archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/mergedcomponents/setupinfs/perms.inx

601 lines
26 KiB
Raw Permalink Normal View History

commiting as it is
4 years ago
  1. [version]
  2. signature="$CHICAGO$"
  3. ClassGUID={00000000-0000-0000-0000-000000000000}
  4. LayoutFile=layout.inf
  7. [Directories]
  8. ;
  9. ; ACLs for directories themselves
  10. ;
  11. ; LHS is directory: if starts with \ then relative to
  12. ; drive containing system, otherwise relative to sysroot
  13. ;
  14. ; RHS1 is ACL to put on directory itself; looked up in [ACL] section
  15. ; RHS2 is default ACL for files in that directory, looked up in [ACL section]
  16. ; If not present then files in that dir are not stamped with an ACL by default.
  17. ;
  18. @@:@@:"" = d1,f1 ; don't use \ or we think it's x:\ (which is bad)
  19. @@:@@:system32 = d1,f1
  20. @@:@@:system32\config = d2,f1
  21. @@:@@:system32\drivers = d3,f1
  22. @@:@@:system = d1,f1
  23. @@:@@:system32\ras = d4,f1
  24. @@:@@:system32\spool = d5,f1
  25. @@:@@:system32\spool\drivers = d5,f3
  26. @@:@i:system32\spool\drivers\w32x86\2 = d5,f3
  27. @@:@@:system32\spool\printers = d5,f3
  28. @@:@@:system32\spool\prtprocs = d5,f3
  29. @@:@i:system32\spool\prtprocs\w32x86 = d5,f3
  30. @@:@@:system32\dhcp = d3,f1
  31. @@:@@:repair = d11
  32. @@:@@:system32\drivers\etc = d3,f1
  33. @@:@i:system32\spool\drivers\w32x86 = d5,f1
  34. @@:@@:system32\viewers = d1,f1
  35. @@:@@:inf = d1,f1
  36. @@:@@:help = d1,f1
  37. @@:@@:fonts = d1,f1
  38. @@:@@:config = d1,f1
  39. @@:@@:Media = d1,f1
  40. @@:@@:Cursors = d1,f1
  41. @@:@@:system32\repl = d3
  42. @@:@@:system32\repl\import = d7
  43. @@:@@:system32\repl\import\scripts = d7
  44. @@:@@:system32\repl\export = d7
  45. @@:@@:system32\repl\export\scripts = d7
  46. @@:@@:security\templates = d7,f1
  48. \users = d8
  49. \users\default = d9
  50. \ = d10
  51. \temp = d10
  54. [FileOverride]
  55. ;
  56. ; Files that are not listed here get default for their directory
  57. ; The left hand side is the file name relative to sysroot. RHS is
  58. ; the ACL spec, which is looked up in [ACL]
  59. ;
  60. system32\autoexec.nt = f2
  61. system32\config.nt = f2
  62. system32\decpsmon.dll = f3
  63. system32\decpsmon.hlp = f3
  64. system32\hpmon.dll = f3
  65. system32\hpmon.hlp = f3
  66. system32\midimap.cfg = f2
  67. win.ini = f4
  69. [ExtraFiles]
  70. ;
  71. ; Use only for files that are not listed in layout.inf for some reason.
  72. ; LHS is path relative to sysroot (if not starting with \) or a full path
  73. ; for the drive with the system on it (starting with \)
  74. ;
  75. ; RHS is ACL.
