archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/mergedcomponents/setupinfs/defltsv.inx

1042 lines
63 KiB
Raw Permalink Normal View History

commiting as it is
4 years ago
  1. @*:This file defines default security settings.
  2. @*:Please do not edit. Instead, email kirksol with the requested change.
  3. @*:Thanks!
  4. ; Copyright (c) Microsoft Corporation. All rights reserved.
  5. ;
  6. ; Security Configuration Template for Security Configuration Editor
  7. ;
  8. ; Template Name: DefltSV.INF
  9. ; Template Version: 05.10.DS.0000
  10. ;
  11. ; Default Security For Windows NT 5.1 Server.
  13. [Profile Description]
  14. %SCEDefltSVProfileDescription%
  16. [version]
  17. signature="$CHICAGO$"
  18. revision=1
  21. [System Access]
  22. ;----------------------------------------------------------------
  23. ;Account Policies - Password Policy
  24. ;----------------------------------------------------------------
  25. MinimumPasswordAge = 0
  26. MaximumPasswordAge = 42
  27. MinimumPasswordLength = 0
  28. PasswordComplexity = 0
  29. PasswordHistorySize = 0
  30. RequireLogonToChangePassword = 0
  31. ClearTextPassword = 0
  33. ;----------------------------------------------------------------
  34. ;Account Policies - Lockout Policy
  35. ;----------------------------------------------------------------
  36. ;No Account Lockout
  37. LockoutBadCount = 0
  39. ;The following are not configured when No Account Lockout
  40. ;ResetLockoutCount = 30
  41. ;LockoutDuration = 30
  43. ;----------------------------------------------------------------
  44. ;Local Policies - Security Options
  45. ;----------------------------------------------------------------
  46. ;DC Only
  47. ;ForceLogoffWhenHourExpire = 0
  49. LSAAnonymousNameLookup = 0
  51. ;NewAdministatorName =
  52. ;NewGuestName =
  53. ;SecureSystemPartition
  55. ;----------------------------------------------------------------
  56. ;Event Log - Log Settings
  57. ;----------------------------------------------------------------
  58. ;Audit Log Retention Period:
  59. ;0 = Overwrite Events As Needed
  60. ;1 = Overwrite Events As Specified by Retention Days Entry
  61. ;2 = Never Overwrite Events (Clear Log Manually)
  63. [System Log]
  64. MaximumLogSize = 16384
  65. AuditLogRetentionPeriod = 0
  66. ;RetentionDays = 7
  67. RestrictGuestAccess = 1
  69. [Security Log]
  70. MaximumLogSize = 16384
  71. AuditLogRetentionPeriod = 0
  72. ;RetentionDays = 7
  73. RestrictGuestAccess = 1
  75. [Application Log]
  76. MaximumLogSize = 16384
  77. AuditLogRetentionPeriod = 0
  78. ;RetentionDays = 7
  79. RestrictGuestAccess = 1
  81. ;----------------------------------------------------------------
  82. ;Local Policies - Audit Policy
  83. ;----------------------------------------------------------------
  85. [Event Audit]
  86. AuditAccountLogon = 1
  87. AuditAccountManage = 0
  88. AuditSystemEvents = 0
  89. AuditLogonEvents = 1
  90. AuditObjectAccess = 0
  91. AuditPrivilegeUse = 0
  92. AuditPolicyChange = 0
  93. AuditProcessTracking = 0
  94. ;AuditDSAccess = 0
  95. CrashOnAuditFull = 0
  97. ;----------------------------------------------------------------
  98. ;Registry Values
  99. ;----------------------------------------------------------------
  100. [Registry Values]
  101. ; Registry value name in full path = Type, Value
  102. ; REG_SZ ( 1 )
  103. ; REG_EXPAND_SZ ( 2 ) // with environment variables to expand
  104. ; REG_BINARY ( 3 )
  105. ; REG_DWORD ( 4 )
  106. ; REG_MULTI_SZ ( 7 )
  108. MACHINE\System\CurrentControlSet\Control\Lsa\AuditBaseObjects=4,0
  109. MACHINE\System\CurrentControlSet\Control\Lsa\CrashOnAuditFail=4,0
  110. MACHINE\System\CurrentControlSet\Control\Lsa\DisableDomainCreds=4,0
  111. MACHINE\System\CurrentControlSet\Control\Lsa\EveryoneIncludesAnonymous=4,0
  112. MACHINE\System\CurrentControlSet\Control\Lsa\ForceGuest=4,0
  113. MACHINE\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy=4,0
  114. MACHINE\System\CurrentControlSet\Control\Lsa\FullPrivilegeAuditing=3,0
  115. MACHINE\System\CurrentControlSet\Control\Lsa\LimitBlankPasswordUse=4,1
  116. MACHINE\System\CurrentControlSet\Control\Lsa\LmCompatibilityLevel=4,2
  117. MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinClientSec=4,0
  118. MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinServerSec=4,0
  119. MACHINE\System\CurrentControlSet\Control\Lsa\NoLMHash=4,0
  120. MACHINE\System\CurrentControlSet\Control\Lsa\NoDefaultAdminOwner=4,0
  121. MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymous=4,0
  122. MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymousSAM=4,1
  124. ;Domain Controllers Only
  125. ;MACHINE\System\CurrentControlSet\Control\Lsa\SubmitControl=4,0
  127. MACHINE\System\CurrentControlSet\Control\Print\Providers\LanMan Print Services\Servers\AddPrinterDrivers=4,1
  129. MACHINE\System\CurrentControlSet\Control\Session Manager\Kernel\ObCaseInsensitive=4,1
  130. MACHINE\System\CurrentControlSet\Control\Session Manager\Memory Management\ClearPageFileAtShutdown=4,0
  131. MACHINE\System\CurrentControlSet\Control\Session Manager\ProtectionMode=4,1
  133. MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableSecuritySignature=4,0
  134. MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\RequireSecuritySignature=4,0
  135. MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableForcedLogOff=4,1
  136. MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\AutoDisconnect=4,15
  137. MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\RestrictNullSessAccess=4,1
  139. MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnableSecuritySignature=4,1
  140. MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\RequireSecuritySignature=4,0
  141. MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnablePlainTextPassword=4,0
  143. MACHINE\System\CurrentControlSet\Services\LDAP\LDAPClientIntegrity=4,1
  145. MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\DisablePasswordChange=4,0
  146. MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\MaximumPasswordAge=4,30
  147. MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\SignSecureChannel=4,1
  148. MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\SealSecureChannel=4,1
  149. MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireSignOrSeal=4,1
  150. MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireStrongKey=4,0
  152. ;Potential to take on different values during and after setup
  153. ;MACHINE\Software\Microsoft\Driver Signing\Policy=3,1
  154. ;MACHINE\Software\Microsoft\Non-Driver Signing\Policy=3,0
  156. MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableCAD=4,0
  157. MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DontDisplayLastUserName=4,0
  158. MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeCaption=1,""
  159. MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeText=7,""
  160. MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ScForceOption=4,0
  161. MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ShutdownWithoutLogon=4,0
  162. MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UndockWithoutLogon=4,1
  165. MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SecurityLevel=4,0
  166. MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SetCommand=4,0
  168. MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateCDRoms=1,0
  169. MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateDASD=1,0
  170. MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateFloppies=1,0
  171. MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\CachedLogonsCount=1,10
