Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

916 lines
58 KiB

@*:This file defines default security settings.
@*:Please do not edit. Instead, email kirksol with the requested change.
@*:Thanks!
; Copyright (c) Microsoft Corporation. All rights reserved.
;
; Security Configuration Template for Security Configuration Editor
;
; Template Name: DSUp.INF
; Template Version: 05.10.DV.0000
;
; Default Security for Windows NT 5.1 Server Upgrades.
[Profile Description]
%SCEDSUpProfileDescription%
[version]
signature="$CHICAGO$"
revision=1
[System Access]
;----------------------------------------------------------------
;Local Policies - Security Options
;----------------------------------------------------------------
LSAAnonymousNameLookup = 0
;----------------------------------------------------------------
;Event Log - Log Settings
;----------------------------------------------------------------
[System Log]
RestrictGuestAccess = 1
[Security Log]
RestrictGuestAccess = 1
[Application Log]
RestrictGuestAccess = 1
;----------------------------------------------------------------
;Registry Values
;----------------------------------------------------------------
[Registry Values]
;On upgrade, we can only set reg values that meet the following criteria:
;a.) value did not exist on previous releases
;b.) default setting was changed from a less secure to a more secure state
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UndockWithoutLogon=4,1
MACHINE\System\CurrentControlSet\Control\Lsa\DisableDomainCreds=4,0
MACHINE\System\CurrentControlSet\Control\Lsa\EveryoneIncludesAnonymous=4,0
MACHINE\System\CurrentControlSet\Control\Lsa\ForceGuest=4,0
MACHINE\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy=4,0
MACHINE\System\CurrentControlSet\Control\Lsa\LimitBlankPasswordUse=4,1
MACHINE\System\CurrentControlSet\Control\Lsa\LmCompatibilityLevel=4,2
MACHINE\System\CurrentControlSet\Control\Lsa\NoDefaultAdminOwner=4,0
MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymousSAM=4,1
MACHINE\System\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedPaths\Machine=8,Add:,Software\Microsoft\Windows NT\CurrentVersion\Print,Software\Microsoft\Windows NT\CurrentVersion\Windows,Remove:,System\CurrentControlSet\Control\ProductOptions,System\CurrentControlSet\Control\Server Applications,Software\Microsoft\Windows NT\CurrentVersion
MACHINE\System\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedExactPaths\Machine=8,Add:,System\CurrentControlSet\Control\ProductOptions,System\CurrentControlSet\Control\Server Applications,Software\Microsoft\Windows NT\CurrentVersion
MACHINE\System\CurrentControlSet\Control\Session Manager\Kernel\ObCaseInsensitive=4,1
MACHINE\System\CurrentControlSet\Control\Session Manager\ProtectionMode=4,1
MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\RestrictNullSessAccess=4,1
MACHINE\System\CurrentControlSet\Services\LDAP\LDAPClientIntegrity=4,1
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireSignOrSeal=4,1
;We cannot set the following values which were new for Win2k, because
;Win2k customers may have already configured them differently.
;Therefore, the following may not be configured on upgrade from NT4.
;
;MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SecurityLevel=4,0
;MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SetCommand=4,0
;MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateDASD=1,0
;MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ScRemoveOption=1,0
[Privilege Rights]
;
;World S-1-1-0
;
;NT Authority S-1-5
;TERMINAL_SERVER 13
;LOCAL_SERVICE 19
;NETWORK_SERVICE 20
;
;Built-In Domain SubAuthority = S-1-5-32
;ADMINISTRATORS 544
;USERS 545
;GUESTS 546
;POWER_USERS 547
;ACCOUNT_OPS 548
;SYSTEM_OPS 549
;PRINT_OPS 550
;BACKUP_OPS 551
;REPLICATOR 552
;RAS_SERVERS 553
;PREW2KCOMPACCESS 554
;REMOTE_DESKTOP_USERS 555
;NETWORK_CONFIGURATION_OPS 556
;
SeAssignPrimaryTokenPrivilege = Add:, *S-1-5-19, *S-1-5-20
SeAuditPrivilege = Add:, *S-1-5-19, *S-1-5-20
SeCreateGlobalPrivilege = Add:, *S-1-5-6, *S-1-5-32-544
SeImpersonatePrivilege = Add:, *S-1-5-6, *S-1-5-32-544
SeIncreaseBasePriorityPrivilege = Remove:, *S-1-5-32-547
SeIncreaseQuotaPrivilege = Add:, *S-1-5-19, *S-1-5-20
SeInteractiveLogonRight = Remove:, %SceInfGuest%
SeManageVolumePrivilege = Add:, *S-1-5-32-544
SeRemoteInteractiveLogonRight = Add:, *S-1-5-32-544, *S-1-5-32-555
SeRemoteShutdownPrivilege = Remove:, *S-1-5-32-547, *S-1-5-32-545, *S-1-1-0
SeShutdownPrivilege = Remove:, *S-1-5-32-545, *S-1-1-0
SeSystemTimePrivilege = Remove:, *S-1-5-19, *S-1-5-20
;Undock was added in Win2k. Not adding Users because:
;a.) Win2k customers may have justifiably removed them.
SeUndockPrivilege = Add:, *S-1-5-32-544, *S-1-5-32-547
;[Group Membership]
;During upgrade, use net api's to
;1 - add Authenticated Users and Interactive into the Users group
;Note, Interactive should NOT be added to Power Users as it is in NT4 Workstation Upgrade.