  76. ;
  77. system32\wins\system.mdb = f1
  79. ;
  80. ; ACE codes:
  81. ;
  82. ; Index Permission Inherit
  83. ;
  84. ; 1 AccountOpsRWXD Containers
  85. ; 2 AdminAll Containers, Objects
  86. ; 3 AdminRWXD Containers
  87. ; 4 CreatorOwnerAll Containers, Objects
  88. ; 5 NetUsersDenyAll Containers, Objects
  89. ; 6 PrintOperatorsAll Containers, Objects
  90. ; 7 ReplicatorRWXD Containers, Objects
  91. ; 8 ReplicatorRX Containers, Objects
  92. ; 9 SysOpsAll Containers, Objects
  93. ; 10 SysOpsRWXD Containers, Objects
  94. ; 11 WorldAll Containers, Objects
  95. ; 12 WorldRWX Containers
  96. ; 13 WorldRWXD Containers, Objects
  97. ; 14 WorldRX Containers
  98. ; 15 WorldRX Containers, Objects
  99. ; 16 WorldRWX Containers, Objects
  100. ; 17 SystemAll Containers, Objects
  101. ; 18 PowerUsersRWXD Containers, Objects
  102. ;
  104. @s:[ServerACL]
  105. @s:;
  106. @s:; List of ACL profiles for server security
  107. @s:;
  108. @s:d1 = 2,13,4,10,17
  109. @s:d2 = 14,4,2,17
  110. @s:d3 = 15,4,2,9,17
  111. @s:d4 = 15,4,2,9,13,17
  112. @s:d5 = 15,4,2,9,6,17
  113. @s:d6 = 2,4,9,15,17,18
  114. @s:d7 = 15,10,2,7,4,17
  115. @s:d8 = 14,3,1,17
  116. @s:d9 = 12,4,17
  117. @s:d10= 2,13,4,10,17
  118. @s:d11= 2,17
  120. @s:f1 = 2,15,10,17
  121. @s:f2 = 2,13,10,17
  122. @s:f3 = 2,15,9,6,17
  123. @s:f4 = 11
  125. @@:[WorkstationACL]
  126. ;
  127. ; List of ACL profiles for workstation security
  128. ; Also used for member servers so this section
  129. ; appears in both versions of the inf
  130. ;
  131. @@:d1 = 2,13,4,17
  132. @@:d2 = 2,4,14,17
  133. @@:d3 = 15,4,2,17
  134. @@:d4 = 15,4,2,13,17,18
  135. @@:d5 = 15,4,2,17,18
  136. @@:d6 = 2,4,15,17,18
  137. @@:d7 = 15,2,7,4,17
  138. @@:d8 = 14,3,17
  139. @@:d9 = 12,4,17
  140. @@:d10= 2,13,4,17
  141. @@:d11= 2,17
  143. @@:f1 = 2,15,17
  144. @@:f2 = 2,13,17
  145. @@:f3 = 2,15,17,18
  146. @@:f4 = 11
  149. @@:@i:[BootFiles]
  150. @@:@i:;
  151. @@:@i:; x86 boot files and the root of C:
  152. @@:@i:;
  153. @@:@i:\ = d1
  154. @@:@i:\boot.ini = f1
  155. @@:@i:\ntbootdd.sys = f1
  156. @@:@i:\ntdetect.com = f1
  157. @@:@i:\ntldr = f1
  159. @@:@a:[BootFiles]
  160. @@:@a:;
  161. @@:@a:; amd64 boot files and the root of C:
  162. @@:@a:;
  163. @@:@a:\ = d1
  164. @@:@a:\boot.ini = f1
  165. @@:@a:\ntdetect.com = f1
  166. @@:@a:\ntldr = f1
  168. ;
  169. ; ACE codes for the registry
  170. ;
  171. ; Index Permission Inherit
  172. ;
  173. ; 1 AdminFull Containers
  174. ; 2 AdminR Containers
  175. ; 3 AdminRW Containers
  176. ; 4 AdminRWD Containers
  177. ; 5 CreatorFull Containers
  178. ; 6 CreatorRW Containers
  179. ; 7 WorldFull Containers
  180. ; 8 WorldR Containers
  181. ; 9 WorldRW Containers
  182. ; 10 WorldRWD Containers
  183. ; 11 PowerUserFull Containers
  184. ; 12 PowerUserRW Containers
  185. ; 13 PowerUserRWD Containers
  186. ; 14 SystemOpFull Containers
  187. ; 15 SystemOpRW Containers
  188. ; 16 SystemOpRWD Containers
