archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/mergedcomponents/setupinfs/dwup.inx

891 lines
56 KiB
Raw Permalink Normal View History

commiting as it is
4 years ago
  1. @*:This file defines default security settings.
  2. @*:Please do not edit. Instead, email kirksol with the requested change.
  3. @*:Thanks!
  4. ; Copyright (c) Microsoft Corporation. All rights reserved.
  5. ;
  6. ; Security Configuration Template for Security Configuration Editor
  7. ;
  8. ; Template Name: DWUp.INF
  9. ; Template Version: 05.10.DK.0000
  10. ;
  11. ; Default Security Settings applied on Professional Upgrade
  14. [Profile Description]
  15. %SCEDWUpProfileDescription%
  17. [version]
  18. signature="$CHICAGO$"
  19. revision=1
  21. [System Access]
  22. LSAAnonymousNameLookup = 0
  24. ;----------------------------------------------------------------
  25. ;Event Log - Log Settings
  26. ;----------------------------------------------------------------
  28. [System Log]
  29. RestrictGuestAccess = 1
  31. [Security Log]
  32. RestrictGuestAccess = 1
  34. [Application Log]
  35. RestrictGuestAccess = 1
  37. ;----------------------------------------------------------------
  38. ;Registry Values
  39. ;----------------------------------------------------------------
  40. [Registry Values]
  41. ;On upgrade (NT4 or 5), we can only set those registry values that meet the following criteria:
  42. ;a. value known not to exist on previous versions OR
  43. ;b. default setting has changed from less secure (NT4) to more secure (Win2k+) OR
  44. ;c. PERsonal-specific settings that should be set differently on PRO
  45. ;Note PER to PRO upgrade is feasible unlike PRO to SRv. We assume default reg values for PER remain unchanged.
  48. MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UndockWithoutLogon=4,1
  50. MACHINE\System\CurrentControlSet\Control\Lsa\DisableDomainCreds=4,0
  51. MACHINE\System\CurrentControlSet\Control\Lsa\EveryoneIncludesAnonymous=4,0
  52. MACHINE\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy=4,0
  53. ;Maintain previous forceguest behavior
  54. ;MACHINE\System\CurrentControlSet\Control\Lsa\ForceGuest=4,0
  55. MACHINE\System\CurrentControlSet\Control\Lsa\LmCompatibilityLevel=4,2
  56. MACHINE\System\CurrentControlSet\Control\Lsa\LimitBlankPasswordUse=4,1
  57. MACHINE\System\CurrentControlSet\Control\Lsa\NoDefaultAdminOwner=4,1
  58. MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymousSAM=4,1
  60. MACHINE\System\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedPaths\Machine=8,Add:,Software\Microsoft\Windows NT\CurrentVersion\Print,Software\Microsoft\Windows NT\CurrentVersion\Windows,Remove:,System\CurrentControlSet\Control\ProductOptions,System\CurrentControlSet\Control\Server Applications,Software\Microsoft\Windows NT\CurrentVersion
  61. MACHINE\System\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedExactPaths\Machine=8,Add:,System\CurrentControlSet\Control\ProductOptions,System\CurrentControlSet\Control\Server Applications,Software\Microsoft\Windows NT\CurrentVersion
  63. MACHINE\System\CurrentControlSet\Control\Session Manager\Kernel\ObCaseInsensitive=4,1
  64. MACHINE\System\CurrentControlSet\Control\Session Manager\ProtectionMode=4,1
  66. MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\RestrictNullSessAccess=4,1
  68. MACHINE\System\CurrentControlSet\Services\LDAP\LDAPClientIntegrity=4,1
  70. MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireSignOrSeal=4,1
  72. ;We cannot set the following values which were new for Win2k, because
  73. ;Win2k customers may have already configured them differently.
  74. ;Therefore, the following may not be configured on NT4 upgrade.
  75. ;
  76. ;MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SecurityLevel=4,0
  77. ;MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SetCommand=4,0
  78. ;MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateDASD=1,0
  79. ;MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ScRemoveOption=1,0
  81. [Privilege Rights]
  82. ;
  83. ;World S-1-1-0
  84. ;
  85. ;NT Authority S-1-5
  86. ;LOCAL_SERVICE 19
  87. ;NETWORK_SERVICE 20
  88. ;
  89. ;Built-In Domain SubAuthority = S-1-5-32
  90. ;ADMINISTRATORS 544
  91. ;USERS 545
  92. ;GUESTS 546
  93. ;POWER_USERS 547
  94. ;ACCOUNT_OPS 548
  95. ;SYSTEM_OPS 549
  96. ;PRINT_OPS 550
  97. ;BACKUP_OPS 551
  98. ;REPLICATOR 552
  99. ;RAS_SERVERS 553
  100. ;PREW2KCOMPACCESS 554
  101. ;REMOTE_DESKTOP_USERS 555
  102. ;NETWORK_CONFIGURATION_OPS 556
  104. SeAssignPrimaryTokenPrivilege = Add:, *S-1-5-19, *S-1-5-20
  105. SeAuditPrivilege = Add:, *S-1-5-19, *S-1-5-20
  106. SeCreateGlobalPrivilege = Add:, *S-1-5-6, *S-1-5-32-544
  107. SeImpersonatePrivilege = Add:, *S-1-5-6, *S-1-5-32-544
  108. SeIncreaseBasePriorityPrivilege = Remove:, *S-1-5-32-547
  109. SeIncreaseQuotaPrivilege = Add:, *S-1-5-19, *S-1-5-20
  110. SeManageVolumePrivilege = Add:, *S-1-5-32-544
  111. SeRemoteInteractiveLogonRight = Add:, *S-1-5-32-544, *S-1-5-32-555
  112. SeRemoteShutdownPrivilege = Remove:, *S-1-5-32-547
  113. SeSystemTimePrivilege = Remove:, *S-1-5-19, *S-1-5-20
  115. ;Undock was added in Win2k. Not adding Users because:
  116. ;a.) Win2k customers may have justifiably removed them.
  117. ;b.) NT4 upgrade adds interactive to the Power Users group.