  172. MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ForceUnlockLogon=4,0
  173. MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\PasswordExpiryWarning=4,14
  174. MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ScRemoveOption=1,0
  176. MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\AuthenticodeEnabled=4,0
  178. ;----------------------------------------------------------------------
  179. ; Privileges & Rights
  180. ;----------------------------------------------------------------------
  181. ;
  182. ;World S-1-1-0
  183. ;
  184. ;NT Authority S-1-5
  185. ;TERMINAL_SERVER 13
  186. ;LOCAL_SERVICE 19
  187. ;NETWORK_SERVICE 20
  188. ;
  189. ;Built-In Domain SubAuthority = S-1-5-32
  190. ;ADMINISTRATORS 544
  191. ;USERS 545
  192. ;GUESTS 546
  193. ;POWER_USERS 547
  194. ;ACCOUNT_OPS 548
  195. ;SYSTEM_OPS 549
  196. ;PRINT_OPS 550
  197. ;BACKUP_OPS 551
  198. ;REPLICATOR 552
  199. ;RAS_SERVERS 553
  200. ;PREW2KCOMPACCESS 554
  201. ;REMOTE_DESKTOP_USERS 555
  202. ;NETWORK_CONFIGURATION_OPS 556
  204. [Privilege Rights]
  205. SeAssignPrimaryTokenPrivilege = *S-1-5-19, *S-1-5-20
  206. SeAuditPrivilege = *S-1-5-19, *S-1-5-20
  207. SeBackupPrivilege = *S-1-5-32-544, *S-1-5-32-551
  208. SeBatchLogonRight =
  209. SeChangeNotifyPrivilege = *S-1-5-32-544, *S-1-5-32-551, *S-1-5-32-547, *S-1-5-32-545, *S-1-1-0
  210. SeCreateGlobalPrivilege = *S-1-5-6, *S-1-5-32-544
  211. SeCreatePagefilePrivilege = *S-1-5-32-544
  212. SeCreatePermanentPrivilege =
  213. SeCreateTokenPrivilege =
  214. SeDebugPrivilege = *S-1-5-32-544
  215. SeImpersonatePrivilege = *S-1-5-6, *S-1-5-32-544
  216. SeIncreaseBasePriorityPrivilege = *S-1-5-32-544
  217. SeIncreaseQuotaPrivilege = *S-1-5-32-544, *S-1-5-19, *S-1-5-20
  218. SeInteractiveLogonRight = *S-1-5-32-544, *S-1-5-32-551, *S-1-5-32-547, *S-1-5-32-545
  219. SeLoadDriverPrivilege = *S-1-5-32-544
  220. SeLockMemoryPrivilege =
  221. SeMachineAccountPrivilege =
  222. SeManageVolumePrivilege = *S-1-5-32-544
  223. SeNetworkLogonRight = *S-1-5-32-544, *S-1-5-32-551, *S-1-5-32-547, *S-1-5-32-545, *S-1-1-0
  224. SeProfileSingleProcessPrivilege = *S-1-5-32-544, *S-1-5-32-547
  225. SeRemoteInteractiveLogonRight = *S-1-5-32-544, *S-1-5-32-555
  226. SeRemoteShutdownPrivilege = *S-1-5-32-544
  227. SeRestorePrivilege = *S-1-5-32-544, *S-1-5-32-551
  228. SeSecurityPrivilege = *S-1-5-32-544
  229. SeServiceLogonRight =
  230. SeShutdownPrivilege = *S-1-5-32-544, *S-1-5-32-551, *S-1-5-32-547
  231. SeSystemEnvironmentPrivilege = *S-1-5-32-544
  232. SeSystemProfilePrivilege = *S-1-5-32-544
  233. SeSystemTimePrivilege = *S-1-5-32-544, *S-1-5-32-547
  234. SeTakeOwnershipPrivilege = *S-1-5-32-544
  235. SeTcbPrivilege =
  236. ;
  237. SeDenyInteractiveLogonRight =
  238. SeDenyBatchLogonRight =
  239. SeDenyServiceLogonRight =
  240. SeDenyNetworkLogonRight =
  241. SeDenyRemoteInteractiveLogonRight =
  242. ;
  243. SeUndockPrivilege = *S-1-5-32-544, *S-1-5-32-547
  244. SeSyncAgentPrivilege =
  245. SeEnableDelegationPrivilege =
  248. [Group Membership]
  249. %SceInfUsers%__Memberof =
  250. %SceInfUsers%__Members = %SceInfAuthUsers%,%SceInfInteractive%
  252. [Service General Setting]
  253. ;autostarted on workstations and servers, standalone or joined
  254. Browser,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  255. Dhcp,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRRC;;;NO)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  256. TrkWks,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  257. Dnscache,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRRC;;;NO)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  258. Eventlog,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  259. PolicyAgent,,"D:(A;;CCLCSWLORC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  260. dmserver,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  261. Messenger,4,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  262. PlugPlay,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  263. Spooler,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  264. ProtectedStorage,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  265. RpcSs,,"D:(A;;CCLCSWLORC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLORC;;;PU)(A;;CCLCSWRPLO;;;IU)(A;;CCLCSWRPLO;;;BU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  266. NtmsSvc,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  267. seclogon,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  268. SamSs,,"D:(A;;CCLCSWLORC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLORC;;;PU)(A;;CCLCSWRPLO;;;IU)(A;;CCLCSWRPLO;;;BU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  269. lanmanserver,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  270. SENS,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  271. Schedule,2,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  272. Sysmonlog,,"D:(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCRPLOCR;;;LU)S:AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  273. LmHosts,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  274. LanmanWorkstation,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  275. RemoteRegistry,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  277. ;Not autostarted, but non-default DACL - Remove PU ability to change template
  278. ClipSrv,4,"D:(A;;CCLCSWLORC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLORC;;;PU)(A;;CCLCSWRPLO;;;IU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  279. NetDDE,4,"D:(A;;CCLCSWLORC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLORC;;;PU)(A;;CCLCSWRPLO;;;IU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  280. NetDDEdsdm,4,"D:(A;;CCLCSWLORC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLORC;;;PU)(A;;CCLCSWRPLO;;;IU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  281. EventSystem,,"D:(A;;CCLCSWRPLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLORC;;;PU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  283. ;Not autostarted if machine is standalone
  284. Netlogon,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  285. W32Time,,"D:(A;;CCLCSWLORC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLORC;;;PU)(A;;CCLCSWRPLO;;;IU)(A;;CCLCSWRPLO;;;BU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  287. ;Not autostarted if Wksta
  288. Alerter,4,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  289. MSDTC,,"D:(A;;CCLCSWRPLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLORC;;;NS)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  291. ;Server Only Services
  292. Dfs,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  293. LicenseService,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  295. ;IIS Specific Services - Leave them alone
  296. ;IISADMIN,2,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  297. ;W3SVC,2,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  298. ;MSFTPSVC,2,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  299. ;SMTPSVC,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  302. ;
  303. ; set default startup for the following services - do not touch permissions
  304. ;
  305. @b:AudioSrv,4,""
  306. ;;FastUserSwitching service not installed in setup
  307. Mnmsrvc,4,""
  308. SharedAccess,4,""
  309. Themes,4,""
  310. TlntSvr,4,""
  311. TrkSvr,4,""
  312. ;;Tssdis service not installed in setup
  313. WmdmPmSp,3,""
  316. [Registry Keys]
  318. "MACHINE\Software",2,"D:P(A;CI;GR;;;BU)(A;CI;GRGWSD;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GRGWSD;;;S-1-5-13)"
  320. ;Not same as parent, and this is the target of a symlink - set explicitly.