  189. ; 17 SystemFull Containers
  190. ; 18 SystemRW Containers
  191. ; 19 SystemR Containers
  192. ; 20 AdminRWE Containers
  193. ; 21 InteractiveUserFull Containers
  194. ; 22 InteractiveUserRead Containers
  195. ; 23 InteractiveUserRW Containers
  196. ; 24 InteractiveUserRWD Containers
  197. ; 25 NormalUsersRW Containers
  198. ;
  200. [RegistryDACLs]
  201. r1 = 1 ; [AdminFull]
  202. r2 = 1,17 ; [AdminFull SystemFull]
  203. r3 = 8,1 ; [WorldR AdminFull]
  204. r4 = 8,1,5,17 ; [WorldR AdminFull CreatorFull SystemFull]
  205. r5 = 8,1,5,16,17 ; [WorldR AdminFull CreatorFull SystemOpRWD SystemFull]
  206. r6 = 8,1,5,16,13,17 ; [WorldR AdminFull CreatorFull SystemOpRWD PowerRWD SystemFull]
  207. r7 = 8,1,17 ; [WorldR AdminFull SystemFull]
  208. r8 = 8,1,15,17 ; [WorldR AdminFull SystemOpRW SystemFull]
  209. r9 = 8,1,16,13,5,17 ; [WorldR AdminFull SystemOpRWD PowerRWD CreatorFull SystemFull]
  210. r10= 8,1,14,5,17 ; [WorldR AdminFull SystemOpFull CreatorFull SystemFull]
  211. r11= 8,1,15,12,5,17 ; [WorldR AdminFull SystemOpRW PowerRW CreatorFull SystemFull]
  212. r12= 8,1,16,13,5,17 ; [WorldR AdminFull SystemOpRWD PowerRWD CreatorFull SystemFull]
  213. r13= 8,4,17 ; [WorldR AdminRWD SystemFull]
  214. r14= 8,24,1,5,17 ; [WorldR InteractiveRWD AdminFull CreatorFull SystemFull]
  215. r15= 8,17 ; [WorldR SystemFull]
  216. r16= 9,1,5,17 ; [WorldRW AdminFull CreatorFull SystemFull]
  217. r17= 9,1,16,13,5,17 ; [WorldRW AdminFull SystemOpRWD PowerRWD CreatorFull SystemFull]
  218. r18= 10,1,5,17 ; [WorldRWD AdminFull CreatorFull SystemFull]
  221. ;
  222. ; [Phase1RootKeys]
  223. ;
  224. ; [Phase2RootKeys]
  225. ;
  226. ; These sections list the root keys to be proccessed for
  227. ; security, on phase 1, and phase 2, respectivelly.
  228. ; These sections have the following format:
  229. ;
  230. ; [Phase1RootKeys]
  231. ; <Predefined key spec>, <Key path>, <DACL spec>, <Recurse flag>, <section name 1>, <section name 2>
  232. ;
  233. ; where:
  234. ;
  235. ; <Predef key spec>: A string associated with one of the predefined handles.
  236. ; It can be one of the following: HKLM for HKEY_LOCAL_MACHINE
  237. ; HKCR for HKEY_CLASSES_ROOT
  238. ; HKCU for HKEY_CURRENT_USER
  239. ; HKU for HKEY_USERS
  240. ; HKCC for HKEY_CURRENT_CONFIG
  241. ; This parameter is required.
  242. ;
  243. ;
  244. ; <Key path>: Path to a key to secure.
  245. ; The path is relative to a predefined key.
  246. ; If the key is a predefined key, then an empty string ""
  247. ; should be used as a key name.
  248. ; This parameter is required.
  249. ;
  250. ; <Recurse flag>: A flag that indicates if the DACL should be applied to
  251. ; the key and all its subkeys.
  252. ; It can be one of the following: 0... Apply to key only
  253. ; 1... Apply to key and subkeys
  254. ; If this parameter is not sopecified, or is invalid, '1' will
  255. ; be assumed.
  256. ;
  257. ; <DACL spec>: A string associated to the DACL to be applied to the key.
