSvc full allow container_inherit+object_inherit
Users read_execute allow container_inherit+object_inherit
Authenticated Users change allow no_inheritance
c:\Windows\System32\com\dmp
Owner: Administrators
DACL(protected+auto_inherited):
Administrators write+read+FILE_DELETE_CHILD+WRITE_OWNER+WRITE_DAC+DELETE allow container_inherit+object_inherit
CREATOR OWNER write+read+FILE_DELETE_CHILD+WRITE_OWNER+WRITE_DAC+DELETE allow container_inherit+object_inherit+inherit_only
SYSTEM write+read+FILE_DELETE_CHILD+WRITE_OWNER+WRITE_DAC+DELETE allow container_inherit+object_inherit
Users FILE_ADD_FILE+FILE_ADD_SUBDIRECTORY allow container_inherit
c:\Windows\System32\config
Owner: Administrators
DACL(protected+auto_inherited):
TrustedInstaller full allow container_inherit
SYSTEM full allow container_inherit+object_inherit
Administrators full allow container_inherit+object_inherit
CREATOR OWNER full allow container_inherit+object_inherit+inherit_only
c:\Windows\System32\config\systemprofile
Owner: Administrators
DACL(protected+auto_inherited):
SYSTEM full allow container_inherit+object_inherit
Administrators full allow container_inherit+object_inherit
c:\Windows\System32\<LANGUAGE CODE>\Licenses
Owner: TrustedInstaller
DACL(protected+auto_inherited):
TrustedInstaller full allow no_inheritance
TrustedInstaller full allow container_inherit+object_inherit+inherit_only
SYSTEM read_execute allow no_inheritance
SYSTEM read_execute allow container_inherit+object_inherit+inherit_only
Administrators read_execute allow no_inheritance
Administrators read_execute allow container_inherit+object_inherit+inherit_only
Users read_execute allow no_inheritance
Users read_execute allow container_inherit+object_inherit+inherit_only
c:\Windows\System32\DriverStore
Owner: SYSTEM
DACL(protected+auto_inherited):
SYSTEM full allow no_inheritance
SYSTEM full allow container_inherit+object_inherit+inherit_only
Everyone read_execute allow no_inheritance
Everyone read_execute allow container_inherit+object_inherit+inherit_only
c:\Windows\System32\FxsTmp
Owner: SYSTEM
DACL(protected+auto_inherited):
Users FILE_TRAVERSE deny container_inherit+object_inherit+inherit_only
Users FILE_LIST_DIRECTORY+FILE_ADD_FILE allow no_inheritance
Administrators full allow container_inherit+object_inherit
SYSTEM full allow container_inherit+object_inherit
CREATOR OWNER full allow container_inherit+object_inherit+inherit_only
c:\Windows\System32\GroupPolicy
Owner: Administrators
DACL(protected+auto_inherited):
Authenticated Users read_execute allow no_inheritance
Authenticated Users read_execute allow container_inherit+object_inherit+inherit_only
Administrators full allow no_inheritance
Administrators full allow container_inherit+object_inherit+inherit_only
SYSTEM full allow no_inheritance
SYSTEM full allow container_inherit+object_inherit+inherit_only
c:\Windows\System32\GroupPolicyUsers
Owner: Administrators
DACL(protected+auto_inherited):
Authenticated Users read_execute allow no_inheritance
Authenticated Users read_execute allow container_inherit+object_inherit+inherit_only
Administrators full allow no_inheritance
Administrators full allow container_inherit+object_inherit+inherit_only
SYSTEM full allow no_inheritance
SYSTEM full allow container_inherit+object_inherit+inherit_only
c:\Windows\System32\ias
Owner: Administrators
DACL(protected+auto_inherited):
Administrators full allow no_inheritance
Administrators full allow container_inherit+object_inherit+inherit_only
NETWORK SERVICE read_execute+write allow no_inheritance
NETWORK SERVICE read_execute+write allow container_inherit+object_inherit+inherit_only
SYSTEM full allow no_inheritance
SYSTEM full allow container_inherit+object_inherit+inherit_only
TrustedInstaller full allow no_inheritance
TrustedInstaller full allow container_inherit+object_inherit+inherit_only
c:\Windows\System32\icsxml
Owner: TrustedInstaller
DACL(protected+auto_inherited):
TrustedInstaller full allow no_inheritance
TrustedInstaller full allow container_inherit+object_inherit+inherit_only
SYSTEM read_execute allow no_inheritance
SYSTEM read_execute allow container_inherit+object_inherit+inherit_only
Administrators read_execute allow no_inheritance
Administrators read_execute allow container_inherit+object_inherit+inherit_only
Users read_execute allow no_inheritance
Users read_execute allow container_inherit+object_inherit+inherit_only
c:\Windows\System32\LogFiles\Fax\Incoming
Owner: SYSTEM
DACL(protected+auto_inherited):
Administrators full allow container_inherit+object_inherit
Fax full allow container_inherit+object_inherit
c:\Windows\System32\LogFiles\Fax\Outgoing
Owner: SYSTEM
DACL(protected+auto_inherited):
Administrators full allow container_inherit+object_inherit
Fax full allow container_inherit+object_inherit
c:\Windows\System32\LogFiles\Firewall
Owner: Administrators
DACL(protected+auto_inherited):
MpsSvc full allow object_inherit
SYSTEM full allow object_inherit
Administrators full allow object_inherit
c:\Windows\System32\LogFiles\WMI
Owner: Administrators
DACL(protected+auto_inherited):
SYSTEM full allow container_inherit+object_inherit