  321. "MACHINE\SOFTWARE\Classes",2,"D:P(A;CI;GR;;;BU)(A;CI;GRGWSD;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  322. "MACHINE\SOFTWARE\Classes\helpfile",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  323. "MACHINE\SOFTWARE\Classes\.hlp",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  325. "MACHINE\SOFTWARE\Microsoft\ADs\Providers\LDAP\Extensions",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  326. @@:@i:"MACHINE\SOFTWARE\Microsoft\ADs\Providers\NDS",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  327. @@:@i:"MACHINE\SOFTWARE\Microsoft\ADs\Providers\NWCOMPAT",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  328. "MACHINE\SOFTWARE\Microsoft\ADs\Providers\WinNT",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  330. "MACHINE\SOFTWARE\Microsoft\Command Processor",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  332. "MACHINE\SOFTWARE\Microsoft\Cryptography",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  333. "MACHINE\SOFTWARE\Microsoft\Cryptography\Calais",2,"D:AR(A;CI;GRGWSD;;;LS)"
  335. "MACHINE\SOFTWARE\Microsoft\DeviceManager",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  336. "MACHINE\SOFTWARE\Microsoft\Driver Signing",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  337. "MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  338. "MACHINE\Software\Microsoft\EventSystem",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  339. "MACHINE\SOFTWARE\Microsoft\Non-Driver Signing",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  340. "MACHINE\SOFTWARE\Microsoft\NetDDE",2,"D:P(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  341. "MACHINE\SOFTWARE\Microsoft\Ole",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  342. "MACHINE\SOFTWARE\Microsoft\Passport",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GR;;;NS)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  343. "MACHINE\SOFTWARE\Microsoft\Passport\KeyData",2,"D:P(A;CI;GR;;;NS)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  344. "MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider",1,"D:AR"
  345. "MACHINE\SOFTWARE\Microsoft\Rpc",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  346. "MACHINE\SOFTWARE\Microsoft\Secure",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  347. "MACHINE\Software\Microsoft\Speech",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  348. "MACHINE\SOFTWARE\Microsoft\SystemCertificates",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  349. "MACHINE\SOFTWARE\Microsoft\Tracing",2,"D:P(A;CI;GR;;;BU)(A;CI;GRGWSD;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GR;;;S-1-5-13)"
  351. "MACHINE\Software\Microsoft\Windows\CurrentVersion",2,"D:P(A;CI;GR;;;BU)(A;CI;GRGWSD;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  352. "MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  353. "MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reliability",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  354. "MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  355. "MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  356. "MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  358. ;The following keys need to be writable by TERMINAL_SERVER_USER for App-Compat
  359. "MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths",2,"D:P(A;CI;GR;;;BU)(A;CI;GRGWSD;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GRGWSD;;;S-1-5-13)"
  360. "MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace",2,"D:P(A;CI;GR;;;BU)(A;CI;GRGWSD;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GRGWSD;;;S-1-5-13)"
  361. "MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks",2,"D:P(A;CI;GR;;;BU)(A;CI;GRGWSD;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GRGWSD;;;S-1-5-13)"
  362. "MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs",2,"D:P(A;CI;GR;;;BU)(A;CI;GRGWSD;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GRGWSD;;;S-1-5-13)"
  363. "MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall",2,"D:P(A;CI;GR;;;BU)(A;CI;GRGWSD;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GRGWSD;;;S-1-5-13)"
  365. ;The following keys do not exist when we run.
  366. "MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy",1,"D:AR"
  367. "MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer",1,"D:AR"
  368. "MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies",1,"D:AR"
  369. "MACHINE\SOFTWARE\Microsoft\MSDTC",1,"D:AR"
  371. "MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony",2,"D:P(A;CIOI;GR;;;BU)(A;CIOI;GRGWSD;;;PU)(A;CIOI;GA;;;NS)(A;CIOI;GA;;;LS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  373. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  374. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AEDebug",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  375. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Asr\Commands",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  376. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Classes",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  377. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  378. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EFS",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  379. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Event Viewer",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  380. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Font Drivers",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  381. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontMapper",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  382. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  383. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  384. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib",2,"D:P(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GR;;;LS)(A;CI;GR;;;NS)(A;CI;GR;;;LU)(A;CI;GR;;;MU)"
  385. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009",1,"D:AR"
  386. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PerHwIdStorage",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  387. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports",2,"D:P(A;CI;GR;;;BU)(A;CI;GRGWSD;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  388. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  389. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SecEdit",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  390. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  391. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  392. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  393. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WbemPerf",2,"D:P(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GR;;;LS)(A;CI;GR;;;NS)(A;CI;GR;;;LU)(A;CI;GR;;;MU)"
  394. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  395. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  397. "MACHINE\SOFTWARE\Microsoft\wbem",2,"D:P(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GA;;;NS)(A;CI;GR;;;BU)"
  398. "MACHINE\SOFTWARE\Microsoft\wbem\CIMOM",2,"D:P(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GR;;;BU)"
  399. "MACHINE\SOFTWARE\Microsoft\wbem\Transports",2,"D:P(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GR;;;BU)"
  400. "MACHINE\SOFTWARE\Microsoft\wbem\ESS",2,"D:P(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GR;;;BU)"
  401. "MACHINE\SOFTWARE\Microsoft\wbem\FWD",2,"D:P(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GR;;;BU)"
  403. "MACHINE\SOFTWARE\Policies",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  406. "MACHINE\System",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  408. "MACHINE\SYSTEM\Clone",1,"D:AR"
  410. "MACHINE\SYSTEM\ControlSet001",1,"D:AR"
  411. "MACHINE\SYSTEM\ControlSet002",1,"D:AR"
  412. "MACHINE\SYSTEM\ControlSet003",1,"D:AR"
  413. "MACHINE\SYSTEM\ControlSet004",1,"D:AR"
  414. "MACHINE\SYSTEM\ControlSet005",1,"D:AR"
  415. "MACHINE\SYSTEM\ControlSet006",1,"D:AR"
  416. "MACHINE\SYSTEM\ControlSet007",1,"D:AR"
  417. "MACHINE\SYSTEM\ControlSet008",1,"D:AR"
  418. "MACHINE\SYSTEM\ControlSet009",1,"D:AR"
  419. "MACHINE\SYSTEM\ControlSet010",1,"D:AR"
  421. "MACHINE\SYSTEM\CurrentControlSet\Control\Class",0,"D:AR"
  423. "MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout",2,"D:(A;CI;GR;;;WD)"
  424. "MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts",2,"D:(A;CI;GR;;;WD)"
  425. "MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Audit",2,"D:P(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  426. "MACHINE\SYSTEM\CurrentControlSet\Control\LSA\JD",2,"D:P(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  427. "MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Skew1",2,"D:P(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  428. "MACHINE\SYSTEM\CurrentControlSet\Control\LSA\GBG",2,"D:P(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  429. "MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Data",2,"D:P(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  430. "MACHINE\SYSTEM\CurrentControlSet\Control\Network",2,"D:(A;CI;GRGWSD;;;NO)"
  431. "MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg",2,"D:P(A;CI;GA;;;BA)(A;;GR;;;BO)(A;CI;GR;;;LS)"
  432. "MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCompatCache",2,"D:P(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  433. "MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Executive",2,"D:(A;CI;GRGWSD;;;PU)"
  434. "MACHINE\SYSTEM\CurrentControlSet\Control\TimeZoneInformation",2,"D:(A;CI;GRGWSD;;;PU)"
  435. "MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Security",2,"D:P(A;CI;GR;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  437. "MACHINE\SYSTEM\CurrentControlSet\Services",0,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  439. ;Set security subkey permissions for those services created via default hives
  440. "MACHINE\SYSTEM\CurrentControlSet\Services\AppMgmt\Security",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
  441. "MACHINE\SYSTEM\CurrentControlSet\Services\ClipSrv\Security",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
  442. "MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc\Security",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
  443. "MACHINE\SYSTEM\CurrentControlSet\Services\ERSvc\Security",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
  444. @*:Fix for 477845 causes regression for 32625
  445. ;"MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
  446. @*:We still can add a SACL to it though.