  258. ; It has to be one of the keys specified on [RegistryACL].
  259. ; This parameter is required.
  260. ;
  261. ; <section name 1>: This is an optional parameter.
  262. ; If present it indicates the section that contains the path
  263. ; to the subkeys (relative to <Key Path>) that should not be
  264. ; processed for security.
  265. ;
  266. ; The information in this section has the following format:
  267. ;
  268. ; [<section name 1>]
  269. ; <Key path 1>
  270. ; <Key path 2>
  271. ; .
  272. ; .
  273. ; .
  274. ;
  275. ; Where <Key path N> is relative to <Key path>
  276. ;
  277. ;
  278. ; <section name 2>: This is an optional parameter.
  279. ; If present it indicates the section that contains the path
  280. ; to the subkeys (relative to <Key Path>) that should get a
  281. ; DACL that is different than the one applied to <Key path>.
  282. ;
  283. ; The information in this section has the following format:
  284. ;
  285. ; [<section name 2>]
  286. ; <Key path 1> = <DACL spec 1>
  287. ; <Key path 2> = <DACL spec 2>
  288. ; .
  289. ; .
  290. ; .
  291. ;
  292. ; Where:
  293. ;
  294. ; <Key path N>: is a path to the key relative to <Key path>
  295. ;
  296. ; <Acl spec N>: A string associated to the DACL to be applied to the key.
  297. ; It has to be one of the keys specified on [RegistryDACLs].
  298. ; This parameter is required.
  299. ;
  300. ;
  301. ;
  302. [Phase1RootKeys]
  303. HKCU,"",1,r7,"HKCU.SKIP","HKCU.EXCEPTIONS" ; [AdminFull SystemFull WorldR]
  305. ;;;;;;;
  306. ;
  307. ; HKEY_CURRENT_USER (DEFAULT hive) sepcial keys
  308. ;
  309. ;;;;;;;
  311. [HKCU.SKIP]
  312. ;
  313. ; Subkeys of HKEY_CURRENT_USER that should not
  314. ; have security descriptors applied to them.
  315. ;
  317. [HKCU.EXCEPTIONS]
  318. ;
  319. ; Subkeys of HKEY_CLASSES_ROOT that should have a security
  320. ; descriptor applied to them and their subkeys, that is differnet than
  321. ; the one applied to their parent keys.
  322. ;
  323. "Software\Microsoft\NetDDE" = r2 ; [SystemFull AdminFull]
  324. "Software\Microsoft\Windows\CurrentVersion\Policies" = r12 ; [WorldR AdminFull SystemOpRWD PowerRWD SystemFull CreatorFull]
  325. "Software\Policies" = r7 ; [WorldR AdminFull SystemFull]
  330. [Phase2RootKeys]
  331. HKLM,"SOFTWARE",1,r18,"HKLM.SOFTWARE.SKIP","HKLM.SOFTWARE.EXCEPTIONS" ; [WorldRWD AdminFull SystemFull CreatorFull]
  332. HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib",0,r4 ; [WorldR AdminFull CreatorFull SystemFull]
  333. HKLM,"SYSTEM",1,r18,"HKLM.SYSTEM.SKIP","HKLM.SYSTEM.EXCEPTIONS" ; [WorldR AdminRWD SystemFull]
  334. HKCR,"",1,r14,"HKCR.SKIP","HKCR.EXCEPTIONS" ; [WorldR InteractiveRWD AdminFull SystemFull CreatorFull]
  337. ;;;;;;;
  338. ;
  339. ; HKEY_LOCAL_MACHINE\SOFTWARE sepcial keys
  340. ;
  341. ;;;;;;;
  343. [HKLM.SOFTWARE.SKIP]
  344. ;
  345. ; Subkeys of HKEY_LOCAL_MACHINE\SOFTWARE that should not have a security
  346. ; descriptor applied to them.