[Service General Setting]
;Note: startup type should not be configured during setup\dcpromo.
;autostarted on workstations and servers, standalone or joined
Browser,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
Dhcp,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRRC;;;NO)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
TrkWks,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
Dnscache,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRRC;;;NO)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
Eventlog,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
PolicyAgent,,"D:(A;;CCLCSWLORC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
dmserver,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
Messenger,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
PlugPlay,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
Spooler,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
ProtectedStorage,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
RpcSs,,"D:(A;;CCLCSWLORC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLORC;;;PU)(A;;CCLCSWRPLO;;;IU)(A;;CCLCSWRPLO;;;BU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
NtmsSvc,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
seclogon,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
SamSs,,"D:(A;;CCLCSWLORC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLORC;;;PU)(A;;CCLCSWRPLO;;;IU)(A;;CCLCSWRPLO;;;BU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
lanmanserver,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
SENS,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
Schedule,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
Sysmonlog,,"D:(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCRPLOCR;;;LU)S:AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
LmHosts,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
LanmanWorkstation,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
RemoteRegistry,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
;Not autostarted, but non-default DACL - Remove PU ability to change template
ClipSrv,,"D:(A;;CCLCSWLORC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLORC;;;PU)(A;;CCLCSWRPLO;;;IU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
NetDDE,,"D:(A;;CCLCSWLORC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLORC;;;PU)(A;;CCLCSWRPLO;;;IU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
NetDDEdsdm,,"D:(A;;CCLCSWLORC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLORC;;;PU)(A;;CCLCSWRPLO;;;IU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
EventSystem,,"D:(A;;CCLCSWRPLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLORC;;;PU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
;Not autostarted if machine is standalone
;Netlogon,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
;W32Time,,"D:(A;;CCLCSWLORC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLORC;;;PU)(A;;CCLCSWRPLO;;;IU)(A;;CCLCSWRPLO;;;BU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
;Not autostarted if Wksta
Alerter,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
MSDTC,,"D:(A;;CCLCSWRPLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLORC;;;NS)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
;Server Only Services
Dfs,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
LicenseService,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
;IIS Specific Services - Leave them alone
;IISADMIN,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
;W3SVC,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
;MSFTPSVC,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
;SMTPSVC,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
;
; set default startup for the following services - do not touch permissions
;
TrkSvr,4,""
[Registry Keys]
"MACHINE\Software",0,"D:P(A;CI;GR;;;BU)(A;CI;GRGWSD;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GRGWSD;;;S-1-5-13)"
;Not same as parent, and this is the target of a symlink - set explicitly.
"MACHINE\SOFTWARE\Classes",2,"D:P(A;CI;GR;;;BU)(A;CI;GRGWSD;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Classes\helpfile",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Classes\.hlp",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\ADs\Providers\LDAP\Extensions",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
@@:@i:"MACHINE\SOFTWARE\Microsoft\ADs\Providers\NDS",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
@@:@i:"MACHINE\SOFTWARE\Microsoft\ADs\Providers\NWCOMPAT",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\ADs\Providers\WinNT",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Command Processor",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Cryptography",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Cryptography\Calais",2,"D:AR(A;CI;GRGWSD;;;LS)"
"MACHINE\SOFTWARE\Microsoft\DeviceManager",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Driver Signing",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\Software\Microsoft\EventSystem",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Non-Driver Signing",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\NetDDE",2,"D:P(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\OLAP Server\CurrentVersion\SECURITY",1,"D:AR"
"MACHINE\SOFTWARE\Microsoft\Ole",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Passport",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GR;;;NS)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Passport\KeyData",2,"D:P(A;CI;GR;;;NS)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider",1,"D:AR"
"MACHINE\SOFTWARE\Microsoft\Rpc",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Secure",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\Software\Microsoft\Speech",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\SystemCertificates",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Tracing",2,"D:P(A;CI;GR;;;BU)(A;CI;GRGWSD;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GR;;;S-1-5-13)"
"MACHINE\SOFTWARE\Microsoft\Windows",2,"D:AR"
"MACHINE\Software\Microsoft\Windows\CurrentVersion",2,"D:P(A;CI;GR;;;BU)(A;CI;GRGWSD;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reliability",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
;The following keys need to be writable by TERMINAL_SERVER_USER for App-Compat
"MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths",2,"D:P(A;CI;GR;;;BU)(A;CI;GRGWSD;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GRGWSD;;;S-1-5-13)"
"MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace",2,"D:P(A;CI;GR;;;BU)(A;CI;GRGWSD;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GRGWSD;;;S-1-5-13)"
"MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks",2,"D:P(A;CI;GR;;;BU)(A;CI;GRGWSD;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GRGWSD;;;S-1-5-13)"
"MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs",2,"D:P(A;CI;GR;;;BU)(A;CI;GRGWSD;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GRGWSD;;;S-1-5-13)"
"MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall",2,"D:P(A;CI;GR;;;BU)(A;CI;GRGWSD;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GRGWSD;;;S-1-5-13)"
;The following keys do not exist when we run.
"MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy",1,"D:AR"
"MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer",1,"D:AR"
"MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies",1,"D:AR"
"MACHINE\SOFTWARE\Microsoft\MSDTC",1,"D:AR"
"MACHINE\SOFTWARE\Microsoft\SMS",1,"D:AR"
"MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony",2,"D:P(A;CIOI;GR;;;BU)(A;CIOI;GRGWSD;;;PU)(A;CIOI;GA;;;NS)(A;CIOI;GA;;;LS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Windows NT",2,"D:AR"
"MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AEDebug",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Asr\Commands",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Classes",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EFS",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Event Viewer",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Font Drivers",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontMapper",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib",2,"D:P(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GR;;;LS)(A;CI;GR;;;NS)(A;CI;GR;;;LU)(A;CI;GR;;;MU)"
"MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009",1,"D:AR"
"MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PerHwIdStorage",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports",2,"D:P(A;CI;GR;;;BU)(A;CI;GRGWSD;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList",0,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SecEdit",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing",2,"D:P(A;CI;GRGWSD;;;LS)(A;CI;GRGWSD;;;NS)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WbemPerf",2,"D:P(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GR;;;LS)(A;CI;GR;;;NS)(A;CI;GR;;;LU)(A;CI;GR;;;MU)"
"MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SOFTWARE\Microsoft\wbem",2,"D:P(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GA;;;NS)(A;CI;GR;;;BU)"
"MACHINE\SOFTWARE\Microsoft\wbem\CIMOM",2,"D:P(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GR;;;BU)"
"MACHINE\SOFTWARE\Microsoft\wbem\Transports",2,"D:P(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GR;;;BU)"
"MACHINE\SOFTWARE\Microsoft\wbem\ESS",2,"D:P(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GR;;;BU)"
"MACHINE\SOFTWARE\Microsoft\wbem\FWD",2,"D:P(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GR;;;BU)"
"MACHINE\SOFTWARE\Policies",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\System",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SYSTEM\Clone",1,"D:AR"
"MACHINE\SYSTEM\ControlSet001",1,"D:AR"
"MACHINE\SYSTEM\ControlSet002",1,"D:AR"
"MACHINE\SYSTEM\ControlSet003",1,"D:AR"
"MACHINE\SYSTEM\ControlSet004",1,"D:AR"
"MACHINE\SYSTEM\ControlSet005",1,"D:AR"
"MACHINE\SYSTEM\ControlSet006",1,"D:AR"
"MACHINE\SYSTEM\ControlSet007",1,"D:AR"
"MACHINE\SYSTEM\ControlSet008",1,"D:AR"
"MACHINE\SYSTEM\ControlSet009",1,"D:AR"
"MACHINE\SYSTEM\ControlSet010",1,"D:AR"
"MACHINE\SYSTEM\CurrentControlSet\Control\Class",1,"D:AR"
"MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout",2,"D:(A;CI;GR;;;WD)"
"MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts",2,"D:(A;CI;GR;;;WD)"
"MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Audit",2,"D:P(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SYSTEM\CurrentControlSet\Control\LSA\JD",2,"D:P(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Skew1",2,"D:P(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SYSTEM\CurrentControlSet\Control\LSA\GBG",2,"D:P(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Data",2,"D:P(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SYSTEM\CurrentControlSet\Control\Network",2,"D:(A;CI;GRGWSD;;;NO)"
"MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg",2,"D:P(A;CI;GA;;;BA)(A;;GR;;;BO)(A;CI;GR;;;LS)"
"MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCompatCache",2,"D:P(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Executive",2,"D:(A;CI;GRGWSD;;;PU)"
"MACHINE\SYSTEM\CurrentControlSet\Control\TimeZoneInformation",2,"D:(A;CI;GRGWSD;;;PU)"
"MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Security",2,"D:P(A;CI;GR;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"MACHINE\SYSTEM\CurrentControlSet\Enum",1,"D:AR"
"MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles",1,"D:AR"
;Don't whack more restrictive security subkeys.
"MACHINE\SYSTEM\CurrentControlSet\Services",0,"D:AR"
;Set security subkey permissions for those services created via default hives
"MACHINE\SYSTEM\CurrentControlSet\Services\AppMgmt\Security",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
"MACHINE\SYSTEM\CurrentControlSet\Services\ClipSrv\Security",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
"MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc\Security",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
"MACHINE\SYSTEM\CurrentControlSet\Services\ERSvc\Security",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
@*:Fix for 477845 causes regression for 32625
;"MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
@*:We still can add a SACL to it though.
"MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security",2,"S:AR(AU;OICISAFA;DCLCSDWDWO;;;WD)"
@@:@6:"MACHINE\SYSTEM\CurrentControlSet\Services\IASJet\Security",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
"MACHINE\SYSTEM\CurrentControlSet\Services\kdc\Security",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
"MACHINE\SYSTEM\CurrentControlSet\Services\NetDDE\Security",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
"MACHINE\SYSTEM\CurrentControlSet\Services\NetDDEdsdm\Security",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
"MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Security",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
"MACHINE\SYSTEM\CurrentControlSet\Services\Samss\Security",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
"MACHINE\SYSTEM\CurrentControlSet\Services\SCardSvr\Security",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
"MACHINE\SYSTEM\CurrentControlSet\Services\TapiSrv\Security",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
"MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Security",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
;Set security subkey permissions for those services created in GUI-mode setup before SCE runs
"MACHINE\SYSTEM\CurrentControlSet\Services\IREnum\Security",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
"MACHINE\SYSTEM\CurrentControlSet\Services\STISvc\Security",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
"MACHINE\SYSTEM\CurrentControlSet\Services\WMI\Security",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
"MACHINE\SYSTEM\CurrentControlSet\Services\SysmonLog\Log Queries",2,"D:(A;CI;GA;;;NS)(A;CI;CCDCLCSWSDRC;;;LU)"
"USERS\.DEFAULT",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;PU)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"USERS\.DEFAULT\Software\Microsoft\NetDDE",2,"D:P(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
"USERS\.DEFAULT\SOFTWARE\Microsoft\Protected Storage System Provider",1,"D:AR"
"USERS\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\ProtectedRoots",1,"D:AR"
[File Security]
;---------------------------------------------------------------------------------------
;x86 Boot Files
;---------------------------------------------------------------------------------------
@@:@i:"%BootDrive%\boot.ini",2,"D:P(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
@@:@i:"%BootDrive%\ntdetect.com",2,"D:P(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
@@:@i:"%BootDrive%\ntldr",2,"D:P(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
@@:@i:"%BootDrive%\ntbootdd.sys",2,"D:P(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
@@:@i:"%BootDrive%\autoexec.bat",2,"D:P(A;;GRGX;;;BU)(A;;GRGWGXSD;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
@@:@i:"%BootDrive%\config.sys",2,"D:P(A;;GRGX;;;BU)(A;;GRGWGXSD;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
;---------------------------------------------------------------------------------------
;amd64 Boot Files
;---------------------------------------------------------------------------------------
@@:@a:"%BootDrive%\boot.ini",2,"D:P(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
@@:@a:"%BootDrive%\ntdetect.com",2,"D:P(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
@@:@a:"%BootDrive%\ntldr",2,"D:P(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
;---------------------------------------------------------------------------------------
;System Drive
;---------------------------------------------------------------------------------------
;SetupSecurity will contain the new root acl. Ignore docs and settings if it's reapplied (e.g. on conversion from FAT)
"%SystemDrive%\Documents and Settings",1,"D:AR"
; Directories that might not exist when security is applied; but are listed here
; so that they get secured correctly on converting the file system to NTFS
"%SystemDrive%\perflogs",2,"D:P(A;CIOI;GRGX;;;MU)(A;CIOI;GRGWGXSDRC;;;NS)(A;CIOI;GRGWGXSDRC;;;LU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
"%SystemDrive%\System Volume Information",2,"D:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
"%SystemDrive%\wmpub",2,"D:P(A;CIOI;GRGWGXSD;;;BU)(A;CIOI;GRGWGXSD;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
;---------------------------------------------------------------------------------------------
;Program Files
;---------------------------------------------------------------------------------------------
"%SceInfProgramFiles%",0,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGWGXSD;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)(A;CIOI;GRGWGXSD;;;S-1-5-13)"
"%SceInfProgramFiles%\Microsoft SQL Server\MSSQL$UDDI",2,"D:P(A;CIOI;GA;;;BA)"
"%SceInfProgramFiles%\WindowsUpdate",2,"D:P(A;CIOI;GRGWGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
"%SceInfCommonProgramFiles%\Microsoft Shared\Speech",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
"%SceInfCommonProgramFiles%\SpeechEngines\Microsoft\TTS",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
;---------------------------------------------------------------------------------------------
;ia64 ProgramFiles Directory
;---------------------------------------------------------------------------------------------
@@:@m:"%SceInfProgramFilesx86%",0,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGWGXSD;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)(A;CIOI;GRGWGXSD;;;S-1-5-13)"
;---------------------------------------------------------------------------------------------
;System Root (Typically \WINDOWS)
;---------------------------------------------------------------------------------------------
"%SystemRoot%",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGWGXSD;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
;Directories that existed and inherited on NT4 out of the box.
;The text-mode files within these directories are individually secured below.
;Config, Cursors, Help, Media, Repair, System, Fonts, INF
;Directories that existed but did not inherit on NT4.
"%SystemRoot%\repair",2,"D:P(A;CI;GRGX;;;BU)(A;CIOI;GRGWGXSD;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
;Directories with a legacy history that now ship in the box.
;Allow Power User Modify on the directory, but Read Only to the files installed during setup.
"%SystemRoot%\addins",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CI;GRGWGXSD;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
"%SystemRoot%\Connection Wizard",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CI;GRGWGXSD;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
"%SystemRoot%\java",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CI;GRGWGXSD;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
"%SystemRoot%\msagent",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CI;GRGWGXSD;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
"%SystemRoot%\twain_32",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CI;GRGWGXSD;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
"%SystemRoot%\Web",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CI;GRGWGXSD;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
;Directories with a legacy history that no longer ship in the box
"%SystemRoot%\speech",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CI;GRGWGXSD;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
;Directories with a legacy history being changed for security reasons
"%SystemRoot%\Debug",2,"D:P(A;;GX;;;BU)(A;;GX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
"%SystemRoot%\Debug\UserMode",2,"D:PAR(A;;0x00100023;;;BU)(A;OIIO;0x00100006;;;BU)(A;CIOI;GRGWGXSD;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)"
"%SystemRoot%\help",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGWGXSD;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)(A;CIOI;GRGWGX;;;S-1-5-13)"
"%SystemRoot%\Temp",2,"D:P(A;CI;0x100026;;;BU)(A;CIOI;GRGWGXSD;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
;Directories with no legacy to preserve. Power Users the same as Users
"%SystemRoot%\AppPatch",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
"%SystemRoot%\Driver Cache",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
"%SystemRoot%\mui",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
"%SystemRoot%\Resources",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
"%SystemRoot%\Security",2,"D:P(A;CI;GX;;;BU)(A;CI;GX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
"%SystemRoot%\Security\templates",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
"%SystemRoot%\Web\printers\prtcabs",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)(A;CIOI;GRGWGXSD;;;NS)"
"%SystemRoot%\WinSxS",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
;Directories that do not exist when security applied during clean-install - Creator specifies directory security.