  118. SeUndockPrivilege = Add:, *S-1-5-32-544, *S-1-5-32-547
  120. ;[Group Membership]
  121. ;During upgrade, use net api's to
  122. ;1 - add Authenticated Users and Interactive into the Users group
  123. ;2 - add Interactive to the Power Users group if NT4 Workstation Upgrade
  126. [Service General Setting]
  127. ;Note: startup type should not be configured during setup\dcpromo.
  128. ;autostarted on workstations and servers, standalone or joined - Remove PU ability to stop\start.
  129. Browser,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  130. Dhcp,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRRC;;;NO)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  131. TrkWks,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  132. Dnscache,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRRC;;;NO)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  133. Eventlog,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  134. PolicyAgent,,"D:(A;;CCLCSWLORC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  135. dmserver,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  136. Messenger,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  137. PlugPlay,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  138. Spooler,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  139. ProtectedStorage,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  140. RpcSs,,"D:(A;;CCLCSWLORC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLORC;;;PU)(A;;CCLCSWRPLO;;;IU)(A;;CCLCSWRPLO;;;BU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  141. NtmsSvc,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  142. seclogon,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  143. SamSs,,"D:(A;;CCLCSWLORC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLORC;;;PU)(A;;CCLCSWRPLO;;;IU)(A;;CCLCSWRPLO;;;BU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  144. lanmanserver,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  145. SENS,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  146. Schedule,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  147. Sysmonlog,,"D:(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCRPLOCR;;;LU)S:AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  148. LmHosts,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  149. LanmanWorkstation,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  150. RemoteRegistry,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  152. ;Not autostarted, but non-default DACL - Remove PU ability to change template
  153. ClipSrv,,"D:(A;;CCLCSWLORC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLORC;;;PU)(A;;CCLCSWRPLO;;;IU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  154. NetDDE,,"D:(A;;CCLCSWLORC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLORC;;;PU)(A;;CCLCSWRPLO;;;IU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  155. NetDDEdsdm,,"D:(A;;CCLCSWLORC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLORC;;;PU)(A;;CCLCSWRPLO;;;IU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  156. EventSystem,,"D:(A;;CCLCSWRPLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLORC;;;PU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  158. ;Not autostarted if machine is standalone
  159. ;Netlogon,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  160. ;W32Time,,"D:(A;;CCLCSWLORC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLORC;;;PU)(A;;CCLCSWRPLO;;;IU)(A;;CCLCSWRPLO;;;BU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  162. ;Not autostarted if Wksta
  163. ;Alerter,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  164. ;MSDTC,,"D:(A;;CCLCSWRPLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLORC;;;NS)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  166. ;Server Only Services
  167. ;Dfs,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  168. ;LicenseService,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  170. ;IIS Specific Services - Leave them alone
  171. ;IISADMIN,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  172. ;W3SVC,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  173. ;MSFTPSVC,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  174. ;SMTPSVC,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  177. [Registry Keys]
  179. "MACHINE\Software",0,"D:P(A;CI;GR;;;BU)(A;CI;GRGWSD;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  181. ;Same as parent, but this is the target of a symlink - set explicitly.
  182. "MACHINE\SOFTWARE\Classes",2,"D:P(A;CI;GR;;;BU)(A;CI;GRGWSD;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  183. "MACHINE\SOFTWARE\Classes\helpfile",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  184. "MACHINE\SOFTWARE\Classes\.hlp",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  186. "MACHINE\SOFTWARE\Microsoft\ADs\Providers\LDAP\Extensions",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  187. @@:@i:"MACHINE\SOFTWARE\Microsoft\ADs\Providers\NDS",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  188. @@:@i:"MACHINE\SOFTWARE\Microsoft\ADs\Providers\NWCOMPAT",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  189. "MACHINE\SOFTWARE\Microsoft\ADs\Providers\WinNT",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  191. "MACHINE\SOFTWARE\Microsoft\Command Processor",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  193. "MACHINE\SOFTWARE\Microsoft\Cryptography",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  194. "MACHINE\SOFTWARE\Microsoft\Cryptography\Calais",2,"D:AR(A;CI;GRGWSD;;;LS)"
  195. "MACHINE\SOFTWARE\Microsoft\DeviceManager",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  196. "MACHINE\SOFTWARE\Microsoft\Driver Signing",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  197. "MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  198. "MACHINE\Software\Microsoft\EventSystem",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  199. "MACHINE\SOFTWARE\Microsoft\Non-Driver Signing",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  200. "MACHINE\SOFTWARE\Microsoft\NetDDE",2,"D:P(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  201. "MACHINE\SOFTWARE\Microsoft\OLAP Server\CurrentVersion\SECURITY",1,"D:AR"
  202. "MACHINE\SOFTWARE\Microsoft\Ole",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  203. "MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider",1,"D:AR"
  204. "MACHINE\SOFTWARE\Microsoft\Rpc",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  205. "MACHINE\SOFTWARE\Microsoft\Secure",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  206. "MACHINE\Software\Microsoft\Speech",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  207. "MACHINE\SOFTWARE\Microsoft\SystemCertificates",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  209. "MACHINE\SOFTWARE\Microsoft\Windows",2,"D:AR"
  211. "MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  212. "MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reliability",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  213. "MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  214. "MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  215. "MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  217. ;The following keys do not exist when we run
  218. "MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy",1,"D:AR"
  219. "MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer",1,"D:AR"
  220. "MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies",1,"D:AR"
  221. "MACHINE\SOFTWARE\Microsoft\MSDTC",1,"D:AR"
  223. "MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony",2,"D:P(A;CIOI;GR;;;BU)(A;CIOI;GRGWSD;;;PU)(A;CIOI;GA;;;NS)(A;CIOI;GA;;;LS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  225. "MACHINE\SOFTWARE\Microsoft\Windows NT",2,"D:AR"
  227. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  228. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AEDebug",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  229. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Asr\Commands",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GRGWSD;;;BO)"