  347. ;
  348. "SOFTWARE\Classes"
  349. "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib"
  352. [HKLM.SOFTWARE.EXCEPTIONS]
  353. ;
  354. ; Subkeys of HKEY_LOCAL_MACHINE\SOFTWARE that should have a security
  355. ; descriptor applied to them and their subkeys, that is differnet than
  356. ; the one applied to their parent keys.
  357. ;
  358. "SOFTWARE\Policies" = r7 ; [WorldR AdminFull SystemFull]
  359. "SOFTWARE\Program Groups" = r9 ; [WorldR AdminFull SystemFull SystemOpRWD PowerRWD CreatorFull]
  361. "SOFTWARE\Secure" = r10 ; [WorldR AdminFull SystemOpFull SystemFull CreatorFull]
  363. "SOFTWARE\Microsoft" = r18 ; [WorldRWD AdminFull SystemFull CreatorFull]
  365. "SOFTWARE\Microsoft\Command Processor" = r4 ; [WorldR AdminFull SystemFull CreatorFull]
  367. "SOFTWARE\Microsoft\NetDDE" = r2 ; [SystemFull AdminFull]
  369. "SOFTWARE\Microsoft\Ole" = r4 ; [WorldR AdminFull SystemFull CreatorFull]
  371. "SOFTWARE\Microsoft\Rpc" = r4 ; [WorldR AdminFull SystemFull CreatorFull]
  372. "SOFTWARE\Microsoft\Rpc\ClientProtocols" = r4 ; [WorldR AdminFull SystemFull CreatorFull]
  373. "SOFTWARE\Microsoft\Rpc\NameService" = r4 ; [WorldR AdminFull SystemFull CreatorFull]
  374. "SOFTWARE\Microsoft\Rpc\NetBios" = r4 ; [WorldR AdminFull SystemFull CreatorFull]
  375. "SOFTWARE\Microsoft\Rpc\ServerProtocols" = r4 ; [WorldR AdminFull SystemFull CreatorFull]
  377. "SOFTWARE\Microsoft\Secure" = r10 ; [WorldR AdminFull SystemOpFull SystemFull CreatorFull]
  379. "SOFTWARE\Microsoft\Windows" = r17 ; [WorldRW AdminFull SystemOpRWD PowerRWD SystemFull CreatorFull]
  380. "SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths" = r16 ; [WorldRW AdminFull SystemFull CreatorFull]
  381. "SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" = r5 ; [WorldR AdminFull SystemOpRWD SystemFull CreatorFull]
  382. "SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions" = r12 ; [WorldR AdminFull SystemOpRWD PowerRWD SystemFull CreatorFull]
  383. "SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony" = r6 ; [WorldR AdminFull SystemFull CreatorFull SystemOpRWD PowerRWD]
  385. "SOFTWARE\Microsoft\Windows NT" = r12 ; [WorldR AdminFull SystemOpRWD PowerRWD SystemFull CreatorFull]
  386. "SOFTWARE\Microsoft\Windows NT\CurrentVersion" = r12 ; [WorldR AdminFull SystemOpRWD PowerRWD SystemFull CreatorFull]
  387. "SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug" = r16 ; [WorldRW AdminFull SystemFull CreatorFull]
  388. "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility" = r16 ; [WorldRW AdminFull SystemFull CreatorFull]
  389. "SOFTWARE\Microsoft\Windows NT\CurrentVersion\DiskQuota" = r4 ; [WorldR AdminFull SystemFull CreatorFull]
  390. "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers" = r16 ; [WorldRW AdminFull SystemFull CreatorFull]
  391. "SOFTWARE\Microsoft\Windows NT\CurrentVersion\drivers.desc" = r16 ; [WorldRW AdminFull SystemFull CreatorFull]
  392. "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32" = r4 ; [WorldR AdminFull SystemFull CreatorFull]
  393. "SOFTWARE\Microsoft\Windows NT\CurrentVersion\EFS" = r16 ; [WorldRW AdminFull SystemFull CreatorFull]
  394. "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Embedding" = r16 ; [WorldRW AdminFull SystemFull CreatorFull]
  395. "SOFTWARE\Microsoft\Windows NT\CurrentVersion\File Manager" = r6 ; [WorldR AdminFull SystemFull CreatorFull SystemOpRWD PowerRWD]