LOCAL SERVICE full allow container_inherit+object_inherit
NETWORK SERVICE full allow container_inherit+object_inherit
Administrators full allow container_inherit+object_inherit
Performance Log Users full allow container_inherit+object_inherit
c:\Windows\System32\LogFiles\WMI\RtBackup
Owner: Administrators
DACL(protected+auto_inherited):
SYSTEM full allow container_inherit+object_inherit
c:\Windows\System32\LogFiles\WUDF
Owner: Administrators
DACL(not_protected+auto_inherited):
wudfsvc write+read allow container_inherit+object_inherit
LOCAL SERVICE FILE_ADD_FILE+READ_CONTROL allow container_inherit+object_inherit
SYSTEM full allow container_inherit+object_inherit
Administrators full allow container_inherit+object_inherit
c:\Windows\System32\Msdtc
Owner: TrustedInstaller
DACL(protected+auto_inherited):
TrustedInstaller full allow no_inheritance
TrustedInstaller full allow container_inherit+inherit_only
SYSTEM change allow no_inheritance
SYSTEM full allow container_inherit+object_inherit+inherit_only
Administrators change allow no_inheritance
Administrators full allow container_inherit+object_inherit+inherit_only
MSDTC read_execute+write allow no_inheritance
MSDTC full allow container_inherit+object_inherit+inherit_only
KtmRm read_execute+write allow no_inheritance
KtmRm full allow container_inherit+object_inherit+inherit_only
CREATOR OWNER full allow container_inherit+object_inherit+inherit_only
c:\Windows\System32\Msdtc\Trace
Owner: TrustedInstaller
DACL(protected+auto_inherited):
TrustedInstaller full allow no_inheritance
TrustedInstaller full allow container_inherit+inherit_only
SYSTEM change+WRITE_DAC allow no_inheritance
SYSTEM full allow container_inherit+object_inherit+inherit_only
Administrators change allow no_inheritance
Administrators full allow container_inherit+object_inherit+inherit_only
MSDTC read_execute+write allow no_inheritance
MSDTC full allow container_inherit+object_inherit+inherit_only
KtmRm read_execute+write allow no_inheritance
KtmRm full allow container_inherit+object_inherit+inherit_only
CREATOR OWNER full allow container_inherit+object_inherit+inherit_only
c:\Windows\System32\NDF
Owner: Administrators
DACL(not_protected+auto_inherited):
WdiServiceHost full allow no_inheritance
WdiServiceHost full allow container_inherit+object_inherit+inherit_only
c:\Windows\System32\NetworkList
Owner: Administrators
DACL(protected+auto_inherited):
netprofm full allow container_inherit+object_inherit
SYSTEM full allow container_inherit+object_inherit
Administrators full allow container_inherit+object_inherit
c:\Windows\System32\NetworkList\Icons\StockIcons
Owner: TrustedInstaller
DACL(protected+auto_inherited):
TrustedInstaller full allow no_inheritance
TrustedInstaller full allow container_inherit+inherit_only
SYSTEM change allow no_inheritance
SYSTEM full allow container_inherit+object_inherit+inherit_only
Administrators change allow no_inheritance
Administrators full allow container_inherit+object_inherit+inherit_only
Users read_execute allow no_inheritance
Users read_execute allow container_inherit+object_inherit+inherit_only
CREATOR OWNER full allow container_inherit+object_inherit+inherit_only
c:\Windows\System32\Recovery
Owner: Administrators
DACL(not_protected+auto_inherited):
ANONYMOUS LOGON full deny no_inheritance
ANONYMOUS LOGON full deny container_inherit+object_inherit+inherit_only
NETWORK SERVICE read allow no_inheritance
NETWORK SERVICE read allow container_inherit+object_inherit+inherit_only
c:\Windows\System32\Speech\Common
Owner: TrustedInstaller
DACL(protected+auto_inherited):
TrustedInstaller full allow no_inheritance
TrustedInstaller full allow container_inherit+object_inherit+inherit_only
SYSTEM read_execute allow no_inheritance
SYSTEM read_execute allow container_inherit+object_inherit+inherit_only
Administrators read_execute allow no_inheritance
Administrators read_execute allow container_inherit+object_inherit+inherit_only
Users read_execute allow no_inheritance
Users read_execute allow container_inherit+object_inherit+inherit_only
c:\Windows\System32\Speech\Engines\SR
Owner: TrustedInstaller
DACL(protected+auto_inherited):
TrustedInstaller full allow no_inheritance
TrustedInstaller full allow container_inherit+object_inherit+inherit_only
SYSTEM read_execute allow no_inheritance
SYSTEM read_execute allow container_inherit+object_inherit+inherit_only
Administrators read_execute allow no_inheritance
Administrators read_execute allow container_inherit+object_inherit+inherit_only
Users read_execute allow no_inheritance
Users read_execute allow container_inherit+object_inherit+inherit_only
c:\Windows\System32\Speech\SpeechUX
Owner: TrustedInstaller
DACL(protected+auto_inherited):
TrustedInstaller full allow no_inheritance
TrustedInstaller full allow container_inherit+object_inherit+inherit_only
SYSTEM read_execute allow no_inheritance
SYSTEM read_execute allow container_inherit+object_inherit+inherit_only
Administrators read_execute allow no_inheritance
Administrators read_execute allow container_inherit+object_inherit+inherit_only
Users read_execute allow no_inheritance
Users read_execute allow container_inherit+object_inherit+inherit_only