  230. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Classes",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  231. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  232. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EFS",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  233. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Event Viewer",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  234. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Font Drivers",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  235. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontMapper",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  236. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  237. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  238. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib",2,"D:P(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GR;;;LS)(A;CI;GR;;;NS)(A;CI;GR;;;LU)(A;CI;GR;;;MU)"
  239. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009",1,"D:AR"
  240. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PerHwIdStorage",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  241. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList",0,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  242. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SecEdit",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  243. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  244. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  245. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  246. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing",2,"D:P(A;CI;GRGWSD;;;LS)(A;CI;GRGWSD;;;NS)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  247. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WbemPerf",2,"D:P(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GR;;;LS)(A;CI;GR;;;NS)(A;CI;GR;;;LU)(A;CI;GR;;;MU)"
  248. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  249. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  251. "MACHINE\SOFTWARE\Microsoft\wbem",2,"D:P(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GA;;;NS)(A;CI;GR;;;BU)"
  252. "MACHINE\SOFTWARE\Microsoft\wbem\CIMOM",2,"D:P(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GR;;;BU)"
  253. "MACHINE\SOFTWARE\Microsoft\wbem\Transports",2,"D:P(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GR;;;BU)"
  254. "MACHINE\SOFTWARE\Microsoft\wbem\ESS",2,"D:P(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GR;;;BU)"
  255. "MACHINE\SOFTWARE\Microsoft\wbem\FWD",2,"D:P(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GR;;;BU)"
  257. "MACHINE\SOFTWARE\Policies",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  260. "MACHINE\System",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  262. "MACHINE\SYSTEM\Clone",1,"D:AR"
  264. "MACHINE\SYSTEM\ControlSet001",1,"D:AR"
  265. "MACHINE\SYSTEM\ControlSet002",1,"D:AR"
  266. "MACHINE\SYSTEM\ControlSet003",1,"D:AR"
  267. "MACHINE\SYSTEM\ControlSet004",1,"D:AR"
  268. "MACHINE\SYSTEM\ControlSet005",1,"D:AR"
  269. "MACHINE\SYSTEM\ControlSet006",1,"D:AR"
  270. "MACHINE\SYSTEM\ControlSet007",1,"D:AR"
  271. "MACHINE\SYSTEM\ControlSet008",1,"D:AR"
  272. "MACHINE\SYSTEM\ControlSet009",1,"D:AR"
  273. "MACHINE\SYSTEM\ControlSet010",1,"D:AR"
  275. "MACHINE\SYSTEM\CurrentControlSet\Control\Class",1,"D:AR"
  277. "MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout",2,"D:(A;CI;GR;;;WD)"
  278. "MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts",2,"D:(A;CI;GR;;;WD)"
  279. "MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Audit",2,"D:P(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  280. "MACHINE\SYSTEM\CurrentControlSet\Control\LSA\JD",2,"D:P(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  281. "MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Skew1",2,"D:P(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  282. "MACHINE\SYSTEM\CurrentControlSet\Control\LSA\GBG",2,"D:P(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  283. "MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Data",2,"D:P(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  284. "MACHINE\SYSTEM\CurrentControlSet\Control\Network",2,"D:(A;CI;GRGWSD;;;NO)"
  285. "MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg",2,"D:P(A;CI;GA;;;BA)(A;;GR;;;BO)(A;CI;GR;;;LS)"
  286. "MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCompatCache",2,"D:P(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  287. "MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Executive",2,"D:(A;CI;GRGWSD;;;PU)"
  288. "MACHINE\SYSTEM\CurrentControlSet\Control\TimeZoneInformation",2,"D:(A;CI;GRGWSD;;;PU)"
  289. "MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Security",2,"D:P(A;CI;GR;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  291. "MACHINE\SYSTEM\CurrentControlSet\Enum",1,"D:AR"
  293. "MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles",1,"D:AR"
  295. ;Don't whack more restrictive security subkeys.
  296. "MACHINE\SYSTEM\CurrentControlSet\Services",0,"D:AR"
  298. ;Set security subkey permissions for those services created via default hives
  299. "MACHINE\SYSTEM\CurrentControlSet\Services\AppMgmt\Security",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
  300. "MACHINE\SYSTEM\CurrentControlSet\Services\ClipSrv\Security",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
  301. "MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc\Security",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
  302. "MACHINE\SYSTEM\CurrentControlSet\Services\ERSvc\Security",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
  303. @*:Fix for 477845 causes regression for 32625
  304. ;"MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
  305. @*:We still can add a SACL to it though.
  306. "MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security",2,"S:AR(AU;OICISAFA;DCLCSDWDWO;;;WD)"
  307. @@:@6:"MACHINE\SYSTEM\CurrentControlSet\Services\IASJet\Security",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
  308. "MACHINE\SYSTEM\CurrentControlSet\Services\NetDDE\Security",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
  309. "MACHINE\SYSTEM\CurrentControlSet\Services\NetDDEdsdm\Security",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
  310. "MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Security",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
  311. "MACHINE\SYSTEM\CurrentControlSet\Services\Samss\Security",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
  312. "MACHINE\SYSTEM\CurrentControlSet\Services\SCardSvr\Security",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
  313. "MACHINE\SYSTEM\CurrentControlSet\Services\TapiSrv\Security",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
  314. "MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Security",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
  316. ;Set security subkey permissions for those services created in GUI-mode setup before SCE runs
  317. "MACHINE\SYSTEM\CurrentControlSet\Services\IREnum\Security",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
  318. "MACHINE\SYSTEM\CurrentControlSet\Services\STISvc\Security",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
  319. "MACHINE\SYSTEM\CurrentControlSet\Services\WMI\Security",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
  321. "MACHINE\SYSTEM\CurrentControlSet\Services\SysmonLog\Log Queries",2,"D:(A;CI;GA;;;NS)(A;CI;CCDCLCSWSDRC;;;LU)"
  323. "USERS\.DEFAULT",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  324. "USERS\.DEFAULT\Software\Microsoft\NetDDE",2,"D:P(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  325. "USERS\.DEFAULT\SOFTWARE\Microsoft\Protected Storage System Provider",1,"D:AR"
  326. "USERS\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\ProtectedRoots",1,"D:AR"
  328. [File Security]
  330. ;---------------------------------------------------------------------------------------
  331. ;x86 Boot Files
  332. ;---------------------------------------------------------------------------------------