  447. "MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security",2,"S:AR(AU;OICISAFA;DCLCSDWDWO;;;WD)"
  448. @@:@6:"MACHINE\SYSTEM\CurrentControlSet\Services\IASJet\Security",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
  449. "MACHINE\SYSTEM\CurrentControlSet\Services\kdc\Security",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
  450. "MACHINE\SYSTEM\CurrentControlSet\Services\NetDDE\Security",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
  451. "MACHINE\SYSTEM\CurrentControlSet\Services\NetDDEdsdm\Security",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
  452. "MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Security",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
  453. "MACHINE\SYSTEM\CurrentControlSet\Services\Samss\Security",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
  454. "MACHINE\SYSTEM\CurrentControlSet\Services\SCardSvr\Security",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
  455. "MACHINE\SYSTEM\CurrentControlSet\Services\TapiSrv\Security",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
  456. "MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Security",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
  458. ;Set security subkey permissions for those services created in GUI-mode setup before SCE runs
  459. "MACHINE\SYSTEM\CurrentControlSet\Services\IREnum\Security",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
  460. "MACHINE\SYSTEM\CurrentControlSet\Services\STISvc\Security",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
  461. "MACHINE\SYSTEM\CurrentControlSet\Services\WMI\Security",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
  463. "MACHINE\SYSTEM\CurrentControlSet\Services\SysmonLog\Log Queries",2,"D:(A;CI;GA;;;NS)(A;CI;CCDCLCSWSDRC;;;LU)"
  465. "MACHINE\SYSTEM\CurrentControlSet\Enum",1,"D:AR"
  467. "MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles",1,"D:AR"
  469. "USERS\.DEFAULT",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  470. "USERS\.DEFAULT\Software\Microsoft\NetDDE",2,"D:P(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  471. "USERS\.DEFAULT\SOFTWARE\Microsoft\Protected Storage System Provider",1,"D:AR"
  472. "USERS\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\ProtectedRoots",1,"D:AR"
  474. [File Security]
  476. ;---------------------------------------------------------------------------------------
  477. ;x86 Boot Files
  478. ;---------------------------------------------------------------------------------------
  479. @@:@i:"%BootDrive%\boot.ini",2,"D:P(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  480. @@:@i:"%BootDrive%\ntdetect.com",2,"D:P(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  481. @@:@i:"%BootDrive%\ntldr",2,"D:P(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  482. @@:@i:"%BootDrive%\ntbootdd.sys",2,"D:P(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  483. @@:@i:"%BootDrive%\autoexec.bat",2,"D:P(A;;GRGX;;;BU)(A;;GRGWGXSD;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  484. @@:@i:"%BootDrive%\config.sys",2,"D:P(A;;GRGX;;;BU)(A;;GRGWGXSD;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  486. ;---------------------------------------------------------------------------------------
  487. ;amd64 Boot Files
  488. ;---------------------------------------------------------------------------------------
  489. @@:@a:"%BootDrive%\boot.ini",2,"D:P(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  490. @@:@a:"%BootDrive%\ntdetect.com",2,"D:P(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  491. @@:@a:"%BootDrive%\ntldr",2,"D:P(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  494. ;---------------------------------------------------------------------------------------
  495. ;System Drive
  496. ;---------------------------------------------------------------------------------------
  497. ;SetupSecurity will contain the new root acl. Ignore docs and settings if it's reapplied (e.g. on conversion from FAT)
  498. "%SystemDrive%\Documents and Settings",1,"D:AR"
  499. ; Directories that might not exist when security is applied; but are listed here
  500. ; so that they get secured correctly on converting the file system to NTFS
  501. "%SystemDrive%\perflogs",2,"D:P(A;CIOI;GRGX;;;MU)(A;CIOI;GRGWGXSDRC;;;NS)(A;CIOI;GRGWGXSDRC;;;LU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  502. "%SystemDrive%\System Volume Information",2,"D:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  503. "%SystemDrive%\wmpub",2,"D:P(A;CIOI;GRGWGXSD;;;BU)(A;CIOI;GRGWGXSD;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  506. ;---------------------------------------------------------------------------------------------
  507. ;ProgramFiles
  508. ;---------------------------------------------------------------------------------------------
  509. "%SceInfProgramFiles%",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGWGXSD;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)(A;CIOI;GRGWGXSD;;;S-1-5-13)"
  510. "%SceInfProgramFiles%\Microsoft SQL Server\MSSQL$UDDI",2,"D:P(A;CIOI;GA;;;BA)"
  511. "%SceInfProgramFiles%\WindowsUpdate",2,"D:P(A;CIOI;GRGWGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  512. "%SceInfCommonProgramFiles%\Microsoft Shared\Speech",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  513. "%SceInfCommonProgramFiles%\SpeechEngines\Microsoft\TTS",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  515. ;---------------------------------------------------------------------------------------------
  516. ;ia64 ProgramFiles Directory
  517. ;---------------------------------------------------------------------------------------------
  518. @@:@m:"%SceInfProgramFilesx86%",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGWGXSD;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)(A;CIOI;GRGWGXSD;;;S-1-5-13)"
  520. ;---------------------------------------------------------------------------------------------
  521. ;System Root (Typically \WINDOWS)
  522. ;---------------------------------------------------------------------------------------------
  523. "%SystemRoot%",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGWGXSD;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  525. ;Directories that existed and inherited on NT4 out of the box.
  526. ;The text-mode files within these directories are individually secured below.
  527. ;Config, Cursors, Help, Media, Repair, System, Fonts, INF
  529. ;Directories that existed but did not inherit on NT4.
  530. "%SystemRoot%\repair",2,"D:P(A;CI;GRGX;;;BU)(A;CIOI;GRGWGXSD;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  532. ;Directories with a legacy history that now ship in the box.