c:\Windows\System32\spool\drivers
Owner: SYSTEM
DACL(protected+auto_inherited):
SYSTEM full allow no_inheritance
SYSTEM full allow container_inherit+object_inherit+inherit_only
Administrators full allow no_inheritance
Administrators full allow container_inherit+object_inherit+inherit_only
Everyone read_execute allow no_inheritance
Everyone read_execute allow container_inherit+object_inherit+inherit_only
CREATOR OWNER full allow container_inherit+object_inherit+inherit_only
c:\Windows\System32\spool\drivers\color
Owner: TrustedInstaller
DACL(protected+auto_inherited):
TrustedInstaller full allow container_inherit
SYSTEM change allow no_inheritance
SYSTEM full allow container_inherit+object_inherit+inherit_only
Administrators change allow no_inheritance
Administrators full allow container_inherit+object_inherit+inherit_only
Users read_execute+FILE_ADD_FILE allow container_inherit+object_inherit
CREATOR OWNER write+read+DELETE allow container_inherit+object_inherit+inherit_only
c:\Windows\System32\spool\PRINTERS
Owner: SYSTEM
DACL(protected+auto_inherited):
Users FILE_ADD_FILE+FILE_ADD_SUBDIRECTORY+FILE_READ_EA+FILE_READ_ATTRIBUTES allow container_inherit
Administrators write+read+FILE_DELETE_CHILD+WRITE_OWNER+WRITE_DAC+DELETE allow no_inheritance
CREATOR OWNER write+read+FILE_DELETE_CHILD+WRITE_OWNER+WRITE_DAC+DELETE allow container_inherit+object_inherit+inherit_only
SYSTEM write+read+FILE_DELETE_CHILD+WRITE_OWNER+WRITE_DAC+DELETE allow container_inherit+object_inherit
Administrators write+read+FILE_DELETE_CHILD+WRITE_OWNER+WRITE_DAC+DELETE allow container_inherit+object_inherit
c:\Windows\System32\Tasks
Owner: Administrators
DACL(protected+auto_inherited):
Administrators full allow container_inherit
Administrators write+read+WRITE_OWNER+WRITE_DAC+DELETE allow object_inherit
SYSTEM full allow container_inherit
SYSTEM write+read+WRITE_OWNER+WRITE_DAC+DELETE allow object_inherit
Authenticated Users write+READ_CONTROL allow container_inherit
NETWORK SERVICE write+READ_CONTROL allow container_inherit
LOCAL SERVICE write+READ_CONTROL allow container_inherit
CREATOR OWNER full allow container_inherit+object_inherit+inherit_only
c:\Windows\System32\Tasks\Microsoft
Owner: Administrators
DACL(protected+auto_inherited):
Administrators full allow container_inherit
Administrators write+read+WRITE_OWNER+WRITE_DAC+DELETE allow object_inherit
SYSTEM full allow container_inherit
SYSTEM write+read+WRITE_OWNER+WRITE_DAC+DELETE allow object_inherit
Authenticated Users read allow container_inherit+object_inherit
LOCAL SERVICE read allow container_inherit+object_inherit
NETWORK SERVICE read allow container_inherit+object_inherit
CREATOR OWNER full allow container_inherit+object_inherit+inherit_only
c:\Windows\System32\Tasks\Microsoft\Windows\Media Center
Owner: Administrators
DACL(not_protected+auto_inherited):
NETWORK SERVICE change+FILE_DELETE_CHILD+WRITE_DAC allow container_inherit+object_inherit
c:\Windows\System32\Tasks\Microsoft\Windows\Media Center\Extender
Owner: Administrators
DACL(pseudo_protected+auto_inherited):
Administrators full allow no_inheritance
SYSTEM full allow no_inheritance
Users read_execute allow no_inheritance
c:\Windows\System32\Tasks\Microsoft\Windows\PLA
Owner: Administrators
DACL(not_protected+auto_inherited):
SYSTEM full allow container_inherit+object_inherit
Administrators full allow container_inherit+object_inherit
Performance Log Users read_execute+FILE_ADD_FILE allow container_inherit+object_inherit
c:\Windows\System32\Tasks\Microsoft\Windows\PLA\System
Owner: Administrators
DACL(pseudo_protected+auto_inherited):
SYSTEM full allow container_inherit+object_inherit
Administrators full allow container_inherit+object_inherit
Everyone read_execute+FILE_ADD_FILE allow container_inherit+object_inherit
c:\Windows\System32\Tasks\Microsoft\Windows\RemoteApp and Desktop Connections Update
Owner: Administrators
DACL(protected+auto_inherited):
Administrators full allow container_inherit
Administrators write+read+WRITE_OWNER+WRITE_DAC+DELETE allow object_inherit
SYSTEM full allow container_inherit
SYSTEM write+read+WRITE_OWNER+WRITE_DAC+DELETE allow object_inherit
Authenticated Users write+READ_CONTROL allow container_inherit
NETWORK SERVICE write+READ_CONTROL allow container_inherit
LOCAL SERVICE write+READ_CONTROL allow container_inherit
CREATOR OWNER full allow container_inherit+object_inherit+inherit_only
c:\Windows\System32\Tasks\Microsoft\Windows\SyncCenter
Owner: Administrators
DACL(protected+auto_inherited):
Users read_execute+FILE_ADD_SUBDIRECTORY allow no_inheritance
Administrators full allow no_inheritance
Administrators full allow container_inherit+object_inherit+inherit_only
SYSTEM full allow no_inheritance
SYSTEM full allow container_inherit+object_inherit+inherit_only
c:\Windows\System32\wbem\AutoRecover
Owner: Administrators
DACL(protected+auto_inherited):
Users read_execute allow no_inheritance
Users read_execute allow container_inherit+object_inherit+inherit_only
NETWORK SERVICE read allow no_inheritance
NETWORK SERVICE read allow container_inherit+object_inherit+inherit_only