;We explicitly ignore so as not to whack the component-specified DIRECTORY security on upgrade or reapplication of defaults.
"%SystemRoot%\CSC",1,"D:AR"
; Directories that might not exist when security is applied; but are listed here
; so that they get secured correctly on converting the file system to NTFS
"%SystemRoot%\Installer",2,"D:P(A;CIOI;GRGX;;;WD)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)"
"%SystemRoot%\PCHEALTH\HELPCTR",2,"D:P(A;CIOI;GRGX;;;WD)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
"%SystemRoot%\PCHEALTH\HELPCTR\Config",2,"D:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
"%SystemRoot%\PCHEALTH\HELPCTR\DataColl",2,"D:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
"%SystemRoot%\PCHEALTH\HELPCTR\PackageStore",2,"D:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
"%SystemRoot%\prefetch",2,"D:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)"
"%SystemRoot%\Registration",2,"D:P(A;OI;GRGX;;;WD)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)"
"%SystemRoot%\Registration\CRMLog",0,"D:P(A;;0x1200ab;;;BU)(A;OIIO;GRGWSD;;;BU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)"
"%SystemRoot%\Tasks",2,"D:P(A;;0x1200ab;;;BO)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
;Profiles folder (typically %SystemRoot%\Profiles)
"%Profiles%",1,"D:AR"
;Directories that do not exist when security applied during setup - Creator does not specify directory security.
;Creator should specify FILE security in optional component INF that gets applied on clean-install AND upgrade.
;Omit (rather than ignore) to allow component-specified file security to be set on reapplication of defaults.
;Use MARTA (rather than omit) for any components that set protected run-time security.
;"%SystemRoot%\Downloaded Program Files",0,"D:AR"
;"%SystemRoot%\Offline Web Pages",0,"D:AR"
;"%SystemRoot%\IME",0,"D:AR"
;"%SystemRoot%\mww32",0,"D:AR"
;"%SystemRoot%\PCHEALTH",0,"D:AR"
;"%SystemRoot%\SchCache",0,"D:AR"
;"%SystemRoot%\srchasst",0,"D:AR"
;---------------------------------------------------------------------------------------------
;System Directory (Typically \Windows\System32)
;---------------------------------------------------------------------------------------------
"%SystemDirectory%",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGWGXSD;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
;Directories that existed and inherited on NT4 out of the box.
;The text-mode files within these directories are individually secured below.
;OS2, RAS, Spool, Viewers, WINS, Certsrv
;Directories that existed but did not inherit on NT4.
"%SystemDirectory%\config",2,"D:P(A;CI;GRGX;;;BU)(A;CI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
;Profile for system account - moved from Docs and Settings in Whistler. Creator specifies security.
"%SystemDirectory%\config\systemprofile",1,"D:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)"
"%SystemDirectory%\dhcp",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
"%SystemDirectory%\dllcache",2,"D:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
"%SystemDirectory%\drivers",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
;Directories with a legacy history that now ship in the box.
;Allow Power User Modify on the directory, but Read Only to the files installed during setup.
"%SystemDirectory%\ShellExt",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CI;GRGWGXSD;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
"%SystemDirectory%\wbem",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CI;GRGWGXSD;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
;Directories with a legacy history that no longer ship in the box
;
;Directories with a legacy history being changed for security reasons
"%SystemDirectory%\catroot",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
"%SystemDirectory%\catroot2",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
"%SystemDirectory%\ias",2,"D:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
;Directories with no legacy to preserve. Power Users the same as Users
"%SystemDirectory%\3com_dmi",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
"%SystemDirectory%\administration",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
"%SystemDirectory%\Export",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
"%SystemDirectory%\icsxml",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
"%SystemDirectory%\LogFiles",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
"%SystemDirectory%\mui",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
@@:@i:"%SystemDirectory%\oobe",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
;Directories with no legacy to preserve. Different from parent.
"%SystemDirectory%\LogFiles\ShutDown",2,"D:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)"
"%SystemDirectory%\setup",2,"D:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
"%SystemDirectory%\wbem\mof",2,"D:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
"%SystemDirectory%\wbem\repository",2,"D:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
"%SystemDirectory%\wbem\logs",2,"D:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)(A;CIOI;GRGXGW;;;NS)(A;CIOI;GRGXGW;;;LS)"
"%SystemDirectory%\wbem\AutoRecover",2,"D:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
;Directories that do not exist when security applied during clean-install - Creator specifies directory security.
;We explicitly ignore so as not to whack the component-specified DIRECTORY security on upgrade or reapplication of defaults.