  533. ;Allow Power User Modify on the directory, but Read Only to the files installed during setup.
  534. "%SystemRoot%\addins",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CI;GRGWGXSD;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  535. "%SystemRoot%\Connection Wizard",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CI;GRGWGXSD;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  536. "%SystemRoot%\java",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CI;GRGWGXSD;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  537. "%SystemRoot%\msagent",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CI;GRGWGXSD;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  538. "%SystemRoot%\security",2,"D:P(A;CI;GX;;;BU)(A;CI;GX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  539. "%SystemRoot%\security\templates",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  540. "%SystemRoot%\speech",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CI;GRGWGXSD;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  541. "%SystemRoot%\TAPI",2,"D:P(A;CIOI;GR;;;BU)(A;CIOI;GRGWSD;;;PU)(A;CIOI;GA;;;NS)(A;CIOI;GA;;;LS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  542. "%SystemRoot%\twain_32",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CI;GRGWGXSD;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  543. "%SystemRoot%\Web",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CI;GRGWGXSD;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  545. ;Directories with a legacy history that no longer ship in the box
  546. "%SystemRoot%\speech",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CI;GRGWGXSD;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  548. ;Directories with a legacy history being changed for security reasons
  549. "%SystemRoot%\Debug",2,"D:P(A;;GX;;;BU)(A;;GX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  550. "%SystemRoot%\Debug\UserMode",2,"D:PAR(A;;0x00100023;;;BU)(A;OIIO;0x00100006;;;BU)(A;CIOI;GRGWGXSD;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)"
  551. "%SystemRoot%\help",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGWGXSD;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)(A;CIOI;GRGWGX;;;S-1-5-13)"
  552. "%SystemRoot%\Temp",2,"D:P(A;CI;0x100026;;;BU)(A;CIOI;GRGWGXSD;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  554. ;Directories with no legacy to preserve. Power Users the same as Users
  555. "%SystemRoot%\AppPatch",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  556. "%SystemRoot%\Driver Cache",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  557. "%SystemRoot%\mui",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  558. "%SystemRoot%\Resources",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  559. "%SystemRoot%\Web\printers\prtcabs",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)(A;CIOI;GRGWGXSD;;;NS)"
  560. "%SystemRoot%\WinSxS",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  562. ;Directories that do not exist when security applied during clean-install - Creator specifies directory security.
  563. ;We explicitly ignore so as not to whack the component-specified DIRECTORY security on upgrade or reapplication of defaults.
  564. "%SystemRoot%\CSC",1,"D:AR"
  566. ;Profiles folder (typically %SystemRoot%\Profiles)
  567. "%Profiles%",1,"D:AR"
  569. ; Directories that might not exist when security is applied; but are listed here
  570. ; so that they get secured correctly on converting the file system to NTFS
  571. "%SystemRoot%\Installer",2,"D:P(A;CIOI;GRGX;;;WD)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)"
  572. "%SystemRoot%\PCHEALTH\HELPCTR",2,"D:P(A;CIOI;GRGX;;;WD)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  573. "%SystemRoot%\PCHEALTH\HELPCTR\Config",2,"D:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  574. "%SystemRoot%\PCHEALTH\HELPCTR\DataColl",2,"D:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  575. "%SystemRoot%\PCHEALTH\HELPCTR\PackageStore",2,"D:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  576. "%SystemRoot%\prefetch",2,"D:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)"
  577. "%SystemRoot%\Registration",2,"D:P(A;OI;GRGX;;;WD)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)"
  578. "%SystemRoot%\Registration\CRMLog",0,"D:P(A;;0x1200ab;;;BU)(A;OIIO;GRGWSD;;;BU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)"
  579. "%SystemRoot%\Tasks",2,"D:P(A;;0x1200ab;;;BO)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  581. ;Directories that do not exist when security applied during setup - Creator does not specify directory security.
  582. ;Creator should specify FILE security in optional component INF that gets applied on clean-install AND upgrade.
  583. ;Omit (rather than ignore) to allow component-specified file security to be set on reapplication of defaults.
  584. ;Use MARTA (rather than omit) for any components that set protected run-time security.
  585. ;"%SystemRoot%\Downloaded Program Files",0,"D:AR"
  586. ;"%SystemRoot%\Offline Web Pages",0,"D:AR"
  587. ;"%SystemRoot%\IME",0,"D:AR"
  588. ;"%SystemRoot%\mww32",0,"D:AR"
  589. ;"%SystemRoot%\PCHEALTH",0,"D:AR"
  590. ;"%SystemRoot%\SchCache",0,"D:AR"
  591. ;"%SystemRoot%\srchasst",0,"D:AR"
  593. ;---------------------------------------------------------------------------------------------
  594. ;System Directory (Typically \Windows\System32)
  595. ;---------------------------------------------------------------------------------------------
  597. "%SystemDirectory%",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGWGXSD;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  599. ;Directories that existed and inherited on NT4 out of the box.
  600. ;The text-mode files within these directories are individually secured below.
  601. ;OS2, RAS, Spool, Viewers, WINS, Certsrv
  603. ;Directories that existed but did not inherit on NT4.
  604. "%SystemDirectory%\config",2,"D:P(A;CI;GRGX;;;BU)(A;CI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  605. ;Profile for system account - moved from Docs and Settings in Whistler. Creator specifies security.
  606. "%SystemDirectory%\config\systemprofile",1,"D:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)"
  607. "%SystemDirectory%\dhcp",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  608. "%SystemDirectory%\dllcache",2,"D:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  609. "%SystemDirectory%\drivers",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  611. ;Directories with a legacy history that now ship in the box.
  612. ;Allow Power User Modify on the directory, but Read Only to the files installed during setup.
  613. "%SystemDirectory%\ShellExt",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CI;GRGWGXSD;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  614. "%SystemDirectory%\spool\drivers",2,"D:(A;CIOI;GRGX;;;WD)"
  615. "%SystemDirectory%\wbem",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CI;GRGWGXSD;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  617. ;Directories with a legacy history that no longer ship in the box
  618. ;
  620. ;Directories with a legacy history being changed for security reasons
  621. "%SystemDirectory%\catroot",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  622. "%SystemDirectory%\catroot2",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  623. "%SystemDirectory%\ias",2,"D:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  625. ;Directories with no legacy to preserve. Power Users the same as Users
  626. "%SystemDirectory%\3com_dmi",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  627. "%SystemDirectory%\administration",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  628. "%SystemDirectory%\Export",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  629. "%SystemDirectory%\icsxml",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  630. "%SystemDirectory%\LogFiles",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  631. "%SystemDirectory%\mui",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  632. @@:@i:"%SystemDirectory%\oobe",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  634. ;Directories with no legacy to preserve. Different from parent.
  635. "%SystemDirectory%\LogFiles\ShutDown",2,"D:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)"
  636. "%SystemDirectory%\setup",2,"D:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  637. "%SystemDirectory%\wbem\mof",2,"D:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  638. "%SystemDirectory%\wbem\repository",2,"D:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  639. "%SystemDirectory%\wbem\logs",2,"D:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)(A;CIOI;GRGXGW;;;NS)(A;CIOI;GRGXGW;;;LS)"
  640. "%SystemDirectory%\wbem\AutoRecover",2,"D:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  642. ;Directories that do not exist when security applied during clean-install - Creator specifies directory security.