Backup Operators write+read allow no_inheritance
Backup Operators write+read allow container_inherit+object_inherit+inherit_only
Administrators full allow no_inheritance
Administrators full allow container_inherit+object_inherit+inherit_only
SYSTEM full allow no_inheritance
SYSTEM full allow container_inherit+object_inherit+inherit_only
OWNER RIGHTS READ_CONTROL allow container_inherit+object_inherit+inherit_only
c:\Windows\System32\wbem\Logs
Owner: Administrators
DACL(protected+auto_inherited):
Users read_execute allow no_inheritance
Users read_execute allow container_inherit+object_inherit+inherit_only
NETWORK SERVICE write+read+DELETE allow no_inheritance
NETWORK SERVICE write+read+DELETE allow container_inherit+object_inherit+inherit_only
Backup Operators write+read allow no_inheritance
Backup Operators write+read allow container_inherit+object_inherit+inherit_only
Administrators full allow no_inheritance
Administrators full allow container_inherit+object_inherit+inherit_only
SYSTEM full allow no_inheritance
SYSTEM full allow container_inherit+object_inherit+inherit_only
OWNER RIGHTS READ_CONTROL allow container_inherit+object_inherit+inherit_only
c:\Windows\System32\wbem\MOF
Owner: SYSTEM
DACL(protected+auto_inherited):
Administrators full allow container_inherit+object_inherit
SYSTEM full allow container_inherit+object_inherit
c:\Windows\System32\wbem\Repository
Owner: Administrators
DACL(protected+auto_inherited):
Users read_execute allow no_inheritance
Users read_execute allow container_inherit+object_inherit+inherit_only
NETWORK SERVICE read allow no_inheritance
NETWORK SERVICE read allow container_inherit+object_inherit+inherit_only
Backup Operators write+read allow no_inheritance
Backup Operators write+read allow container_inherit+object_inherit+inherit_only
Administrators full allow no_inheritance
Administrators full allow container_inherit+object_inherit+inherit_only
SYSTEM full allow no_inheritance
SYSTEM full allow container_inherit+object_inherit+inherit_only
OWNER RIGHTS READ_CONTROL allow container_inherit+object_inherit+inherit_only
c:\Windows\System32\wdi
Owner: Administrators
DACL(protected+auto_inherited):
Guests full deny no_inheritance
Guests full deny container_inherit+object_inherit+inherit_only
ANONYMOUS LOGON full deny no_inheritance
ANONYMOUS LOGON full deny container_inherit+object_inherit+inherit_only
Administrators FILE_TRAVERSE deny object_inherit+inherit_only
Administrators full allow no_inheritance
Administrators full allow container_inherit+object_inherit+inherit_only
SYSTEM full allow no_inheritance
SYSTEM full allow container_inherit+object_inherit+inherit_only
DPS write+read+DELETE allow no_inheritance
DPS write+read+DELETE allow container_inherit+object_inherit+inherit_only
WdiServiceHost write+read+DELETE allow no_inheritance
WdiServiceHost write+read+DELETE allow container_inherit+object_inherit+inherit_only
c:\Windows\System32\wdi\perftrack\traces
Owner: SYSTEM
DACL(not_protected+auto_inherited):
WdiServiceHost write+read allow no_inheritance
WdiServiceHost write+read allow container_inherit+object_inherit+inherit_only
c:\Windows\System32\wfp
Owner: Administrators
DACL(protected+auto_inherited):
SYSTEM full allow container_inherit
SYSTEM write+read+FILE_DELETE_CHILD+WRITE_OWNER+WRITE_DAC+DELETE allow object_inherit+inherit_only
Administrators full allow container_inherit
Administrators write+read+FILE_DELETE_CHILD+WRITE_OWNER+WRITE_DAC+DELETE allow object_inherit+inherit_only
BFE write+read allow container_inherit+object_inherit
c:\Windows\System32\WindowsPowerShell\v1.0\<LANGUAGE CODE>
Owner: TrustedInstaller
DACL(protected+auto_inherited):
TrustedInstaller full allow no_inheritance
TrustedInstaller full allow container_inherit+object_inherit+inherit_only
SYSTEM read_execute allow no_inheritance
SYSTEM read_execute allow container_inherit+object_inherit+inherit_only
Administrators read_execute allow no_inheritance
Administrators read_execute allow container_inherit+object_inherit+inherit_only
Users read_execute allow no_inheritance
Users read_execute allow container_inherit+object_inherit+inherit_only
c:\Windows\System32\winevt
Owner: Administrators
DACL(protected+auto_inherited):
eventlog read_execute+write+FILE_DELETE_CHILD allow container_inherit+object_inherit
SYSTEM full allow container_inherit+object_inherit
Administrators full allow container_inherit+object_inherit
Authenticated Users read allow container_inherit
c:\Windows\System32\winevt\Logs
Owner: Administrators
DACL(protected+auto_inherited):
eventlog full allow container_inherit+object_inherit
SYSTEM full allow container_inherit+object_inherit
Administrators full allow container_inherit+object_inherit
Authenticated Users read allow container_inherit
c:\Windows\TAPI
Owner: Administrators
DACL(protected+auto_inherited):
TapiSrv full allow no_inheritance
TapiSrv full allow container_inherit+object_inherit+inherit_only
SYSTEM full allow no_inheritance
SYSTEM full allow container_inherit+object_inherit+inherit_only
Administrators full allow no_inheritance
Administrators full allow container_inherit+object_inherit+inherit_only
Users read allow no_inheritance