  333. @@:@i:"%BootDrive%\boot.ini",2,"D:P(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  334. @@:@i:"%BootDrive%\ntdetect.com",2,"D:P(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  335. @@:@i:"%BootDrive%\ntldr",2,"D:P(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  336. @@:@i:"%BootDrive%\ntbootdd.sys",2,"D:P(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  337. @@:@i:"%BootDrive%\autoexec.bat",2,"D:P(A;;GRGX;;;BU)(A;;GRGWGXSD;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  338. @@:@i:"%BootDrive%\config.sys",2,"D:P(A;;GRGX;;;BU)(A;;GRGWGXSD;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  340. ;---------------------------------------------------------------------------------------
  341. ;amd64 Boot Files
  342. ;---------------------------------------------------------------------------------------
  343. @@:@a:"%BootDrive%\boot.ini",2,"D:P(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  344. @@:@a:"%BootDrive%\ntdetect.com",2,"D:P(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  345. @@:@a:"%BootDrive%\ntldr",2,"D:P(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  347. ;---------------------------------------------------------------------------------------
  348. ;System Drive
  349. ;---------------------------------------------------------------------------------------
  350. ;SetupSecurity will contain the new root acl. Ignore docs and settings if it's reapplied (e.g. on conversion from FAT)
  351. "%SystemDrive%\Documents and Settings",1,"D:AR"
  352. ; Directories that might not exist when security is applied; but are listed here
  353. ; so that they get secured correctly on converting the file system to NTFS
  354. "%SystemDrive%\perflogs",2,"D:P(A;CIOI;GRGX;;;MU)(A;CIOI;GRGWGXSDRC;;;NS)(A;CIOI;GRGWGXSDRC;;;LU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  355. "%SystemDrive%\System Volume Information",2,"D:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  356. "%SystemDrive%\wmpub",2,"D:P(A;CIOI;GRGWGXSD;;;BU)(A;CIOI;GRGWGXSD;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  359. ;---------------------------------------------------------------------------------------------
  360. ;ProgramFiles
  361. ;---------------------------------------------------------------------------------------------
  362. "%SceInfProgramFiles%",0,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGWGXSD;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  363. "%SceInfProgramFiles%\Microsoft SQL Server\MSSQL$UDDI",2,"D:P(A;CIOI;GA;;;BA)"
  364. "%SceInfProgramFiles%\WindowsUpdate",2,"D:P(A;CIOI;GRGWGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  365. "%SceInfCommonProgramFiles%\Microsoft Shared\Speech",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  366. "%SceInfCommonProgramFiles%\SpeechEngines\Microsoft\TTS",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  368. ;---------------------------------------------------------------------------------------------
  369. ;ia64 ProgramFiles Directory
  370. ;---------------------------------------------------------------------------------------------
  371. @@:@m:"%SceInfProgramFilesx86%",0,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGWGXSD;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  373. ;---------------------------------------------------------------------------------------------
  374. ;System Root (Typically \WINDOWS)
  375. ;---------------------------------------------------------------------------------------------
  376. "%SystemRoot%",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGWGXSD;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  378. ;Directories that existed and inherited on NT4 out of the box.
  379. ;The text-mode files within these directories are individually secured below.
  380. ;Config, Cursors, Help, Media, Repair, System, Fonts, INF
  382. ;Directories that existed but did not inherit on NT4.
  383. "%SystemRoot%\repair",2,"D:P(A;CI;GRGX;;;BU)(A;CIOI;GRGWGXSD;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  385. ;Directories with a legacy history that now ship in the box.
  386. ;Allow Power User Modify on the directory, but Read Only to the files installed during setup.
  387. "%SystemRoot%\addins",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CI;GRGWGXSD;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  388. "%SystemRoot%\Connection Wizard",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CI;GRGWGXSD;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  389. "%SystemRoot%\java",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CI;GRGWGXSD;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  390. "%SystemRoot%\msagent",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CI;GRGWGXSD;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  391. "%SystemRoot%\twain_32",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CI;GRGWGXSD;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  392. "%SystemRoot%\Web",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CI;GRGWGXSD;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  394. ;Directories with a legacy history that no longer ship in the box
  395. "%SystemRoot%\speech",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CI;GRGWGXSD;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  397. ;Directories with a legacy history being changed for security reasons
  398. "%SystemRoot%\Debug",2,"D:P(A;;GX;;;BU)(A;;GX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  399. "%SystemRoot%\Debug\UserMode",2,"D:PAR(A;;0x00100023;;;BU)(A;OIIO;0x00100006;;;BU)(A;CIOI;GRGWGXSD;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)"
  400. "%SystemRoot%\Temp",2,"D:P(A;CI;0x100026;;;BU)(A;CIOI;GRGWGXSD;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  402. ;Directories with no legacy to preserve. Power Users the same as Users
  403. "%SystemRoot%\AppPatch",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  404. "%SystemRoot%\Driver Cache",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  405. "%SystemRoot%\mui",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  406. "%SystemRoot%\Resources",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  407. "%SystemRoot%\Security",2,"D:P(A;CI;GX;;;BU)(A;CI;GX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  408. "%SystemRoot%\Security\templates",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  409. "%SystemRoot%\Web\printers\prtcabs",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)(A;CIOI;GRGWGXSD;;;NS)"
  410. "%SystemRoot%\WinSxS",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  412. ;Directories that do not exist when security applied during clean-install - Creator specifies directory security.
  413. ;We explicitly ignore so as not to whack the component-specified DIRECTORY security on upgrade or reapplication of defaults.
  414. "%SystemRoot%\CSC",1,"D:AR"
  416. ;Profiles folder (typically %SystemRoot%\Profiles)
  417. "%Profiles%",1,"D:AR"
  419. ; Directories that might not exist when security is applied; but are listed here
  420. ; so that they get secured correctly on converting the file system to NTFS
  421. "%SystemRoot%\Installer",2,"D:P(A;CIOI;GRGX;;;WD)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)"
  422. "%SystemRoot%\PCHEALTH\HELPCTR",2,"D:P(A;CIOI;GRGX;;;WD)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  423. "%SystemRoot%\PCHEALTH\HELPCTR\Config",2,"D:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  424. "%SystemRoot%\PCHEALTH\HELPCTR\DataColl",2,"D:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  425. "%SystemRoot%\PCHEALTH\HELPCTR\PackageStore",2,"D:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  426. "%SystemRoot%\prefetch",2,"D:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)"
  427. "%SystemRoot%\Registration",2,"D:P(A;OI;GRGX;;;WD)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)"
  428. "%SystemRoot%\Registration\CRMLog",0,"D:P(A;;0x1200ab;;;BU)(A;OIIO;GRGWSD;;;BU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)"
  429. "%SystemRoot%\Tasks",2,"D:P(A;;0x1200ab;;;AU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  431. ;Directories that do not exist when security applied during setup - Creator does not specify directory security.