  643. ;We explicitly ignore so as not to whack the component-specified DIRECTORY security on upgrade or reapplication of defaults.
  644. "%SystemDirectory%\appmgmt",1,"D:AR"
  645. "%SystemDirectory%\DTCLog",1,"D:AR"
  646. "%SystemDirectory%\ReinstallBackups",1,"D:AR"
  647. "%SystemDirectory%\repl",1,"D:AR"
  649. ; Directories that might not exist when security is applied; but are listed here
  650. ; so that they get secured correctly on converting the file system to NTFS
  651. "%SystemDirectory%\com\dmp",2,"D:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)"
  652. "%SystemDirectory%\CPL.CFG",2,"D:(A;CIOI;GA;;;NS)"
  653. "%SystemDirectory%\CertLog",2,"D:P(A;CIOI;GA;;;BO)(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICIIO;FA;;;CO)"
  654. "%SystemDirectory%\FxsTmp",2,"D:P(A;;0x100003;;;BU)(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICIIO;FA;;;CO)"
  655. "%SystemDirectory%\GroupPolicy",2,"D:P(A;CIOI;GRGX;;;AU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)"
  656. "%SystemDirectory%\LLS",2,"D:(A;CIOI;GA;;;NS)"
  657. "%SystemDirectory%\LLS\CPL.CFG",2,"D:P(A;CIOI;GA;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  658. "%SystemDirectory%\LLS\LlsCert.LLS",2,"D:P(A;CIOI;GA;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  659. "%SystemDirectory%\LLS\LlsMap.LLS",2,"D:P(A;CIOI;GA;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  660. "%SystemDirectory%\LLS\LlsUser.LLS",2,"D:P(A;CIOI;GA;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  661. "%SystemDirectory%\LogFiles\Fax\Incoming",2,"D:P(A;CIOI;GA;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  662. "%SystemDirectory%\LogFiles\Fax\Outgoing",2,"D:P(A;CIOI;GA;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  663. "%SystemDirectory%\LogFiles\UDDI",2,"D:(A;CIOI;GRGWGXSD;;;NS)"
  664. "%SystemDirectory%\LogFiles\wms",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GRGWGXSD;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  665. "%SystemDirectory%\LServer",2,"D:P(A;OICI;GRGWGXDTSDCCLC;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  666. "%SystemDirectory%\msdtc",2,"D:P(A;OICI;GRGWGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  667. "%SystemDirectory%\msmq",2,"D:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  668. "%SystemDirectory%\NTMSData",2,"D:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)"
  669. "%SystemDirectory%\RemoteStorage",2,"D:P(A;CIOI;GRGX;;;BO)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)"
  670. "%SystemDirectory%\spool\printers",2,"D:P(A;CI;0x1000ae;;;BU)(A;CI;0x1000ae;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  671. "%SystemDirectory%\tssesdir",2,"D:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  672. "%SystemDirectory%\Windows media",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGWGXSD;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  674. ;Directories that do not exist when security applied during setup - Creator does not specify directory security.
  675. ;Creator should specify FILE security in optional component INF that gets applied on clean-install AND upgrade.
  676. ;Omit (rather than ignore) to allow component-specified file security to be set on reapplication of defaults.
  677. ;Use MARTA (rather than omit) for any components that set protected run-time security.
  678. ;"%SystemDirectory%\Cache",0,"D:AR"
  679. ;"%SystemDirectory%\clients",0,"D:AR"
  680. ;"%SystemDirectory%\Com",0,"D:AR"
  681. ;"%SystemDirectory%\inetsrv",0,"D:AR"
  682. ;"%SystemDirectory%\Microsoft",0,"D:AR"
  683. ;"%SystemDirectory%\netmon",0,"D:AR"
  684. ;"%SystemDirectory%\npp",0,"D:AR"
  685. ;"%SystemDirectory%\oobe",0,"D:AR"
  686. ;"%SystemDirectory%\restore",0,"D:AR"
  687. ;"%SystemDirectory%\reminst",0,"D:AR"
  688. ;"%SystemDirectory%\rocket",0,"D:AR"
  689. ;"%SystemDirectory%\usmt",0,"D:AR"
  691. ;-----------------------------------------------------------------------------------------
  692. ; SysWOW64 directories
  693. ;-----------------------------------------------------------------------------------------
  695. @@:@6:"%Systemroot%\SysWOW64",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGWGXSD;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  696. @@:@6:"%Systemroot%\SysWOW64\wbem",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CI;GRGWGXSD;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  697. @@:@6:"%Systemroot%\SysWOW64\Export",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  698. @@:@6:"%Systemroot%\SysWOW64\ias",2,"D:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  701. ;-----------------------------------------------------------------------------------------
  702. ;Individual File Settings.
  703. ;So that Power User Modify is not inherited from parent.
  704. ;-----------------------------------------------------------------------------------------
  705. "%Systemroot%\*",2,"D:P(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  706. Exception="win.ini"
  707. "%Systemroot%\System\*",2,"D:P(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  708. "%Systemroot%\Inf\*",2,"D:P(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  709. Exception="msmail.inf"
  710. "%Systemroot%\Help\*",2,"D:P(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  711. "%Systemroot%\Help\mail\smtpsnap.cnt",2,"D:P(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  712. "%Systemroot%\Help\mail\smtpsnap.hlp",2,"D:P(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  713. "%Systemroot%\Help\news\nntpsnap.cnt",2,"D:P(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  714. "%Systemroot%\Help\news\nntpsnap.hlp",2,"D:P(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  715. "%Systemroot%\Fonts\*",2,"D:P(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  716. "%Systemroot%\Config\*",2,"D:P(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  717. "%Systemroot%\Media\*",2,"D:P(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  718. "%Systemroot%\Cursors\*",2,"D:P(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  719. "%Systemroot%\repair\default",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
  720. "%Systemroot%\repair\ntuser.dat",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
  721. "%Systemroot%\repair\sam",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
  722. "%Systemroot%\repair\security",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
  723. "%Systemroot%\repair\software",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
  724. "%Systemroot%\repair\system",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
  725. "%SystemRoot%\TAPI\tsec.ini",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
  726. "%Systemdirectory%\hal.dll",2,"D:P(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  727. "%Systemdirectory%\inetsrv\aqadmin.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)"
  728. "%Systemdirectory%\inetsrv\aqueue.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)"
  729. "%Systemdirectory%\inetsrv\ddrop.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)"
  730. "%Systemdirectory%\inetsrv\isrpc.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)"
  731. "%Systemdirectory%\inetsrv\mailmsg.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)"
  732. "%Systemdirectory%\inetsrv\nntpadm.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)"