Users read allow container_inherit+object_inherit+inherit_only
c:\Windows\Tasks
Owner: Administrators
DACL(protected+auto_inherited):
Authenticated Users read_execute+FILE_ADD_FILE allow no_inheritance
Administrators full allow no_inheritance
Administrators full allow container_inherit+object_inherit+inherit_only
SYSTEM full allow no_inheritance
SYSTEM full allow container_inherit+object_inherit+inherit_only
Administrators full allow no_inheritance
CREATOR OWNER full allow container_inherit+object_inherit+inherit_only
c:\Windows\Temp
Owner: Administrators
DACL(protected+auto_inherited):
Users FILE_ADD_FILE+FILE_ADD_SUBDIRECTORY+FILE_TRAVERSE allow container_inherit
Administrators full allow no_inheritance
Administrators full allow container_inherit+object_inherit+inherit_only
SYSTEM full allow no_inheritance
SYSTEM full allow container_inherit+object_inherit+inherit_only
CREATOR OWNER full allow container_inherit+object_inherit+inherit_only
c:\Windows\tracing
Owner: Administrators
DACL(protected+auto_inherited):
LOCAL SERVICE read_execute+write allow no_inheritance
LOCAL SERVICE read_execute+write allow container_inherit+object_inherit+inherit_only
NETWORK SERVICE read_execute+write allow no_inheritance
NETWORK SERVICE read_execute+write allow container_inherit+object_inherit+inherit_only
SYSTEM full allow container_inherit+object_inherit
Users read_execute+write allow no_inheritance
Users read_execute+write allow container_inherit+inherit_only
Users write+read allow no_inheritance
Users write+read allow object_inherit+inherit_only
Administrators change allow no_inheritance
Administrators change allow container_inherit+inherit_only
Administrators write+read+DELETE allow no_inheritance
Administrators write+read+DELETE allow object_inherit+inherit_only
c:\Windows\Vss
Owner: Administrators
DACL(not_protected+auto_inherited):
Backup Operators full allow container_inherit+object_inherit
LOCAL SERVICE full allow container_inherit+object_inherit
NETWORK SERVICE full allow container_inherit+object_inherit
c:\Windows\winsxs
Owner: TrustedInstaller
DACL(protected+auto_inherited):
TrustedInstaller full allow container_inherit+object_inherit
Administrators read_execute allow container_inherit+object_inherit
SYSTEM read_execute allow container_inherit+object_inherit
Users read_execute allow container_inherit+object_inherit
About the Author
Helge Klein (ex CTP, MVP, and vExpert) worked as a consultant and developer before founding vast limits, the uberAgent company, which was acquired by the Citrix business unit of Cloud Software Group in late 2023.
Previously, Helge applied his extensive knowledge in IT infrastructure projects and architected a user profile management product, the successor of which is now available as Citrix Profile Management. Helge is the author of the popular tools Delprof2 and SetACL. He has presented at Citrix Synergy, BriForum, E2EVC, Splunk .conf, and many other events.
Read more
Здравствуйте!
После нескольких месяцев подозрений на вирусы, решился на проверку
Всё было по классике — dr web curiet нельзя было скачать. Любые попытки скачать и/или найти информацию о нём — Закрывался браузер. Если все-же получалось зайти на сайт, то вдруг оказывалось что сайт не работает ( Удивительно )
В общем:
Скачал cureit через телефон
Запустил проверку без интернета
Нашёл 22 вируса
cureit Удалил не всё ( Пришлось переходить по путям, и самостоятельно удалять файлы )
Перезагрузил пк
Нашёл ещё 1 вирус, удалил
Перезагрузил пк
Подключил Ethernet
Запустил проверку, нашёл NET.MALWARE.URL
Почистил расширения, угроза ушла
Почитал ваш форум, решил запустить FRST
В логах нашёл пользователя John ( По прошлым темам понял что это майнер )
В логах есть ещё другие подозрительные моменты
Итог:
Пк работает нормально, не греется как раньше
Хочу для спокойствия удалить остатки фигни с вашей помощью ( Используя FRST )
Логи прикрепил снизу
Надеюсь на скорейший ответ
Addition.txtFRST.txt Логов с curiet не будет, так как логи с вирусами я не сохранил ( дурак ), а последние логи — Чистые
#1
leika
- Posters
- 4 Сообщений:
Newbie
Отправлено 02 Сентябрь 2023 — 21:22
Добрый день, изначально вирус не позволял пользоваться диспетчером задач, при попытке найти в браузере антивирус выключал браузер, также запрещал установщикам dr.web и AVBR установить приложения, обошел в безопасном режиме, перебросив сами установщики через телефон на ПК, после полных проверок и удаления всего на что указали антивирусы появилась проблема, после перезагрузки сразу же всплывают cmd и poweshell
dlyaDR.png 908,37К
1 Скачано раз , исчезают через пару секунд и больше никак кроме как перезагрузив компьютер увидеть их не выходит. Также вместе с этим появляется ошибка, тоже только при запуске
dlyaDR2.png 25,15К
3 Скачано раз , и при каждом запуске пк, примерно в эти же секунды антивирус блокирует 3 подозрительных объекта и перемещает их
dlyaDR3.png 1,09Мб
1 Скачано раз , это происходящее каждый раз при запуске, также до этого при удалении вируса с помощью dr.web у сетевых драйверов появилась ошибка (код 56), была исправлена с помощью CCleaner просканировав и исправив ошибки реестра.