  432. ;Creator should specify FILE security in optional component INF that gets applied on clean-install AND upgrade.
  433. ;Omit (rather than ignore) to allow component-specified file security to be set on reapplication of defaults.
  434. ;Use MARTA (rather than omit) for any components that set protected run-time security.
  435. ;"%SystemRoot%\Downloaded Program Files",0,"D:AR"
  436. ;"%SystemRoot%\Offline Web Pages",0,"D:AR"
  437. ;"%SystemRoot%\IME",0,"D:AR"
  438. ;"%SystemRoot%\mww32",0,"D:AR"
  439. ;"%SystemRoot%\PCHEALTH",0,"D:AR"
  440. ;"%SystemRoot%\SchCache",0,"D:AR"
  441. ;"%SystemRoot%\srchasst",0,"D:AR"
  443. ;---------------------------------------------------------------------------------------------
  444. ;System Directory (Typically \Windows\System32)
  445. ;---------------------------------------------------------------------------------------------
  447. "%SystemDirectory%",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGWGXSD;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  449. ;Directories that existed and inherited on NT4 out of the box.
  450. ;The text-mode files within these directories are individually secured below.
  451. ;OS2, RAS, Spool, Viewers, WINS
  453. ;So spooler can load drivers while impersonating the forced Guest
  454. "%SystemDirectory%\spool\drivers",2,"D:(A;CIOI;GRGX;;;WD)"
  456. ;Directories that existed but did not inherit on NT4.
  457. "%SystemDirectory%\config",2,"D:P(A;CI;GRGX;;;BU)(A;CI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  458. ;Profile for system account - moved from Docs and Settings in Whistler. Creator specifies security.
  459. "%SystemDirectory%\config\systemprofile",1,"D:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)"
  460. "%SystemDirectory%\dhcp",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  461. "%SystemDirectory%\dllcache",2,"D:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  462. "%SystemDirectory%\drivers",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  464. ;Directories with a legacy history that now ship in the box.
  465. ;Allow Power User Modify on the directory, but Read Only to the files installed during setup.
  466. "%SystemDirectory%\ShellExt",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CI;GRGWGXSD;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  467. "%SystemDirectory%\wbem",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CI;GRGWGXSD;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  469. ;Directories with a legacy history that no longer ship in the box
  470. ;
  472. ;Directories with a legacy history being changed for security reasons
  473. "%SystemDirectory%\catroot",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  474. "%SystemDirectory%\catroot2",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  475. "%SystemDirectory%\ias",2,"D:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  477. ;Directories with no legacy to preserve. Power Users the same as Users
  478. "%SystemDirectory%\3com_dmi",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  479. "%SystemDirectory%\Export",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  480. "%SystemDirectory%\icsxml",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  481. "%SystemDirectory%\mui",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  482. @@:@i:"%SystemDirectory%\oobe",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  484. ;Directories with no legacy to preserve. Different from parent.
  485. "%SystemDirectory%\LogFiles\ShutDown",2,"D:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)"
  486. "%SystemDirectory%\setup",2,"D:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  487. "%SystemDirectory%\wbem\mof",2,"D:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  488. "%SystemDirectory%\wbem\repository",2,"D:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  489. "%SystemDirectory%\wbem\logs",2,"D:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)(A;CIOI;GRGXGW;;;NS)(A;CIOI;GRGXGW;;;LS)"
  490. "%SystemDirectory%\wbem\AutoRecover",2,"D:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  493. ;Directories that do not exist when security applied during clean-install - Creator specifies directory security.
  494. ;We explicitly ignore so as not to whack the component-specified DIRECTORY security on upgrade or reapplication of defaults.
  495. "%SystemDirectory%\appmgmt",1,"D:AR"
  496. "%SystemDirectory%\DTCLog",1,"D:AR"
  497. "%SystemDirectory%\ReinstallBackups",1,"D:AR"
  498. "%SystemDirectory%\repl",1,"D:AR"
  501. ; Directories that might not exist when security is applied; but are listed here
  502. ; so that they get secured correctly on converting the file system to NTFS
  503. "%SystemDirectory%\com\dmp",2,"D:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)"
  504. "%SystemDirectory%\CPL.CFG",2,"D:(A;CIOI;GA;;;NS)"
  505. "%SystemDirectory%\CertLog",2,"D:P(A;CIOI;GA;;;BO)(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICIIO;FA;;;CO)"
  506. "%SystemDirectory%\GroupPolicy",2,"D:P(A;CIOI;GRGX;;;AU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)"
  507. "%SystemDirectory%\FxsTmp",2,"D:P(A;;0x100003;;;BU)(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICIIO;FA;;;CO)"
  508. "%SystemDirectory%\LLS",2,"D:(A;CIOI;GA;;;NS)"
  509. "%SystemDirectory%\LLS\CPL.CFG",2,"D:P(A;CIOI;GA;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  510. "%SystemDirectory%\LLS\LlsCert.LLS",2,"D:P(A;CIOI;GA;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  511. "%SystemDirectory%\LLS\LlsMap.LLS",2,"D:P(A;CIOI;GA;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  512. "%SystemDirectory%\LLS\LlsUser.LLS",2,"D:P(A;CIOI;GA;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  513. "%SystemDirectory%\LogFiles\Fax\Incoming",2,"D:P(A;CIOI;GA;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  514. "%SystemDirectory%\LogFiles\Fax\Outgoing",2,"D:P(A;CIOI;GA;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  515. "%SystemDirectory%\LogFiles\UDDI",2,"D:(A;CIOI;GRGWGXSD;;;NS)"
  516. "%SystemDirectory%\LogFiles\wms",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GRGWGXSD;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  517. "%SystemDirectory%\LServer",2,"D:P(A;OICI;GRGWGXDTSDCCLC;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  518. "%SystemDirectory%\msdtc",2,"D:P(A;OICI;GRGWGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  519. "%SystemDirectory%\msmq",2,"D:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  520. "%SystemDirectory%\NTMSData",2,"D:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)"
  521. "%SystemDirectory%\RemoteStorage",2,"D:P(A;CIOI;GRGX;;;BO)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)"
  522. "%SystemDirectory%\spool\printers",2,"D:P(A;CI;0x1000ae;;;BU)(A;CI;0x1000ae;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  523. "%SystemDirectory%\tssesdir",2,"D:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  524. "%SystemDirectory%\Windows media",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGWGXSD;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  526. ;Directories that do not exist when security applied during setup - Creator does not specify directory security.