  396. "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Font Drivers" = r3 ; [WorldR AdminFull]
  397. "SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontCache" = r3 ; [WorldR AdminFull]
  398. "SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontMapper" = r3 ; [WorldR AdminFull]
  399. "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts" = r16 ; [WorldRW AdminFull SystemFull CreatorFull]
  400. "SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes" = r16 ; [WorldRW AdminFull SystemFull CreatorFull]
  401. "SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize" = r16 ; [WorldRW AdminFull SystemFull CreatorFull]
  402. "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options" = r4 ; [WorldR AdminFull SystemFull CreatorFull]
  403. "SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping" = r4 ; [WorldR AdminFull SystemFull CreatorFull]
  404. "SOFTWARE\Microsoft\Windows NT\CurrentVersion\MCI" = r16 ; [WorldRW AdminFull SystemFull CreatorFull]
  405. "SOFTWARE\Microsoft\Windows NT\CurrentVersion\MCI Extensions" = r16 ; [WorldRW AdminFull SystemFull CreatorFull]
  406. "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Midimap" = r16 ; [WorldRW AdminFull SystemFull CreatorFull]
  407. "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network" = r6 ; [WorldR AdminFull SystemFull CreatorFull SystemOpRWD PowerRWD]
  408. "SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards" = r5 ; [WorldR AdminFull SystemOpRWD SystemFull CreatorFull]
  409. "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib" = r4 ; [WorldR AdminFull SystemFull CreatorFull]
  410. "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports" = r16 ; [WorldRW AdminFull SystemFull CreatorFull]
  411. "SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" = r16 ; [WorldRW AdminFull SystemFull CreatorFull]
  412. "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones" = r7 ; [WorldR AdminFull SystemFull]
  413. "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Type 1 Installer\Type 1 Fonts" = r16 ; [WorldRW AdminFull SystemFull CreatorFull]
  414. "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" = r4 ; [WorldR AdminFull SystemFull CreatorFull]
  415. "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" = r5 ; [WorldR AdminFull SystemOpRWD SystemFull CreatorFull]
  416. "SOFTWARE\Microsoft\Windows NT\CurrentVersion\WOW" = r16 ; [WorldRW AdminFull SystemFull CreatorFull]
  419. ;;;;;;;
  420. ;
  421. ; HKEY_LOCAL_MACHINE\SYSTEM sepcial keys
  422. ;
  423. ;;;;;;;
  425. [HKLM.SYSTEM.SKIP]
  426. ;
  427. ; Subkeys of HKEY_LOCAL_MACHINE\SYSTEM that should not have a security
  428. ; descriptor applied to them.
  429. ;
  430. "SYSTEM\Clone"
  431. "SYSTEM\ControlSet001"
  432. "SYSTEM\ControlSet001"
  433. "SYSTEM\ControlSet002"
  434. "SYSTEM\ControlSet003"
  435. "SYSTEM\ControlSet004"
  436. "SYSTEM\ControlSet005"
  437. "SYSTEM\ControlSet006"
  438. "SYSTEM\ControlSet007"
  439. "SYSTEM\ControlSet008"
  440. "SYSTEM\ControlSet009"
  441. "SYSTEM\ControlSet010"
  444. [HKLM.SYSTEM.EXCEPTIONS]
  445. ;
  446. ; Subkeys of HKEY_LOCAL_MACHINE\SYSTEM that should have a security
  447. ; descriptor applied to them and their subkeys, that is differnet than
  448. ; the one applied to their parent keys.