результаты отчета SysInfo прилагаю на гугл диске: https://drive.google.com/drive/folders/13sPQ8Nfvs66zsS7pRLR6ERLqFbp8ctw_?usp=sharing
- Наверх
#2
Dr.Robot
Dr.Robot
- Helpers
- 3 351 Сообщений:
Poster
Отправлено 02 Сентябрь 2023 — 21:22
1. Если Вы подозреваете у себя на компьютере вирусную активность и хотите получить помощь в этом разделе,
Вам необходимо кроме описания проблемы приложить к письму логи работы двух программ — сканера Dr. Web (или CureIt!, если антивирус Dr. Web не установлен на Вашем ПК), DrWeb SysInfo. Без логов помочь Вам не сможет даже самый квалифицированный специалист. Так как логи могут иметь большой объём, превышающий ограничения форума, то рекомендуем закачать их на какой-нибудь файлообменник, а на форуме указать ссылку.
2. Если у Вас зашифрованы файлы,
Внимание! Услуга по расшифровке файлов предоставляется только лицензионным пользователям продуктов Dr.Web, у которых на момент заражения была установлена актуальная коммерческая лицензия Dr.Web Security Space или Dr.Web Enterprise Security Suite.
Что НЕ нужно делать:
— лечить и удалять найденные антивирусом вирусы в автоматическом режиме или самостоятельно. Можно переместить всё найденное в карантин, а после спросить специалистов или не предпринимать никаких действий, а просто сообщить название найденных вирусов;
— переустанавливать операционную систему;
— менять расширение у зашифрованных файлов;
— очищать папки с временными файлами, а также историю браузера;
— использовать самостоятельно без консультации с вирусным аналитиком Dr. Web дешифраторы из «Аптечки сисадмина» Dr. Web;
— использовать дешифраторы рекомендуемые в других темах с аналогичной проблемой.
Что необходимо сделать:
— прислать в вирусную лабораторию Dr. Web https://support.drweb.com/new/free_unlocker/?keyno=&for_decode=1 несколько зашифрованных файлов и, если есть, их не зашифрованные копии в категорию Запрос на лечение. Дожидаться ответа на Вашу почту вирусного аналитика и далее следовать его указаниям ведя с ним переписку по почте. На форуме рекомендуется указать номер тикета вирлаба — это номер Вашего запроса, содержащий строку вида [drweb.com #3219200];
- Наверх
#3
Alexander007
Alexander007
- Posters
- 1 999 Сообщений:
Foreign Doctor
Отправлено 02 Сентябрь 2023 — 22:26
Приветствую leika , у вас ключ лицензионный ? По логах видно , что ключей от него Dr.Web нету/или просрочен или не найден ключ :
2023-09-02 20:10:54.983 [INF] [13056] [KeysStorage] No valid license have been found. 2023-09-02 20:10:54.985 [INF] [13056] [KeysStorage] No valid license have been found. 2023-09-02 20:10:54.986 [WRN] [13056] [main_wnd_t] Your license doesn't allow updating. 2023-09-02 20:11:54.992 [INF] [13056] [KeysStorage] No valid license have been found. 2023-09-02 20:11:54.995 [INF] [13056] [KeysStorage] No valid license have been found. 2023-09-02 20:11:54.996 [WRN] [13056] [main_wnd_t] Your license doesn't allow updating.
Без ключа не будет срабатывать защита/обновление баз. Рекомендую приобрести ключ .
Сообщение было изменено Alexander007: 02 Сентябрь 2023 — 22:29
Global Malware Hunting.
- Наверх
#4
AndreyKa
AndreyKa
- Posters
- 1 138 Сообщений:
Poster
Отправлено 02 Сентябрь 2023 — 23:19
Здравствуйте.
Файлы:
C:\ProgramData\Microsoft\DRM\Q3byoFsHE\FilesystemR.bat
C:\programdata\microsoft\drm\q3byofshe\svchost.exe
Загрузите через форму https://vms.drweb.com/sendvirus/
Сюда напишите номер тикета, который придёт на почту.
- Наверх
#5
Dmitry_rus
Dmitry_rus
- Helpers
- 3 670 Сообщений:
Guru
Отправлено 02 Сентябрь 2023 — 23:26
В ProgramData\ReaItekHD удалите файлы. Если не удаляются — из безопасного режима. После перезагрузки появляются в том же месте?