"%SystemDirectory%\appmgmt",1,"D:AR"
"%SystemDirectory%\DTCLog",1,"D:AR"
"%SystemDirectory%\ReinstallBackups",1,"D:AR"
"%SystemDirectory%\repl",1,"D:AR"
; Directories that might not exist when security is applied; but are listed here
; so that they get secured correctly on converting the file system to NTFS
"%SystemDirectory%\com\dmp",2,"D:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)"
"%SystemDirectory%\CPL.CFG",2,"D:(A;CIOI;GA;;;NS)"
"%SystemDirectory%\CertLog",2,"D:P(A;CIOI;GA;;;BO)(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICIIO;FA;;;CO)"
"%SystemDirectory%\FxsTmp",2,"D:P(A;;0x100003;;;BU)(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICIIO;FA;;;CO)"
"%SystemDirectory%\GroupPolicy",2,"D:P(A;CIOI;GRGX;;;AU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)"
"%SystemDirectory%\LLS",2,"D:(A;CIOI;GA;;;NS)"
"%SystemDirectory%\LLS\CPL.CFG",2,"D:P(A;CIOI;GA;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
"%SystemDirectory%\LLS\LlsCert.LLS",2,"D:P(A;CIOI;GA;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
"%SystemDirectory%\LLS\LlsMap.LLS",2,"D:P(A;CIOI;GA;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
"%SystemDirectory%\LLS\LlsUser.LLS",2,"D:P(A;CIOI;GA;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
"%SystemDirectory%\LogFiles\Fax\Incoming",2,"D:P(A;CIOI;GA;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
"%SystemDirectory%\LogFiles\Fax\Outgoing",2,"D:P(A;CIOI;GA;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
"%SystemDirectory%\LogFiles\UDDI",2,"D:(A;CIOI;GRGWGXSD;;;NS)"
"%SystemDirectory%\LogFiles\wms",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GRGWGXSD;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
"%SystemDirectory%\LServer",2,"D:P(A;OICI;GRGWGXDTSDCCLC;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
"%SystemDirectory%\msdtc",2,"D:P(A;OICI;GRGWGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
"%SystemDirectory%\msmq",2,"D:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
"%SystemDirectory%\NTMSData",2,"D:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)"
"%SystemDirectory%\RemoteStorage",2,"D:P(A;CIOI;GRGX;;;BO)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)"
"%SystemDirectory%\spool\printers",2,"D:P(A;CI;0x1000ae;;;BU)(A;CI;0x1000ae;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
"%SystemDirectory%\tssesdir",2,"D:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
"%SystemDirectory%\Windows media",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGWGXSD;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
;Directories that do not exist when security applied during setup - Creator does not specify directory security.
;Creator should specify FILE security in optional component INF that gets applied on clean-install AND upgrade.
;Omit (rather than ignore) to allow component-specified file security to be set on reapplication of defaults.
;Use MARTA (rather than omit) for any components that set protected run-time security.
;"%SystemDirectory%\Cache",0,"D:AR"
;"%SystemDirectory%\clients",0,"D:AR"
;"%SystemDirectory%\Com",0,"D:AR"
;"%SystemDirectory%\inetsrv",0,"D:AR"
;"%SystemDirectory%\Microsoft",0,"D:AR"
;"%SystemDirectory%\netmon",0,"D:AR"
;"%SystemDirectory%\npp",0,"D:AR"
;"%SystemDirectory%\oobe",0,"D:AR"
;"%SystemDirectory%\restore",0,"D:AR"
;"%SystemDirectory%\reminst",0,"D:AR"
;"%SystemDirectory%\rocket",0,"D:AR"
;"%SystemDirectory%\usmt",0,"D:AR"
;-----------------------------------------------------------------------------------------
; SysWOW64 directories
;-----------------------------------------------------------------------------------------
@@:@6:"%Systemroot%\SysWOW64",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGWGXSD;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
@@:@6:"%Systemroot%\SysWOW64\wbem",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CI;GRGWGXSD;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
@@:@6:"%Systemroot%\SysWOW64\Export",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;PU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
@@:@6:"%Systemroot%\SysWOW64\ias",2,"D:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
;-----------------------------------------------------------------------------------------
;Individual File Settings.
;So that Power User Modify is not inherited from parent.