  733. "%Systemdirectory%\inetsrv\nntpfs.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)"
  734. "%Systemdirectory%\inetsrv\nntpsnap.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)"
  735. "%Systemdirectory%\inetsrv\nntpsvc.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)"
  736. "%Systemdirectory%\inetsrv\ntfsdrv.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)"
  737. "%Systemdirectory%\inetsrv\rcancel.vbs",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)"
  738. "%Systemdirectory%\inetsrv\regfilt.vbs",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)"
  739. "%Systemdirectory%\inetsrv\rexpire.vbs",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)"
  740. "%Systemdirectory%\inetsrv\rfeed.vbs",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)"
  741. "%Systemdirectory%\inetsrv\rgroup.vbs",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)"
  742. "%Systemdirectory%\inetsrv\rsess.vbs",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)"
  743. "%Systemdirectory%\inetsrv\SCRIPTO.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)"
  744. "%Systemdirectory%\inetsrv\seo.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)"
  745. "%Systemdirectory%\inetsrv\seos.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)"
  746. "%Systemdirectory%\inetsrv\smtpadm.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)"
  747. "%Systemdirectory%\inetsrv\smtpsnap.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)"
  748. "%Systemdirectory%\inetsrv\smtpsvc.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)"
  749. "%Systemdirectory%\netmon\bhsupp.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  750. "%Systemdirectory%\netmon\hexedit.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  751. "%Systemdirectory%\netmon\netmon.exe",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  752. "%Systemdirectory%\netmon\netmon.ini",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  753. "%Systemdirectory%\netmon\nmapi.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  754. "%Systemdirectory%\netmon\parser.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  755. "%Systemdirectory%\netmon\parser.ini",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  756. "%Systemdirectory%\netmon\slbs.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  757. "%Systemdirectory%\netmon\default.adr",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  758. "%Systemdirectory%\netmon\captures\default.cf",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  759. "%Systemdirectory%\netmon\captures\default.df",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  760. "%Systemdirectory%\netmon\parsers\atalk.ini",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  761. "%Systemdirectory%\netmon\parsers\atalk.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  762. "%Systemdirectory%\netmon\parsers\BONE.DLL",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  763. "%Systemdirectory%\netmon\parsers\BROWSER.DLL",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  764. "%Systemdirectory%\netmon\parsers\FRAME.DLL",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  765. "%Systemdirectory%\netmon\parsers\IPX.DLL",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  766. "%Systemdirectory%\netmon\parsers\IPX.INI",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  767. "%Systemdirectory%\netmon\parsers\LLC.DLL",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  768. "%Systemdirectory%\netmon\parsers\LLC.INI",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  769. "%Systemdirectory%\netmon\parsers\MAC.DLL",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  770. "%Systemdirectory%\netmon\parsers\MAC.INI",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  771. "%Systemdirectory%\netmon\parsers\MSRPC.DLL",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  772. "%Systemdirectory%\netmon\parsers\MSRPC.INI",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  773. "%Systemdirectory%\netmon\parsers\NCP.DLL",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  774. "%Systemdirectory%\netmon\parsers\NETBIOS.DLL",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  775. "%Systemdirectory%\netmon\parsers\NETLOGON.DLL",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  776. "%Systemdirectory%\netmon\parsers\PPP.DLL",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  777. "%Systemdirectory%\netmon\parsers\PPP.INI",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  778. "%Systemdirectory%\netmon\parsers\PPPOE.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  779. "%Systemdirectory%\netmon\parsers\SMB.DLL",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  780. "%Systemdirectory%\netmon\parsers\SNMP.DLL",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  781. "%Systemdirectory%\netmon\parsers\TCPIP.DLL",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  782. "%Systemdirectory%\netmon\parsers\TCPIP.INI",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  783. "%Systemdirectory%\netmon\parsers\TRAIL.DLL",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  784. "%Systemdirectory%\netmon\parsers\TRAIL.INI",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  785. "%Systemdirectory%\netmon\parsers\VINES.DLL",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  786. "%Systemdirectory%\netmon\parsers\VINES.INI",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  787. "%Systemdirectory%\netmon\parsers\XNS.DLL",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  788. "%Systemdirectory%\netmon\parsers\XNS.INI",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  789. "%Systemdirectory%\netmon\parsers\LOGON.DLL",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  790. "%Systemdirectory%\netmon\parsers\LSARPC.DLL",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  791. "%Systemdirectory%\netmon\parsers\WINSPL.DLL",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  792. "%Systemdirectory%\netmon\parsers\RSVP.DLL",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  793. "%Systemdirectory%\netmon\parsers\LANE.DLL",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  794. "%Systemdirectory%\netmon\parsers\ATMARP.DLL",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  795. "%Systemdirectory%\netmon\parsers\ATMARP.INI",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  796. "%Systemdirectory%\netmon\parsers\LDAP.DLL",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  797. "%Systemdirectory%\netmon\parsers\mcast.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  798. "%Systemdirectory%\netmon\parsers\kerbprsr.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  799. "%Systemdirectory%\netmon\parsers\upnpparser.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  800. "%Systemdirectory%\netmon\parsers\upnpparser.ini",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  801. "%Systemdirectory%\spoolss.dll",2,"D:P(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  802. "%Systemdirectory%\*",2,"D:P(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  803. Exception="autoexec.nt"
  804. Exception="cmos.ram"
  805. Exception="config.nt"
  806. Exception="hpmon.dll"
  807. Exception="hpmon.hlp"
  808. Exception="localmon.dll"
  809. Exception="midimap.cfg"
  810. Exception="append.exe"
  811. Exception="arp.exe"
  812. Exception="at.exe"
  813. Exception="atmadm.exe"