  527. ;Creator should specify FILE security in optional component INF that gets applied on clean-install AND upgrade.
  528. ;Omit (rather than ignore) to allow component-specified file security to be set on reapplication of defaults.
  529. ;Use MARTA (rather than omit) for any components that set protected run-time security.
  530. ;"%SystemDirectory%\Cache",0,"D:AR"
  531. ;"%SystemDirectory%\Com",0,"D:AR"
  532. ;"%SystemDirectory%\clients",0,"D:AR"
  533. ;"%SystemDirectory%\inetsrv",0,"D:AR"
  534. ;"%SystemDirectory%\Microsoft",0,"D:AR"
  535. ;"%SystemDirectory%\npp",0,"D:AR"
  536. ;"%SystemDirectory%\oobe",0,"D:AR"
  537. ;"%SystemDirectory%\restore",0,"D:AR"
  538. ;"%SystemDirectory%\reminst",0,"D:AR"
  539. ;"%SystemDirectory%\rocket",0,"D:AR"
  540. ;"%SystemDirectory%\usmt",0,"D:AR"
  542. ;-----------------------------------------------------------------------------------------
  543. ; SysWOW64 directories
  544. ;-----------------------------------------------------------------------------------------
  546. @@:@6:"%Systemroot%\SysWOW64",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGWGXSD;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  547. @@:@6:"%Systemroot%\SysWOW64\wbem",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CI;GRGWGXSD;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  548. @@:@6:"%Systemroot%\SysWOW64\Export",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  549. @@:@6:"%Systemroot%\SysWOW64\ias",2,"D:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  551. ;-----------------------------------------------------------------------------------------
  552. ;Individual File Settings.
  553. ;So that Power User Modify is not inherited from parent.
  554. ;-----------------------------------------------------------------------------------------
  555. "%Systemroot%\*",2,"D:P(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  556. Exception="win.ini"
  557. "%Systemroot%\System\*",2,"D:P(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  558. "%Systemroot%\Inf\*",2,"D:P(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  559. Exception="msmail.inf"
  560. "%Systemroot%\Help\*",2,"D:P(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  561. "%Systemroot%\Help\mail\smtpsnap.cnt",2,"D:P(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  562. "%Systemroot%\Help\mail\smtpsnap.hlp",2,"D:P(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  563. "%Systemroot%\Help\news\nntpsnap.cnt",2,"D:P(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  564. "%Systemroot%\Help\news\nntpsnap.hlp",2,"D:P(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  565. "%Systemroot%\Fonts\*",2,"D:P(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  566. "%Systemroot%\Config\*",2,"D:P(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  567. "%Systemroot%\Media\*",2,"D:P(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  568. "%Systemroot%\Cursors\*",2,"D:P(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  569. "%Systemroot%\repair\default",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
  570. "%Systemroot%\repair\ntuser.dat",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
  571. "%Systemroot%\repair\sam",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
  572. "%Systemroot%\repair\security",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
  573. "%Systemroot%\repair\software",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
  574. "%Systemroot%\repair\system",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
  575. "%SystemRoot%\TAPI\tsec.ini",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
  576. "%Systemdirectory%\hal.dll",2,"D:P(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  577. "%Systemdirectory%\inetsrv\aqadmin.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)"
  578. "%Systemdirectory%\inetsrv\aqueue.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)"
  579. "%Systemdirectory%\inetsrv\ddrop.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)"
  580. "%Systemdirectory%\inetsrv\isrpc.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)"
  581. "%Systemdirectory%\inetsrv\mailmsg.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)"
  582. "%Systemdirectory%\inetsrv\nntpadm.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)"
  583. "%Systemdirectory%\inetsrv\nntpfs.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)"
  584. "%Systemdirectory%\inetsrv\nntpsnap.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)"
  585. "%Systemdirectory%\inetsrv\nntpsvc.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)"
  586. "%Systemdirectory%\inetsrv\ntfsdrv.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)"
  587. "%Systemdirectory%\inetsrv\rcancel.vbs",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)"
  588. "%Systemdirectory%\inetsrv\regfilt.vbs",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)"
  589. "%Systemdirectory%\inetsrv\rexpire.vbs",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)"
  590. "%Systemdirectory%\inetsrv\rfeed.vbs",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)"
  591. "%Systemdirectory%\inetsrv\rgroup.vbs",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)"
  592. "%Systemdirectory%\inetsrv\rsess.vbs",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)"
  593. "%Systemdirectory%\inetsrv\SCRIPTO.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)"
  594. "%Systemdirectory%\inetsrv\seo.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)"
  595. "%Systemdirectory%\inetsrv\seos.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)"
  596. "%Systemdirectory%\inetsrv\smtpadm.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)"
  597. "%Systemdirectory%\inetsrv\smtpsnap.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)"
  598. "%Systemdirectory%\inetsrv\smtpsvc.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)"