;-----------------------------------------------------------------------------------------
"%Systemroot%\*",2,"D:P(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
Exception="win.ini"
"%Systemroot%\System\*",2,"D:P(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemroot%\Inf\*",2,"D:P(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
Exception="msmail.inf"
"%Systemroot%\Help\*",2,"D:P(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemroot%\Help\mail\smtpsnap.cnt",2,"D:P(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemroot%\Help\mail\smtpsnap.hlp",2,"D:P(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemroot%\Help\news\nntpsnap.cnt",2,"D:P(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemroot%\Help\news\nntpsnap.hlp",2,"D:P(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemroot%\Fonts\*",2,"D:P(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemroot%\Config\*",2,"D:P(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemroot%\Media\*",2,"D:P(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemroot%\Cursors\*",2,"D:P(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemroot%\repair\default",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemroot%\repair\ntuser.dat",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemroot%\repair\sam",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemroot%\repair\security",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemroot%\repair\software",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemroot%\repair\system",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
"%SystemRoot%\TAPI\tsec.ini",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\hal.dll",2,"D:P(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\inetsrv\aqadmin.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\inetsrv\aqueue.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\inetsrv\ddrop.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\inetsrv\isrpc.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\inetsrv\mailmsg.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\inetsrv\nntpadm.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\inetsrv\nntpfs.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\inetsrv\nntpsnap.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\inetsrv\nntpsvc.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\inetsrv\ntfsdrv.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\inetsrv\rcancel.vbs",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\inetsrv\regfilt.vbs",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\inetsrv\rexpire.vbs",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\inetsrv\rfeed.vbs",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\inetsrv\rgroup.vbs",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\inetsrv\rsess.vbs",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\inetsrv\SCRIPTO.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\inetsrv\seo.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\inetsrv\seos.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\inetsrv\smtpadm.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\inetsrv\smtpsnap.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\inetsrv\smtpsvc.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\netmon\bhsupp.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\netmon\hexedit.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\netmon\netmon.exe",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\netmon\netmon.ini",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\netmon\nmapi.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\netmon\parser.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\netmon\parser.ini",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\netmon\slbs.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\netmon\default.adr",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\netmon\captures\default.cf",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\netmon\captures\default.df",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\netmon\parsers\atalk.ini",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\netmon\parsers\atalk.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\netmon\parsers\BONE.DLL",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\netmon\parsers\BROWSER.DLL",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\netmon\parsers\FRAME.DLL",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\netmon\parsers\IPX.DLL",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\netmon\parsers\IPX.INI",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\netmon\parsers\LLC.DLL",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\netmon\parsers\LLC.INI",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\netmon\parsers\MAC.DLL",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\netmon\parsers\MAC.INI",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\netmon\parsers\MSRPC.DLL",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\netmon\parsers\MSRPC.INI",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\netmon\parsers\NCP.DLL",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\netmon\parsers\NETBIOS.DLL",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\netmon\parsers\NETLOGON.DLL",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\netmon\parsers\PPP.DLL",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\netmon\parsers\PPP.INI",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\netmon\parsers\PPPOE.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\netmon\parsers\SMB.DLL",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\netmon\parsers\SNMP.DLL",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\netmon\parsers\TCPIP.DLL",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\netmon\parsers\TCPIP.INI",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\netmon\parsers\TRAIL.DLL",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\netmon\parsers\TRAIL.INI",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\netmon\parsers\VINES.DLL",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\netmon\parsers\VINES.INI",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\netmon\parsers\XNS.DLL",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\netmon\parsers\XNS.INI",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\netmon\parsers\LOGON.DLL",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\netmon\parsers\LSARPC.DLL",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\netmon\parsers\WINSPL.DLL",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\netmon\parsers\RSVP.DLL",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\netmon\parsers\LANE.DLL",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\netmon\parsers\ATMARP.DLL",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\netmon\parsers\ATMARP.INI",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\netmon\parsers\LDAP.DLL",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\netmon\parsers\mcast.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\netmon\parsers\kerbprsr.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\netmon\parsers\upnpparser.dll",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\netmon\parsers\upnpparser.ini",2,"D:P(A;;GRGX;;;WD)(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\*",2,"D:P(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