  814. Exception="attrib.exe"
  815. Exception="bootcfg.exe"
  816. Exception="cacls.exe"
  817. Exception="certreq.exe"
  818. Exception="certutil.exe"
  819. Exception="change.exe"
  820. Exception="chcp.com"
  821. Exception="chglogon.exe"
  822. Exception="chgport.exe"
  823. Exception="chgusr.exe"
  824. Exception="chkdsk.exe"
  825. Exception="chkntfs.exe"
  826. Exception="choice.exe"
  827. Exception="cidaemon.exe"
  828. Exception="cipher.exe"
  829. Exception="clip.exe"
  830. Exception="cluster.exe"
  831. Exception="cmd.exe"
  832. Exception="cmdkey.exe"
  833. Exception="comclust.exe"
  834. Exception="command.com"
  835. Exception="comp.exe"
  836. Exception="compact.exe"
  837. Exception="convert.exe"
  838. Exception="convlog.exe"
  839. Exception="cprofile.exe"
  840. Exception="cscript.exe"
  841. Exception="csvde.exe"
  842. Exception="dcgpofix.exe"
  843. Exception="dcphelp.exe"
  844. Exception="debug.exe"
  845. Exception="defrag.exe"
  846. Exception="dfscmd.exe"
  847. Exception="diantz.exe"
  848. Exception="diskcomp.com"
  849. Exception="diskcopy.com"
  850. Exception="diskpart.exe"
  851. Exception="diskperf.exe"
  852. Exception="dns.exe"
  853. Exception="doskey.exe"
  854. Exception="dosx.exe"
  855. Exception="driverquery.exe"
  856. Exception="dsadd.exe"
  857. Exception="dsget.exe"
  858. Exception="dsmod.exe"
  859. Exception="dsmove.exe"
  860. Exception="dsquery.exe"
  861. Exception="dsrm.exe"
  862. Exception="edit.com"
  863. Exception="edlin.exe"
  864. Exception="esentutl.exe"
  865. Exception="eventcreate.exe"
  866. Exception="eventtriggers.exe"
  867. Exception="evntcmd.exe"
  868. Exception="exe2bin.exe"
  869. Exception="expand.exe"
  870. Exception="fastopen.exe"
  871. Exception="fc.exe"
  872. Exception="find.exe"
  873. Exception="findstr.exe"
  874. Exception="finger.exe"
  875. Exception="flattemp.exe"
  876. Exception="forcedos.exe"
  877. Exception="forfiles.exe"
  878. Exception="format.com"
  879. Exception="freedisk.exe"
  880. Exception="fsutil.exe"
  881. Exception="ftp.exe"
  882. Exception="fxssvc.exe"
  883. Exception="getmac.exe"
  884. Exception="gettype.exe"
  885. Exception="gpresult.exe"
  886. Exception="gpupdate.exe"
  887. Exception="graftabl.com"
  888. Exception="graphics.com"
  889. Exception="grovel.exe"
  890. Exception="help.exe"
  891. Exception="hostname.exe"
  892. Exception="iisreset.exe"
  893. Exception="inuse.exe"
  894. Exception="ipconfig.exe"
  895. Exception="ipsec6.exe"
  896. Exception="ipxroute.exe"
  897. Exception="ismserv.exe"
  898. Exception="jetconv.exe"
  899. Exception="jetpack.exe"
  900. Exception="kb16.com"
  901. Exception="label.exe"
  902. Exception="ldifde.exe"
  903. Exception="loadfix.com"
  904. Exception="locator.exe"
  905. Exception="lodctr.exe"
  906. Exception="logman.exe"
  907. Exception="logoff.exe"
  908. Exception="lpq.exe"
  909. Exception="lpr.exe"
  910. Exception="lserver.exe"
  911. Exception="macfile.exe"
  912. Exception="makecab.exe"
  913. Exception="mem.exe"
  914. Exception="mode.com"
  915. Exception="more.com"
  916. Exception="mountvol.exe"
  917. Exception="mqbkup.exe"
  918. Exception="mqdssvc.exe"
  919. Exception="mqsvc.exe"
  920. Exception="mqtgsvc.exe"
  921. Exception="mrinfo.exe"
  922. Exception="mscdexnt.exe"
  923. Exception="msg.exe"
  924. Exception="msiexec.exe"
  925. Exception="nbtstat.exe"
  926. Exception="net.exe"
  927. Exception="net1.exe"
  928. Exception="netsh.exe"
  929. Exception="netstat.exe"
  930. Exception="nlb.exe"
  931. Exception="nlsfunc.exe"
  932. Exception="nslookup.exe"
  933. Exception="ntbackup.exe"
  934. Exception="ntdsutil.exe"
  935. Exception="ntfrs.exe"
  936. Exception="ntsd.exe"
  937. Exception="ntvdm.exe"
  938. Exception="nw16.exe"
  939. Exception="nwscript.exe"
  940. Exception="odbcconf.exe"
  941. Exception="openfiles.exe"
  942. Exception="pathping.exe"
  943. Exception="pentnt.exe"
  944. Exception="ping.exe"
  945. Exception="ping6.exe"
  946. Exception="powercfg.exe"
  947. Exception="print.exe"
  948. Exception="proxycfg.exe"
  949. Exception="qappsrv.exe"
  950. Exception="qprocess.exe"
  951. Exception="query.exe"
  952. Exception="quser.exe"
  953. Exception="qwinsta.exe"
  954. Exception="rasautou.exe"
  955. Exception="rasdial.exe"
  956. Exception="rcp.exe"
  957. Exception="recover.exe"
  958. Exception="redir.exe"
  959. Exception="reg.exe"
  960. Exception="regini.exe"
  961. Exception="register.exe"
  962. Exception="regsvr32.exe"
  963. Exception="relog.exe"
  964. Exception="replace.exe"
  965. Exception="reset.exe"
  966. Exception="rexec.exe"
  967. Exception="route.exe"
  968. Exception="routemon.exe"
  969. Exception="rsh.exe"
  970. Exception="RsLnk.exe"
  971. Exception="rsm.exe"
  972. Exception="Rss.exe"
  973. Exception="RsServ.exe"
  974. Exception="RsTore.exe"
  975. Exception="runas.exe"
  976. Exception="rwinsta.exe"
  977. Exception="sacsess.exe"
  978. Exception="sc.exe"
  979. Exception="scardsvr.exe"
  980. Exception="schtasks.exe"
  981. Exception="schupgr.exe"
  982. Exception="secedit.exe"
  983. Exception="setver.exe"
  984. Exception="setx.exe"
  985. Exception="sfc.exe"
  986. Exception="sfmprint.exe"
  987. Exception="sfmpsexe.exe"
  988. Exception="sfmsvc.exe"
  989. Exception="shadow.exe"
  990. Exception="share.exe"
  991. Exception="shutdown.exe"
  992. Exception="snmp.exe"
  993. Exception="snmptrap.exe"
  994. Exception="sort.exe"
  995. Exception="subst.exe"
  996. Exception="systeminfo.exe"
  997. Exception="takeown.exe"
  998. Exception="tapicfg.exe"
  999. Exception="taskkill.exe"
  1000. Exception="tasklist.exe"
  1001. Exception="tcpsvcs.exe"
  1002. Exception="telnet.exe"
  1003. Exception="tftp.exe"
  1004. Exception="tftpd.exe"
  1005. Exception="timeout.exe"
  1006. Exception="tlntadmn.exe"
  1007. Exception="tlntsess.exe"
  1008. Exception="tracerpt.exe"
  1009. Exception="tracert.exe"
  1010. Exception="tracert6.exe"
  1011. Exception="tree.com"
  1012. Exception="tscon.exe"
  1013. Exception="tsdiscon.exe"
  1014. Exception="tsecimp.exe"
  1015. Exception="tskill.exe"
  1016. Exception="tsprof.exe"
  1017. Exception="tssdis.exe"
  1018. Exception="tsshutdn.exe"
  1019. Exception="typeperf.exe"
  1020. Exception="unlodctr.exe"
  1021. Exception="upg351db.exe"
  1022. Exception="ups.exe"
  1023. Exception="verifier.exe"
  1024. Exception="vssadmin.exe"
  1025. Exception="vwipxspx.exe"
  1026. Exception="w32tm.exe"
  1027. Exception="waitfor.exe"
  1028. Exception="where.exe"
  1029. Exception="whoami.exe"
  1030. Exception="win.com"
  1031. Exception="wins.exe"
  1032. Exception="wlbs.exe"
  1033. Exception="xcopy.exe"
  1034. Exception="wpa.bak"
  1035. Exception="wpa.dbl"
  1036. "%Systemdirectory%\cmd.exe",2,"D:P(A;;GRGX;;;IU)(A;;GRGX;;;SU)(A;;GA;;;BA)(A;;GA;;;SY)(A;;GA;;;CO)"
  1037. "%Systemdirectory%\wpa.bak",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
  1038. "%Systemdirectory%\wpa.dbl",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
  1039. "%Systemdirectory%\OS2\*",2,"D:P(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  1040. "%Systemdirectory%\OS2\DLL\*",2,"D:P(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  1041. "%Systemdirectory%\RAS\*",2,"D:P(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  1042. "%Systemdirectory%\Viewers\*",2,"D:P(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"