  599. "%Systemdirectory%\netmon\bhsupp.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  600. "%Systemdirectory%\netmon\hexedit.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  601. "%Systemdirectory%\netmon\netmon.exe",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  602. "%Systemdirectory%\netmon\netmon.ini",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  603. "%Systemdirectory%\netmon\nmapi.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  604. "%Systemdirectory%\netmon\parser.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  605. "%Systemdirectory%\netmon\parser.ini",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  606. "%Systemdirectory%\netmon\slbs.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  607. "%Systemdirectory%\netmon\default.adr",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  608. "%Systemdirectory%\netmon\captures\default.cf",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  609. "%Systemdirectory%\netmon\captures\default.df",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  610. "%Systemdirectory%\netmon\parsers\atalk.ini",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  611. "%Systemdirectory%\netmon\parsers\atalk.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  612. "%Systemdirectory%\netmon\parsers\BONE.DLL",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  613. "%Systemdirectory%\netmon\parsers\BROWSER.DLL",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  614. "%Systemdirectory%\netmon\parsers\FRAME.DLL",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  615. "%Systemdirectory%\netmon\parsers\IPX.DLL",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  616. "%Systemdirectory%\netmon\parsers\IPX.INI",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  617. "%Systemdirectory%\netmon\parsers\LLC.DLL",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  618. "%Systemdirectory%\netmon\parsers\LLC.INI",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  619. "%Systemdirectory%\netmon\parsers\MAC.DLL",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  620. "%Systemdirectory%\netmon\parsers\MAC.INI",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  621. "%Systemdirectory%\netmon\parsers\MSRPC.DLL",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  622. "%Systemdirectory%\netmon\parsers\MSRPC.INI",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  623. "%Systemdirectory%\netmon\parsers\NCP.DLL",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  624. "%Systemdirectory%\netmon\parsers\NETBIOS.DLL",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  625. "%Systemdirectory%\netmon\parsers\NETLOGON.DLL",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  626. "%Systemdirectory%\netmon\parsers\PPP.DLL",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  627. "%Systemdirectory%\netmon\parsers\PPP.INI",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  628. "%Systemdirectory%\netmon\parsers\PPPOE.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  629. "%Systemdirectory%\netmon\parsers\SMB.DLL",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  630. "%Systemdirectory%\netmon\parsers\SNMP.DLL",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  631. "%Systemdirectory%\netmon\parsers\TCPIP.DLL",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  632. "%Systemdirectory%\netmon\parsers\TCPIP.INI",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  633. "%Systemdirectory%\netmon\parsers\TRAIL.DLL",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  634. "%Systemdirectory%\netmon\parsers\TRAIL.INI",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  635. "%Systemdirectory%\netmon\parsers\VINES.DLL",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  636. "%Systemdirectory%\netmon\parsers\VINES.INI",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  637. "%Systemdirectory%\netmon\parsers\XNS.DLL",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  638. "%Systemdirectory%\netmon\parsers\XNS.INI",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  639. "%Systemdirectory%\netmon\parsers\LOGON.DLL",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  640. "%Systemdirectory%\netmon\parsers\LSARPC.DLL",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  641. "%Systemdirectory%\netmon\parsers\WINSPL.DLL",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  642. "%Systemdirectory%\netmon\parsers\RSVP.DLL",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  643. "%Systemdirectory%\netmon\parsers\LANE.DLL",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  644. "%Systemdirectory%\netmon\parsers\ATMARP.DLL",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  645. "%Systemdirectory%\netmon\parsers\ATMARP.INI",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  646. "%Systemdirectory%\netmon\parsers\LDAP.DLL",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  647. "%Systemdirectory%\netmon\parsers\mcast.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  648. "%Systemdirectory%\netmon\parsers\kerbprsr.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  649. "%Systemdirectory%\netmon\parsers\upnpparser.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  650. "%Systemdirectory%\netmon\parsers\upnpparser.ini",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  651. "%Systemdirectory%\*",2,"D:P(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  652. Exception="autoexec.nt"
  653. Exception="cmos.ram"
  654. Exception="config.nt"
  655. Exception="hpmon.dll"
  656. Exception="hpmon.hlp"
  657. Exception="localmon.dll"
  658. Exception="midimap.cfg"
  659. Exception="append.exe"
  660. Exception="arp.exe"
  661. Exception="at.exe"
  662. Exception="atmadm.exe"
  663. Exception="attrib.exe"
  664. Exception="bootcfg.exe"
  665. Exception="cacls.exe"
  666. Exception="certreq.exe"
  667. Exception="certutil.exe"
  668. Exception="change.exe"
  669. Exception="chcp.com"
  670. Exception="chglogon.exe"
  671. Exception="chgport.exe"
  672. Exception="chgusr.exe"
  673. Exception="chkdsk.exe"
  674. Exception="chkntfs.exe"
  675. Exception="choice.exe"
  676. Exception="cidaemon.exe"
  677. Exception="cipher.exe"
  678. Exception="clip.exe"
  679. Exception="cluster.exe"
  680. Exception="cmd.exe"
  681. Exception="cmdkey.exe"
  682. Exception="comclust.exe"
  683. Exception="command.com"
  684. Exception="comp.exe"
  685. Exception="compact.exe"
  686. Exception="convert.exe"
  687. Exception="convlog.exe"
  688. Exception="cprofile.exe"
  689. Exception="cscript.exe"
  690. Exception="csvde.exe"
  691. Exception="dcgpofix.exe"
  692. Exception="dcphelp.exe"
  693. Exception="debug.exe"
  694. Exception="defrag.exe"
  695. Exception="dfscmd.exe"
  696. Exception="diantz.exe"