Exception="autoexec.nt"
Exception="cmos.ram"
Exception="config.nt"
Exception="hpmon.dll"
Exception="hpmon.hlp"
Exception="localmon.dll"
Exception="midimap.cfg"
Exception="append.exe"
Exception="arp.exe"
Exception="at.exe"
Exception="atmadm.exe"
Exception="attrib.exe"
Exception="bootcfg.exe"
Exception="cacls.exe"
Exception="certreq.exe"
Exception="certutil.exe"
Exception="change.exe"
Exception="chcp.com"
Exception="chglogon.exe"
Exception="chgport.exe"
Exception="chgusr.exe"
Exception="chkdsk.exe"
Exception="chkntfs.exe"
Exception="choice.exe"
Exception="cidaemon.exe"
Exception="cipher.exe"
Exception="clip.exe"
Exception="cluster.exe"
Exception="cmd.exe"
Exception="cmdkey.exe"
Exception="comclust.exe"
Exception="command.com"
Exception="comp.exe"
Exception="compact.exe"
Exception="convert.exe"
Exception="convlog.exe"
Exception="cprofile.exe"
Exception="cscript.exe"
Exception="csvde.exe"
Exception="dcgpofix.exe"
Exception="dcphelp.exe"
Exception="debug.exe"
Exception="defrag.exe"
Exception="dfscmd.exe"
Exception="diantz.exe"
Exception="diskcomp.com"
Exception="diskcopy.com"
Exception="diskpart.exe"
Exception="diskperf.exe"
Exception="dns.exe"
Exception="doskey.exe"
Exception="dosx.exe"
Exception="driverquery.exe"
Exception="dsadd.exe"
Exception="dsget.exe"
Exception="dsmod.exe"
Exception="dsmove.exe"
Exception="dsquery.exe"
Exception="dsrm.exe"
Exception="edit.com"
Exception="edlin.exe"
Exception="esentutl.exe"
Exception="eventcreate.exe"
Exception="eventtriggers.exe"
Exception="evntcmd.exe"
Exception="exe2bin.exe"
Exception="expand.exe"
Exception="fastopen.exe"
Exception="fc.exe"
Exception="find.exe"
Exception="findstr.exe"
Exception="finger.exe"
Exception="flattemp.exe"
Exception="forcedos.exe"
Exception="forfiles.exe"
Exception="format.com"
Exception="freedisk.exe"
Exception="fsutil.exe"
Exception="ftp.exe"
Exception="fxssvc.exe"
Exception="getmac.exe"
Exception="gettype.exe"
Exception="gpresult.exe"
Exception="gpupdate.exe"
Exception="graftabl.com"
Exception="graphics.com"
Exception="grovel.exe"
Exception="help.exe"
Exception="hostname.exe"
Exception="iisreset.exe"
Exception="inuse.exe"
Exception="ipconfig.exe"
Exception="ipsec6.exe"
Exception="ipxroute.exe"
Exception="ismserv.exe"
Exception="jetconv.exe"
Exception="jetpack.exe"
Exception="kb16.com"
Exception="label.exe"
Exception="ldifde.exe"
Exception="loadfix.com"
Exception="locator.exe"
Exception="lodctr.exe"
Exception="logman.exe"
Exception="logoff.exe"
Exception="lpq.exe"
Exception="lpr.exe"
Exception="lserver.exe"
Exception="macfile.exe"
Exception="makecab.exe"
Exception="mem.exe"
Exception="mode.com"
Exception="more.com"
Exception="mountvol.exe"
Exception="mqbkup.exe"
Exception="mqdssvc.exe"
Exception="mqsvc.exe"
Exception="mqtgsvc.exe"
Exception="mrinfo.exe"
Exception="mscdexnt.exe"
Exception="msg.exe"
Exception="msiexec.exe"
Exception="nbtstat.exe"
Exception="net.exe"
Exception="net1.exe"
Exception="netsh.exe"
Exception="netstat.exe"
Exception="nlb.exe"
Exception="nlsfunc.exe"
Exception="nslookup.exe"
Exception="ntbackup.exe"
Exception="ntdsutil.exe"
Exception="ntfrs.exe"
Exception="ntsd.exe"
Exception="ntvdm.exe"
Exception="nw16.exe"
Exception="nwscript.exe"
Exception="odbcconf.exe"
Exception="openfiles.exe"
Exception="pathping.exe"
Exception="pentnt.exe"
Exception="ping.exe"
Exception="ping6.exe"
Exception="powercfg.exe"
Exception="print.exe"
Exception="proxycfg.exe"
Exception="qappsrv.exe"
Exception="qprocess.exe"
Exception="query.exe"
Exception="quser.exe"
Exception="qwinsta.exe"
Exception="rasautou.exe"
Exception="rasdial.exe"
Exception="rcp.exe"
Exception="recover.exe"
Exception="redir.exe"
Exception="reg.exe"
Exception="regini.exe"
Exception="register.exe"
Exception="regsvr32.exe"
Exception="relog.exe"
Exception="replace.exe"
Exception="reset.exe"
Exception="rexec.exe"
Exception="route.exe"
Exception="routemon.exe"
Exception="rsh.exe"
Exception="RsLnk.exe"
Exception="rsm.exe"
Exception="Rss.exe"
Exception="RsServ.exe"
Exception="RsTore.exe"
Exception="runas.exe"
Exception="rwinsta.exe"
Exception="sacsess.exe"
Exception="sc.exe"
Exception="scardsvr.exe"
Exception="schtasks.exe"
Exception="schupgr.exe"
Exception="secedit.exe"
Exception="setver.exe"
Exception="setx.exe"
Exception="sfc.exe"
Exception="sfmprint.exe"
Exception="sfmpsexe.exe"
Exception="sfmsvc.exe"
Exception="shadow.exe"
Exception="share.exe"
Exception="shutdown.exe"
Exception="snmp.exe"
Exception="snmptrap.exe"
Exception="sort.exe"
Exception="subst.exe"
Exception="systeminfo.exe"
Exception="takeown.exe"
Exception="tapicfg.exe"
Exception="taskkill.exe"
Exception="tasklist.exe"
Exception="tcpsvcs.exe"
Exception="telnet.exe"
Exception="tftp.exe"
Exception="tftpd.exe"
Exception="timeout.exe"
Exception="tlntadmn.exe"
Exception="tlntsess.exe"
Exception="tracerpt.exe"
Exception="tracert.exe"
Exception="tracert6.exe"
Exception="tree.com"
Exception="tscon.exe"
Exception="tsdiscon.exe"
Exception="tsecimp.exe"
Exception="tskill.exe"
Exception="tsprof.exe"
Exception="tssdis.exe"
Exception="tsshutdn.exe"
Exception="typeperf.exe"
Exception="unlodctr.exe"
Exception="upg351db.exe"
Exception="ups.exe"
Exception="verifier.exe"
Exception="vssadmin.exe"
Exception="vwipxspx.exe"
Exception="w32tm.exe"
Exception="waitfor.exe"
Exception="where.exe"
Exception="whoami.exe"
Exception="win.com"
Exception="wins.exe"
Exception="wlbs.exe"
Exception="xcopy.exe"
Exception="wpa.bak"
Exception="wpa.dbl"
"%Systemdirectory%\cmd.exe",2,"D:P(A;;GRGX;;;IU)(A;;GRGX;;;SU)(A;;GA;;;BA)(A;;GA;;;SY)(A;;GA;;;CO)"
"%Systemdirectory%\wpa.bak",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\wpa.dbl",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\OS2\*",2,"D:P(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\OS2\DLL\*",2,"D:P(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\RAS\*",2,"D:P(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"
"%Systemdirectory%\Viewers\*",2,"D:P(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)"