Сделайте еще логи FRST:
Скачайте Farbar Recovery Scan Tool (или с зеркала) и сохраните на Рабочем столе.
Примечание: необходимо выбрать версию, совместимую с вашей операционной системой. Если вы не уверены, какая версия подойдет для вашей системы, скачайте обе и попробуйте запустить. Только одна из них запустится на вашей системе.
Когда программа запустится, нажмите Да для соглашения с предупреждением.
Нажмите кнопку Сканировать (Scan).
После окончания сканирования будут созданы отчеты FRST.txt и Addition.txt в той же папке, откуда была запущена программа. Прикрепите отчеты к своему следующему сообщению.
Сообщение было изменено Dmitry_rus: 02 Сентябрь 2023 — 23:29
- Наверх
#6
leika
leika
- Posters
- 4 Сообщений:
Newbie
Отправлено 03 Сентябрь 2023 — 11:21
В ProgramData\ReaItekHD удалите файлы. Если не удаляются — из безопасного режима. После перезагрузки появляются в том же месте?
Сделайте еще логи FRST:
Скачайте Farbar Recovery Scan Tool (или с зеркала) и сохраните на Рабочем столе.
Примечание: необходимо выбрать версию, совместимую с вашей операционной системой. Если вы не уверены, какая версия подойдет для вашей системы, скачайте обе и попробуйте запустить. Только одна из них запустится на вашей системе.
Когда программа запустится, нажмите Да для соглашения с предупреждением.Нажмите кнопку Сканировать (Scan).
После окончания сканирования будут созданы отчеты FRST.txt и Addition.txt в той же папке, откуда была запущена программа. Прикрепите отчеты к своему следующему сообщению.
В ProgramData\ReaItekHD файлов никаких не заметил, по крайней мере с включенным в автозапуске антивирусом (просмотр скрытых элементов включен).
результаты сканирования Farbar Recovery Scan Tool загрузил так же на гугл диск (в папке «результаты сканирования FRST»): https://drive.google.com/drive/folders/13sPQ8Nfvs66zsS7pRLR6ERLqFbp8ctw_?usp=sharing
- Наверх
#7
leika
leika
- Posters
- 4 Сообщений:
Newbie
Отправлено 03 Сентябрь 2023 — 11:33
Здравствуйте.
Файлы:
C:\ProgramData\Microsoft\DRM\Q3byoFsHE\FilesystemR.bat
C:\programdata\microsoft\drm\q3byofshe\svchost.exeЗагрузите через форму https://vms.drweb.com/sendvirus/
Сюда напишите номер тикета, который придёт на почту.
если скопировать путь «C:\ProgramData\Microsoft\DRM\Q3byoFsHE\FilesystemR.bat» и вставить в проводник что то пытается сделать самораспаковывающийся архив, загрузил видео что происходит на диск, во втором случае (C:\programdata\microsoft\drm\q3byofshe\svchost.exe) просит пароль от архива (скриншот загрузил на диск). При попытке найти вручную эти файлы ничего не выходит, папка DRM якобы пуста, если ввести путь до «C:\ProgramData\Microsoft\DRM\Q3byoFsHE» последняя папка тоже откроется, но будет пуста
ссылка на видео и скриншот: https://drive.google.com/drive/folders/18mh52IF2S0tbhrtMgCsyr8TkOHZDAkTI?usp=sharing
пометка: там где на записи экран становится черным, это запрос на внесение изменений на устройстве,дважды, от game.exe и svchost.exe
Сообщение было изменено leika: 03 Сентябрь 2023 — 11:37
- Наверх
#8
Dmitry_rus
Dmitry_rus
- Helpers
- 3 670 Сообщений:
Guru
Отправлено 03 Сентябрь 2023 — 12:32
- Наверх
#9
AndreyKa
AndreyKa
- Posters
- 1 138 Сообщений:
Poster
Отправлено 03 Сентябрь 2023 — 13:16
если скопировать путь «…» и вставить в проводник что то пытается сделать самораспаковывающийся архив
Гениально! Запускать троян самому чтобы он ещё что нибудь напортил…
- Наверх
#10
leika
leika
- Posters
- 4 Сообщений:
Newbie
Отправлено 03 Сентябрь 2023 — 14:48
Спасибо за помощь, проблема решена.
- Наверх
-
-
#4
hi sorry for the delay
i just finished work
okidokies
to delete the FULL contents of the DRM folder, including all files, all folders please use the following, i only just clicked on what the DRM folder is haha…
slight amendments to the script
@echo off
cls
del «C:\ProgramData\Microsoft\DRM\*.*» /Q /F /S
rd «C:\ProgramData\Microsoft\DRM\» /S /Q
cls
echo Files have been deleted
ping localhost -n 3 > nul
exit
this will completly delete all files, folders and the DRM folder itself… if you dnt want the DRM folder removing completly let me no
Last edited:
|
0 / 0 / 0 Регистрация: 03.02.2011 Сообщений: 68 |
|
|
10.05.2025, 00:21. Показов 395. Ответов 5 Доброго времени суток , начлаи сильно лагать игры , и виснуть пк. все началось после закачки игры, лог прикрепляю.