  697. Exception="diskcomp.com"
  698. Exception="diskcopy.com"
  699. Exception="diskpart.exe"
  700. Exception="diskperf.exe"
  701. Exception="dns.exe"
  702. Exception="doskey.exe"
  703. Exception="dosx.exe"
  704. Exception="driverquery.exe"
  705. Exception="dsadd.exe"
  706. Exception="dsget.exe"
  707. Exception="dsmod.exe"
  708. Exception="dsmove.exe"
  709. Exception="dsquery.exe"
  710. Exception="dsrm.exe"
  711. Exception="edit.com"
  712. Exception="edlin.exe"
  713. Exception="esentutl.exe"
  714. Exception="eventcreate.exe"
  715. Exception="eventtriggers.exe"
  716. Exception="evntcmd.exe"
  717. Exception="exe2bin.exe"
  718. Exception="expand.exe"
  719. Exception="fastopen.exe"
  720. Exception="fc.exe"
  721. Exception="find.exe"
  722. Exception="findstr.exe"
  723. Exception="finger.exe"
  724. Exception="flattemp.exe"
  725. Exception="forcedos.exe"
  726. Exception="forfiles.exe"
  727. Exception="format.com"
  728. Exception="freedisk.exe"
  729. Exception="fsutil.exe"
  730. Exception="ftp.exe"
  731. Exception="fxssvc.exe"
  732. Exception="getmac.exe"
  733. Exception="gettype.exe"
  734. Exception="gpresult.exe"
  735. Exception="gpupdate.exe"
  736. Exception="graftabl.com"
  737. Exception="graphics.com"
  738. Exception="grovel.exe"
  739. Exception="help.exe"
  740. Exception="hostname.exe"
  741. Exception="iisreset.exe"
  742. Exception="inuse.exe"
  743. Exception="ipconfig.exe"
  744. Exception="ipsec6.exe"
  745. Exception="ipxroute.exe"
  746. Exception="ismserv.exe"
  747. Exception="jetconv.exe"
  748. Exception="jetpack.exe"
  749. Exception="kb16.com"
  750. Exception="label.exe"
  751. Exception="ldifde.exe"
  752. Exception="loadfix.com"
  753. Exception="locator.exe"
  754. Exception="lodctr.exe"
  755. Exception="logman.exe"
  756. Exception="logoff.exe"
  757. Exception="lpq.exe"
  758. Exception="lpr.exe"
  759. Exception="lserver.exe"
  760. Exception="macfile.exe"
  761. Exception="makecab.exe"
  762. Exception="mem.exe"
  763. Exception="mode.com"
  764. Exception="more.com"
  765. Exception="mountvol.exe"
  766. Exception="mqbkup.exe"
  767. Exception="mqdssvc.exe"
  768. Exception="mqsvc.exe"
  769. Exception="mqtgsvc.exe"
  770. Exception="mrinfo.exe"
  771. Exception="mscdexnt.exe"
  772. Exception="msg.exe"
  773. Exception="msiexec.exe"
  774. Exception="nbtstat.exe"
  775. Exception="net.exe"
  776. Exception="net1.exe"
  777. Exception="netsh.exe"
  778. Exception="netstat.exe"
  779. Exception="nlb.exe"
  780. Exception="nlsfunc.exe"
  781. Exception="nslookup.exe"
  782. Exception="ntbackup.exe"
  783. Exception="ntdsutil.exe"
  784. Exception="ntfrs.exe"
  785. Exception="ntsd.exe"
  786. Exception="ntvdm.exe"
  787. Exception="nw16.exe"
  788. Exception="nwscript.exe"
  789. Exception="odbcconf.exe"
  790. Exception="openfiles.exe"
  791. Exception="pathping.exe"
  792. Exception="pentnt.exe"
  793. Exception="ping.exe"
  794. Exception="ping6.exe"
  795. Exception="powercfg.exe"
  796. Exception="print.exe"
  797. Exception="proxycfg.exe"
  798. Exception="qappsrv.exe"
  799. Exception="qprocess.exe"
  800. Exception="query.exe"
  801. Exception="quser.exe"
  802. Exception="qwinsta.exe"
  803. Exception="rasautou.exe"
  804. Exception="rasdial.exe"
  805. Exception="rcp.exe"
  806. Exception="recover.exe"
  807. Exception="redir.exe"
  808. Exception="reg.exe"
  809. Exception="regini.exe"
  810. Exception="register.exe"
  811. Exception="regsvr32.exe"
  812. Exception="relog.exe"
  813. Exception="replace.exe"
  814. Exception="reset.exe"
  815. Exception="rexec.exe"
  816. Exception="route.exe"
  817. Exception="routemon.exe"
  818. Exception="rsh.exe"
  819. Exception="RsLnk.exe"
  820. Exception="rsm.exe"
  821. Exception="Rss.exe"
  822. Exception="RsServ.exe"
  823. Exception="RsTore.exe"
  824. Exception="runas.exe"
  825. Exception="rwinsta.exe"
  826. Exception="sacsess.exe"
  827. Exception="sc.exe"
  828. Exception="scardsvr.exe"
  829. Exception="schtasks.exe"
  830. Exception="schupgr.exe"
  831. Exception="secedit.exe"
  832. Exception="setver.exe"
  833. Exception="setx.exe"
  834. Exception="sfc.exe"
  835. Exception="sfmprint.exe"
  836. Exception="sfmpsexe.exe"
  837. Exception="sfmsvc.exe"
  838. Exception="shadow.exe"
  839. Exception="share.exe"
  840. Exception="shutdown.exe"
  841. Exception="snmp.exe"
  842. Exception="snmptrap.exe"
  843. Exception="sort.exe"
  844. Exception="subst.exe"
  845. Exception="systeminfo.exe"
  846. Exception="takeown.exe"
  847. Exception="tapicfg.exe"
  848. Exception="taskkill.exe"
  849. Exception="tasklist.exe"
  850. Exception="tcpsvcs.exe"
  851. Exception="telnet.exe"
  852. Exception="tftp.exe"
  853. Exception="tftpd.exe"
  854. Exception="timeout.exe"
  855. Exception="tlntadmn.exe"
  856. Exception="tlntsess.exe"
  857. Exception="tracerpt.exe"
  858. Exception="tracert.exe"
  859. Exception="tracert6.exe"
  860. Exception="tree.com"
  861. Exception="tscon.exe"
  862. Exception="tsdiscon.exe"
  863. Exception="tsecimp.exe"
  864. Exception="tskill.exe"
  865. Exception="tsprof.exe"
  866. Exception="tssdis.exe"
  867. Exception="tsshutdn.exe"
  868. Exception="typeperf.exe"
  869. Exception="unlodctr.exe"
  870. Exception="upg351db.exe"
  871. Exception="ups.exe"
  872. Exception="verifier.exe"
  873. Exception="vssadmin.exe"
  874. Exception="vwipxspx.exe"
  875. Exception="w32tm.exe"
  876. Exception="waitfor.exe"
  877. Exception="where.exe"
  878. Exception="whoami.exe"
  879. Exception="win.com"
  880. Exception="wins.exe"
  881. Exception="wlbs.exe"
  882. Exception="xcopy.exe"
  883. Exception="wpa.bak"
  884. Exception="wpa.dbl"
  885. "%Systemdirectory%\cmd.exe",2,"D:P(A;;GRGX;;;IU)(A;;GRGX;;;SU)(A;;GA;;;BA)(A;;GA;;;SY)(A;;GA;;;CO)"
  886. "%Systemdirectory%\wpa.bak",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
  887. "%Systemdirectory%\wpa.dbl",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
  888. "%Systemdirectory%\OS2\*",2,"D:P(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  889. "%Systemdirectory%\OS2\DLL\*",2,"D:P(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  890. "%Systemdirectory%\RAS\*",2,"D:P(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
  891. "%Systemdirectory%\Viewers\*",2,"D:P(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"