  449. ;
  450. "SYSTEM\CurrentControlSet" = r4 ; [WorldR AdminFull SystemFull CreatorFull]
  451. "SYSTEM\CurrentControlSet\Control" = r5 ; [SystemOpRWD WorldR AdminFull SystemFull CreatorFull]
  452. "SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg" = r1 ; [AdminFull]
  454. "SYSTEM\CurrentControlSet\Control\Session Manager\Executive" = r11 ; [WorldR AdminFull SystemOpRW PowerRW SystemFull CreatorFull]
  455. "SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" = r7 ; [WorldR AdminFull SystemFull]
  457. "SYSTEM\CurrentControlSet\Control\GraphicsDrivers" = r7 ; [WorldR AdminFull SystemFull]
  458. "SYSTEM\CurrentControlSet\Control\Lsa" = r4 ; [WorldR AdminFull SystemFull CreatorFull]
  459. "SYSTEM\CurrentControlSet\Control\PriorityControl" = r16 ; [WorldRW AdminFull SystemFull CreatorFull]
  460. "SYSTEM\CurrentControlSet\Control\ProductOptions" = r4 ; [WorldR SystemFull AdminFull CreatorFull]
  461. "SYSTEM\CurrentControlSet\Control\TimeZoneInformation" = r11 ; [WorldR AdminFull SystemOpRW PowerRW SystemFull CreatorFull]
  462. "SYSTEM\CurrentControlSet\Control\Windows" = r8 ; [WorldR AdminFull SystemFull SystemOpRW]
  464. "SYSTEM\CurrentControlSet\Enum" = r15 ; [WorldR SystemFull]
  466. "SYSTEM\CurrentControlSet\Hardware Profiles" = r4 ; [WorldR AdminFull SystemFull CreatorFull]
  467. "SYSTEM\CurrentControlSet\Hardware Profiles\0001" = r4 ; [WorldR AdminFull SystemFull CreatorFull]
  468. "SYSTEM\CurrentControlSet\Hardware Profiles\0001\Software" = r18 ; [WorldRWD AdminFull SystemFull CreatorFull]
  469. "SYSTEM\CurrentControlSet\Hardware Profiles\0001\System" = r13 ; [WorldR AdminRWD SystemFull]
  470. "SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet" = r4 ; [WorldR AdminFull SystemFull CreatorFull]
  471. "SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control" = r5 ; [SystemOpRWD WorldR AdminFull SystemFull CreatorFull]
  472. "SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum" = r5 ; [SystemOpRWD WorldR AdminFull SystemFull CreatorFull]
  473. "SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Services" = r5 ; [SystemOpRWD WorldR AdminFull SystemFull CreatorFull]
  475. "SYSTEM\CurrentControlSet\Services" = r5 ; [WorldR AdminFull SystemOpRWD SystemFull CreatorFull]
  476. "SYSTEM\CurrentControlSet\Services\EventLog" = r4 ; [WorldR AdminFull SystemFull CreatorFull]
  477. "SYSTEM\CurrentControlSet\Services\WinTrust" = r7 ; [AdminFull SystemFull WorldR]
  479. "SYSTEM\Select" = r4 ; [WorldR AdminFull SystemFull CreatorFull]
  481. "SYSTEM\Setup" = r4 ; [WorldR AdminFull SystemFull CreatorFull]
  484. ;;;;;;;
  485. ;
  486. ; HKEY_CLASSES_ROOT sepcial keys
  487. ;
  488. ;;;;;;;
  490. [HKCR.SKIP]
  491. ;
  492. ; Subkeys of HKEY_CLASSES_ROOT that should not
  493. ; have security descriptors applied to them.
  494. ;
  496. [HKCR.EXCEPTIONS]
  497. ;
  498. ; Subkeys of HKEY_CLASSES_ROOT that should have security descriptors
  499. ; that are different than the ones applied to the parent key.
  500. ;
  501. "helpfile" = r4 ; [WorldR AdminFull SystemFull CreatorFull]
  502. ".hlp" = r4 ; [WorldR AdminFull SystemFull CreatorFull]
  506. @*: [UpgradePhase1RootKeys]
  507. @*: ; This section specifies the security descriptors to be applied to
  508. @*: ; certain keys on the upgrade case.