0 |
|
22347 / 15824 / 3056 Регистрация: 08.10.2012 Сообщений: 64,412 |
|
|
10.05.2025, 12:08 |
|
|
Здравствуйте! Скачайте AV block remover (или с зеркала). Если и так не сработает, запускайте программу из любой папки кроме папок Рабочий стол (Desktop) и Загрузки (Downloads). В результате работы утилиты появится отчёт AV_block_remove_дата-время.log, прикрепите его к следующему сообщению. После перезагрузки системы соберите новый CollectionLog Автологером.
0 |
|
0 / 0 / 0 Регистрация: 03.02.2011 Сообщений: 68 |
|
|
10.05.2025, 15:10 [ТС] |
|
|
готово , логи прикрепляю
0 |
|
22347 / 15824 / 3056 Регистрация: 08.10.2012 Сообщений: 64,412 |
|
|
11.05.2025, 12:39 |
|
|
Внимание! Рекомендации написаны специально для пользователя СергейРУ. Если рекомендации написаны не для вас, не используйте их — это может повредить вашей системе. 1. Пофиксите в HijackThis только следующие строчки: Code O7 - Policy: (UAC) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System: [ConsentPromptBehaviorAdmin] = 0 O7 - Policy: (UAC) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System: [PromptOnSecureDesktop] = 0 O27 - Account: (Hidden) User 'John' is invisible on logon screen O27 - RDP: (Other) HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server: [fDenyTSConnections] = 0 Перезагрузите компьютер. 2.Скачайте Farbar Recovery Scan Tool (или с зеркала) и сохраните на Рабочем столе. Примечание: необходимо выбрать версию, совместимую с Вашей операционной системой. Если Вы не уверены, какая версия подойдет для Вашей системы, скачайте обе и попробуйте запустить. Только одна из них запустится на Вашей системе. Нажмите кнопку Сканировать (Scan).
0 |
|
0 / 0 / 0 Регистрация: 03.02.2011 Сообщений: 68 |
|
|
12.05.2025, 11:28 [ТС] |
|
|
в целом проблема с зависанием в играх исчезла, но вчера комп завис полностью в игре. так же до этого перестали работать 4 клавиши основные на клавиатуре, после лечения они заработали . логи прикладываю
0 |
|
Sandor 22347 / 15824 / 3056 Регистрация: 08.10.2012 Сообщений: 64,412 |
||||
|
12.05.2025, 11:41 |
||||
|
Примите к сведению — после выполнения скрипта (возможно) все открытые вкладки браузеров будут закрыты, произойдет выход из аккаунтов, временные файлы, корзина, история браузеров, куки и кэш будут очищены.
Компьютер будет перезагружен автоматически.
0 |
|
Новые блоги и статьи
Все статьи Все блоги / |
||||
|
Как использовать OAuth2 со Spring Security в Java
Javaican 14.05.2025 Протокол OAuth2 часто путают с механизмами аутентификации, хотя по сути это протокол авторизации. Представьте, что вместо передачи ключей от всего дома вашему другу, который пришёл полить цветы, вы. . . |
Анализ текста на Python с NLTK и Spacy
AI_Generated 14.05.2025 NLTK, старожил в мире обработки естественного языка на Python, содержит богатейшую коллекцию алгоритмов и готовых моделей. Эта библиотека отлично подходит для образовательных целей и. . . |
Реализация DI в PHP
Jason-Webb 13.05.2025 Когда я начинал писать свой первый крупный PHP-проект, моя архитектура напоминала запутаный клубок спагетти. Классы создавали другие классы внутри себя, зависимости жостко прописывались в коде, а о. . . |
Обработка изображений в реальном времени на C# с OpenCV
stackOverflow 13.05.2025 Объединение библиотеки компьютерного зрения OpenCV с современным языком программирования C# создаёт симбиоз, который открывает доступ к впечатляющему набору возможностей. Ключевое преимущество этого. . . |
POCO, ACE, Loki и другие продвинутые C++ библиотеки
NullReferenced 13.05.2025 В C++ разработки существует такое обилие библиотек, что порой кажется, будто ты заблудился в дремучем лесу. И среди этого многообразия POCO (Portable Components) – как маяк для тех, кто ищет. . . |
|
Паттерны проектирования GoF на C#
UnmanagedCoder 13.05.2025 Вы наверняка сталкивались с ситуациями, когда код разрастается до неприличных размеров, а его поддержка становится настоящим испытанием. Именно в такие моменты на помощь приходят паттерны Gang of. . . |
Создаем CLI приложение на Python с Prompt Toolkit
py-thonny 13.05.2025 Современные командные интерфейсы давно перестали быть черно-белыми текстовыми программами, которые многие помнят по старым операционным системам. CLI сегодня – это мощные, интуитивные и даже. . . |
Конвейеры ETL с Apache Airflow и Python
AI_Generated 13.05.2025 ETL-конвейеры – это набор процессов, отвечающих за извлечение данных из различных источников (Extract), их преобразование в нужный формат (Transform) и загрузку в целевое хранилище (Load). . . . |
Выполнение асинхронных задач в Python с asyncio
py-thonny 12.05.2025 Современный мир программирования похож на оживлённый мегаполис – тысячи процессов одновременно требуют внимания, ресурсов и времени. В этих джунглях операций возникают ситуации, когда программа. . . |
Работа с gRPC сервисами на C#
UnmanagedCoder 12.05.2025 gRPC (Google Remote Procedure Call) — открытый высокопроизводительный RPC-фреймворк, изначально разработанный компанией Google. Он отличается от традиционых REST-сервисов как минимум тем, что. . . |
Наверх