  509. @*: ; The format of each line in this section is the same as the format
  510. @*: ; defined for [Phase1RootKeys] section
  511. @*: ;
  512. @*:
  513. @*:
  514. @*:
  515. @*: ;;;;;;;
  516. @*: ;
  517. @*: ; HKEY_CURRENT_USER (DEFAULT hive) sepcial keys
  518. @*: ;
  519. @*: ;;;;;;;
  520. @*:
  521. @*: [UPGRADE.HKCU.SKIP]
  522. @*: ;
  523. @*: ; Subkeys of HKEY_CURRENT_USER that should not
  524. @*: ; have security descriptors applied to them.
  525. @*: ;
  526. @*:
  527. @*: [UPGRADE.HKCU.EXCEPTIONS]
  528. @*: ;
  529. @*: ; Subkeys of HKEY_CLASSES_ROOT that should have a security
  530. @*: ; descriptor applied to them and their subkeys, that is differnet than
  531. @*: ; the one applied to their parent keys.
  532. @*: ;
  533. @*:
  534. @*:
  535. @*:
  536. @*: [UpgradePhase2RootKeys]
  537. @*: ; This section specifies the security descriptors to be applied to
  538. @*: ; certain keys on the upgrade case.
  539. @*: ; The format of each line in this section is the same as the format
  540. @*: ; defined for [Phase1RootKeys] section
  541. @*: ;
  542. @*:
  543. @*:
  544. @*: ;;;;;;;
  545. @*: ;
  546. @*: ; HKEY_LOCAL_MACHINE\SOFTWARE sepcial keys
  547. @*: ;
  548. @*: ;;;;;;;
  549. @*:
  550. @*: [UPGRADE.HKLM.SOFTWARE.SKIP]
  551. @*: ;
  552. @*: ; Subkeys of HKEY_LOCAL_MACHINE\SOFTWARE that should not have a security
  553. @*: ; descriptor applied to them.
  554. @*: ;
  555. @*:
  556. @*:
  557. @*: [UPGRADE.HKLM.SOFTWARE.EXCEPTIONS]
  558. @*: ;
  559. @*: ; Subkeys of HKEY_LOCAL_MACHINE\SOFTWARE that should have a security
  560. @*: ; descriptor applied to them and their subkeys, that is differnet than
  561. @*: ; the one applied to their parent keys.
  562. @*: ;
  563. @*:
  564. @*: ;;;;;;;
  565. @*: ;
  566. @*: ; HKEY_LOCAL_MACHINE\SYSTEM sepcial keys
  567. @*: ;
  568. @*: ;;;;;;;
  569. @*:
  570. @*: [UPGRADE.HKLM.SYSTEM.SKIP]
  571. @*: ;
  572. @*: ; Subkeys of HKEY_LOCAL_MACHINE\SYSTEM that should not have a security
  573. @*: ; descriptor applied to them.
  574. @*: ;
  575. @*:
  576. @*: [UPGRADE.HKLM.SYSTEM.EXCEPTIONS]
  577. @*: ;
  578. @*: ; Subkeys of HKEY_LOCAL_MACHINE\SYSTEM that should have a security
  579. @*: ; descriptor applied to them and their subkeys, that is differnet than
  580. @*: ; the one applied to their parent keys.
  581. @*: ;
  582. @*:
  583. @*: ;;;;;;;
  584. @*: ;
  585. @*: ; HKEY_CLASSES_ROOT sepcial keys
  586. @*: ;
  587. @*: ;;;;;;;
  588. @*:
  589. @*: [UPGRADE.HKCR.SKIP]
  590. @*: ;
  591. @*: ; Subkeys of HKEY_CLASSES_ROOT that should not
  592. @*: ; have security descriptors applied to them.
  593. @*: ;
  594. @*:
  595. @*: [UPGRADE.HKCR.EXCEPTIONS]
  596. @*: ;
  597. @*: ; Subkeys of HKEY_CLASSES_ROOT that should have security descriptors
  598. @*: ; that are different than the ones applied to the parent key.
  599. @*: ;
  600. @*:
  601. @*: