archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 744f0b4006
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '744f0b4006'
${ noResults }
windows-xp/Source/XPSP1/NT/mergedcomponents/setupinfs/perms.inx

602 lines
25 KiB
Raw Normal View History

Add source files
4 years ago
  1. [version]
  2. signature="$CHICAGO$"
  3. ClassGUID={00000000-0000-0000-0000-000000000000}
  4. LayoutFile=layout.inf
  7. [Directories]
  8. ;
  9. ; ACLs for directories themselves
  10. ;
  11. ; LHS is directory: if starts with \ then relative to
  12. ; drive containing system, otherwise relative to sysroot
  13. ;
  14. ; RHS1 is ACL to put on directory itself; looked up in [ACL] section
  15. ; RHS2 is default ACL for files in that directory, looked up in [ACL section]
  16. ; If not present then files in that dir are not stamped with an ACL by default.
  17. ;
  18. @@:@@:"" = d1,f1 ; don't use \ or we think it's x:\ (which is bad)
  19. @@:@@:system32 = d1,f1
  20. @@:@@:system32\config = d2,f1
  21. @@:@@:system32\drivers = d3,f1
  22. @@:@@:system = d1,f1
  23. @@:@@:system32\ras = d4,f1
  24. @@:@@:system32\spool = d5,f1
  25. @@:@@:system32\spool\drivers = d5,f3
  26. @@:@i:system32\spool\drivers\w32x86\2 = d5,f3
  27. @@:@@:system32\spool\printers = d5,f3
  28. @@:@@:system32\spool\prtprocs = d5,f3
  29. @@:@i:system32\spool\prtprocs\w32x86 = d5,f3
  30. @@:@@:system32\dhcp = d3,f1
  31. @@:@@:repair = d11
  32. @@:@@:system32\drivers\etc = d3,f1
  33. @@:@i:system32\spool\drivers\w32x86 = d5,f1
  34. @@:@@:system32\viewers = d1,f1
  35. @@:@@:inf = d1,f1
  36. @@:@@:help = d1,f1
  37. @@:@@:fonts = d1,f1
  38. @@:@@:config = d1,f1
  39. @@:@@:Media = d1,f1
  40. @@:@@:Cursors = d1,f1
  41. @@:@@:system32\repl = d3
  42. @@:@@:system32\repl\import = d7
  43. @@:@@:system32\repl\import\scripts = d7
  44. @@:@@:system32\repl\export = d7
  45. @@:@@:system32\repl\export\scripts = d7
  46. @@:@@:security\templates = d7,f1
  48. \users = d8
  49. \users\default = d9
  50. \ = d10
  51. \temp = d10
  54. [FileOverride]
  55. ;
  56. ; Files that are not listed here get default for their directory
  57. ; The left hand side is the file name relative to sysroot. RHS is
  58. ; the ACL spec, which is looked up in [ACL]
  59. ;
  60. system32\autoexec.nt = f2
  61. system32\cmos.ram = f2
  62. system32\config.nt = f2
  63. system32\decpsmon.dll = f3
  64. system32\decpsmon.hlp = f3
  65. system32\hpmon.dll = f3
  66. system32\hpmon.hlp = f3
  67. system32\midimap.cfg = f2
  68. win.ini = f4
  70. [ExtraFiles]
  71. ;
  72. ; Use only for files that are not listed in layout.inf for some reason.
  73. ; LHS is path relative to sysroot (if not starting with \) or a full path
  74. ; for the drive with the system on it (starting with \)
  75. ;
  76. ; RHS is ACL.
  77. ;
  78. system32\wins\system.mdb = f1
  80. ;
  81. ; ACE codes:
  82. ;
  83. ; Index Permission Inherit
  84. ;
  85. ; 1 AccountOpsRWXD Containers
  86. ; 2 AdminAll Containers, Objects
  87. ; 3 AdminRWXD Containers
  88. ; 4 CreatorOwnerAll Containers, Objects
  89. ; 5 NetUsersDenyAll Containers, Objects
  90. ; 6 PrintOperatorsAll Containers, Objects
  91. ; 7 ReplicatorRWXD Containers, Objects
  92. ; 8 ReplicatorRX Containers, Objects
  93. ; 9 SysOpsAll Containers, Objects
  94. ; 10 SysOpsRWXD Containers, Objects
  95. ; 11 WorldAll Containers, Objects
  96. ; 12 WorldRWX Containers
  97. ; 13 WorldRWXD Containers, Objects
  98. ; 14 WorldRX Containers
  99. ; 15 WorldRX Containers, Objects
  100. ; 16 WorldRWX Containers, Objects
  101. ; 17 SystemAll Containers, Objects
  102. ; 18 PowerUsersRWXD Containers, Objects
  103. ;
  105. @s:[ServerACL]
  106. @s:;
  107. @s:; List of ACL profiles for server security
  108. @s:;
  109. @s:d1 = 2,13,4,10,17
  110. @s:d2 = 14,4,2,17
  111. @s:d3 = 15,4,2,9,17
  112. @s:d4 = 15,4,2,9,13,17
  113. @s:d5 = 15,4,2,9,6,17
  114. @s:d6 = 2,4,9,15,17,18
  115. @s:d7 = 15,10,2,7,4,17
  116. @s:d8 = 14,3,1,17
  117. @s:d9 = 12,4,17
  118. @s:d10= 2,13,4,10,17
  119. @s:d11= 2,17
  121. @s:f1 = 2,15,10,17
  122. @s:f2 = 2,13,10,17
  123. @s:f3 = 2,15,9,6,17
  124. @s:f4 = 11
  126. @@:[WorkstationACL]
  127. ;
  128. ; List of ACL profiles for workstation security
  129. ; Also used for member servers so this section
  130. ; appears in both versions of the inf
  131. ;
  132. @@:d1 = 2,13,4,17
  133. @@:d2 = 2,4,14,17
  134. @@:d3 = 15,4,2,17
  135. @@:d4 = 15,4,2,13,17,18
  136. @@:d5 = 15,4,2,17,18
  137. @@:d6 = 2,4,15,17,18
  138. @@:d7 = 15,2,7,4,17
  139. @@:d8 = 14,3,17
  140. @@:d9 = 12,4,17
  141. @@:d10= 2,13,4,17
  142. @@:d11= 2,17
  144. @@:f1 = 2,15,17
  145. @@:f2 = 2,13,17
  146. @@:f3 = 2,15,17,18
  147. @@:f4 = 11
  150. @@:@i:[BootFiles]
  151. @@:@i:;
  152. @@:@i:; x86 boot files and the root of C:
  153. @@:@i:;
  154. @@:@i:\ = d1
  155. @@:@i:\boot.ini = f1
  156. @@:@i:\ntbootdd.sys = f1
  157. @@:@i:\ntdetect.com = f1
  158. @@:@i:\ntldr = f1
  160. @@:@a:[BootFiles]
  161. @@:@a:;
  162. @@:@a:; amd64 boot files and the root of C:
  163. @@:@a:;
  164. @@:@a:\ = d1
  165. @@:@a:\boot.ini = f1
  166. @@:@a:\ntdetect.com = f1
  167. @@:@a:\ntldr = f1
  169. ;
  170. ; ACE codes for the registry
  171. ;
  172. ; Index Permission Inherit
  173. ;
  174. ; 1 AdminFull Containers
  175. ; 2 AdminR Containers
  176. ; 3 AdminRW Containers
  177. ; 4 AdminRWD Containers
  178. ; 5 CreatorFull Containers
  179. ; 6 CreatorRW Containers
  180. ; 7 WorldFull Containers
  181. ; 8 WorldR Containers
  182. ; 9 WorldRW Containers
  183. ; 10 WorldRWD Containers
  184. ; 11 PowerUserFull Containers
  185. ; 12 PowerUserRW Containers
  186. ; 13 PowerUserRWD Containers
  187. ; 14 SystemOpFull Containers
  188. ; 15 SystemOpRW Containers
  189. ; 16 SystemOpRWD Containers
  190. ; 17 SystemFull Containers
  191. ; 18 SystemRW Containers
  192. ; 19 SystemR Containers
  193. ; 20 AdminRWE Containers
  194. ; 21 InteractiveUserFull Containers
  195. ; 22 InteractiveUserRead Containers
  196. ; 23 InteractiveUserRW Containers
  197. ; 24 InteractiveUserRWD Containers
  198. ; 25 NormalUsersRW Containers
  199. ;
  201. [RegistryDACLs]
  202. r1 = 1 ; [AdminFull]
  203. r2 = 1,17 ; [AdminFull SystemFull]
  204. r3 = 8,1 ; [WorldR AdminFull]
  205. r4 = 8,1,5,17 ; [WorldR AdminFull CreatorFull SystemFull]
  206. r5 = 8,1,5,16,17 ; [WorldR AdminFull CreatorFull SystemOpRWD SystemFull]
  207. r6 = 8,1,5,16,13,17 ; [WorldR AdminFull CreatorFull SystemOpRWD PowerRWD SystemFull]
  208. r7 = 8,1,17 ; [WorldR AdminFull SystemFull]
  209. r8 = 8,1,15,17 ; [WorldR AdminFull SystemOpRW SystemFull]
  210. r9 = 8,1,16,13,5,17 ; [WorldR AdminFull SystemOpRWD PowerRWD CreatorFull SystemFull]
  211. r10= 8,1,14,5,17 ; [WorldR AdminFull SystemOpFull CreatorFull SystemFull]
  212. r11= 8,1,15,12,5,17 ; [WorldR AdminFull SystemOpRW PowerRW CreatorFull SystemFull]
  213. r12= 8,1,16,13,5,17 ; [WorldR AdminFull SystemOpRWD PowerRWD CreatorFull SystemFull]
  214. r13= 8,4,17 ; [WorldR AdminRWD SystemFull]
  215. r14= 8,24,1,5,17 ; [WorldR InteractiveRWD AdminFull CreatorFull SystemFull]
  216. r15= 8,17 ; [WorldR SystemFull]
  217. r16= 9,1,5,17 ; [WorldRW AdminFull CreatorFull SystemFull]
  218. r17= 9,1,16,13,5,17 ; [WorldRW AdminFull SystemOpRWD PowerRWD CreatorFull SystemFull]
  219. r18= 10,1,5,17 ; [WorldRWD AdminFull CreatorFull SystemFull]
  222. ;
  223. ; [Phase1RootKeys]
  224. ;
  225. ; [Phase2RootKeys]
  226. ;
  227. ; These sections list the root keys to be proccessed for
  228. ; security, on phase 1, and phase 2, respectivelly.
  229. ; These sections have the following format:
  230. ;
  231. ; [Phase1RootKeys]
  232. ; <Predefined key spec>, <Key path>, <DACL spec>, <Recurse flag>, <section name 1>, <section name 2>
  233. ;
  234. ; where:
  235. ;
  236. ; <Predef key spec>: A string associated with one of the predefined handles.
  237. ; It can be one of the following: HKLM for HKEY_LOCAL_MACHINE
  238. ; HKCR for HKEY_CLASSES_ROOT
  239. ; HKCU for HKEY_CURRENT_USER
  240. ; HKU for HKEY_USERS
  241. ; HKCC for HKEY_CURRENT_CONFIG
  242. ; This parameter is required.
  243. ;
  244. ;
  245. ; <Key path>: Path to a key to secure.
  246. ; The path is relative to a predefined key.
  247. ; If the key is a predefined key, then an empty string ""
  248. ; should be used as a key name.
  249. ; This parameter is required.
  250. ;
  251. ; <Recurse flag>: A flag that indicates if the DACL should be applied to
  252. ; the key and all its subkeys.
  253. ; It can be one of the following: 0... Apply to key only
  254. ; 1... Apply to key and subkeys
  255. ; If this parameter is not sopecified, or is invalid, '1' will
  256. ; be assumed.
  257. ;
  258. ; <DACL spec>: A string associated to the DACL to be applied to the key.
  259. ; It has to be one of the keys specified on [RegistryACL].
  260. ; This parameter is required.
  261. ;
  262. ; <section name 1>: This is an optional parameter.
  263. ; If present it indicates the section that contains the path
  264. ; to the subkeys (relative to <Key Path>) that should not be
  265. ; processed for security.
  266. ;
  267. ; The information in this section has the following format:
  268. ;
  269. ; [<section name 1>]
  270. ; <Key path 1>
  271. ; <Key path 2>
  272. ; .
  273. ; .
  274. ; .
  275. ;
  276. ; Where <Key path N> is relative to <Key path>
  277. ;
  278. ;
  279. ; <section name 2>: This is an optional parameter.
  280. ; If present it indicates the section that contains the path
  281. ; to the subkeys (relative to <Key Path>) that should get a
  282. ; DACL that is different than the one applied to <Key path>.
  283. ;
  284. ; The information in this section has the following format:
  285. ;
  286. ; [<section name 2>]
  287. ; <Key path 1> = <DACL spec 1>
  288. ; <Key path 2> = <DACL spec 2>
  289. ; .
  290. ; .
  291. ; .
  292. ;
  293. ; Where:
  294. ;
  295. ; <Key path N>: is a path to the key relative to <Key path>
  296. ;
  297. ; <Acl spec N>: A string associated to the DACL to be applied to the key.
  298. ; It has to be one of the keys specified on [RegistryDACLs].
  299. ; This parameter is required.
  300. ;
  301. ;
  302. ;
  303. [Phase1RootKeys]
  304. HKCU,"",1,r7,"HKCU.SKIP","HKCU.EXCEPTIONS" ; [AdminFull SystemFull WorldR]
  306. ;;;;;;;
  307. ;
  308. ; HKEY_CURRENT_USER (DEFAULT hive) sepcial keys
  309. ;
  310. ;;;;;;;
  312. [HKCU.SKIP]
  313. ;
  314. ; Subkeys of HKEY_CURRENT_USER that should not
  315. ; have security descriptors applied to them.
  316. ;
  318. [HKCU.EXCEPTIONS]
  319. ;
  320. ; Subkeys of HKEY_CLASSES_ROOT that should have a security
  321. ; descriptor applied to them and their subkeys, that is differnet than
  322. ; the one applied to their parent keys.
  323. ;
  324. "Software\Microsoft\NetDDE" = r2 ; [SystemFull AdminFull]
  325. "Software\Microsoft\Windows\CurrentVersion\Policies" = r12 ; [WorldR AdminFull SystemOpRWD PowerRWD SystemFull CreatorFull]
  326. "Software\Policies" = r7 ; [WorldR AdminFull SystemFull]
  331. [Phase2RootKeys]
  332. HKLM,"SOFTWARE",1,r18,"HKLM.SOFTWARE.SKIP","HKLM.SOFTWARE.EXCEPTIONS" ; [WorldRWD AdminFull SystemFull CreatorFull]
  333. HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib",0,r4 ; [WorldR AdminFull CreatorFull SystemFull]
  334. HKLM,"SYSTEM",1,r18,"HKLM.SYSTEM.SKIP","HKLM.SYSTEM.EXCEPTIONS" ; [WorldR AdminRWD SystemFull]
  335. HKCR,"",1,r14,"HKCR.SKIP","HKCR.EXCEPTIONS" ; [WorldR InteractiveRWD AdminFull SystemFull CreatorFull]
  338. ;;;;;;;
  339. ;
  340. ; HKEY_LOCAL_MACHINE\SOFTWARE sepcial keys
  341. ;
  342. ;;;;;;;
  344. [HKLM.SOFTWARE.SKIP]
  345. ;
  346. ; Subkeys of HKEY_LOCAL_MACHINE\SOFTWARE that should not have a security
  347. ; descriptor applied to them.
  348. ;
  349. "SOFTWARE\Classes"
  350. "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib"
  353. [HKLM.SOFTWARE.EXCEPTIONS]
  354. ;
  355. ; Subkeys of HKEY_LOCAL_MACHINE\SOFTWARE that should have a security
  356. ; descriptor applied to them and their subkeys, that is differnet than
  357. ; the one applied to their parent keys.
  358. ;
  359. "SOFTWARE\Policies" = r7 ; [WorldR AdminFull SystemFull]
  360. "SOFTWARE\Program Groups" = r9 ; [WorldR AdminFull SystemFull SystemOpRWD PowerRWD CreatorFull]
  362. "SOFTWARE\Secure" = r10 ; [WorldR AdminFull SystemOpFull SystemFull CreatorFull]
  364. "SOFTWARE\Microsoft" = r18 ; [WorldRWD AdminFull SystemFull CreatorFull]
  366. "SOFTWARE\Microsoft\Command Processor" = r4 ; [WorldR AdminFull SystemFull CreatorFull]
  368. "SOFTWARE\Microsoft\NetDDE" = r2 ; [SystemFull AdminFull]
  370. "SOFTWARE\Microsoft\Ole" = r4 ; [WorldR AdminFull SystemFull CreatorFull]
  372. "SOFTWARE\Microsoft\Rpc" = r4 ; [WorldR AdminFull SystemFull CreatorFull]
  373. "SOFTWARE\Microsoft\Rpc\ClientProtocols" = r4 ; [WorldR AdminFull SystemFull CreatorFull]
  374. "SOFTWARE\Microsoft\Rpc\NameService" = r4 ; [WorldR AdminFull SystemFull CreatorFull]
  375. "SOFTWARE\Microsoft\Rpc\NetBios" = r4 ; [WorldR AdminFull SystemFull CreatorFull]
  376. "SOFTWARE\Microsoft\Rpc\ServerProtocols" = r4 ; [WorldR AdminFull SystemFull CreatorFull]
  378. "SOFTWARE\Microsoft\Secure" = r10 ; [WorldR AdminFull SystemOpFull SystemFull CreatorFull]
  380. "SOFTWARE\Microsoft\Windows" = r17 ; [WorldRW AdminFull SystemOpRWD PowerRWD SystemFull CreatorFull]
  381. "SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths" = r16 ; [WorldRW AdminFull SystemFull CreatorFull]
  382. "SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" = r5 ; [WorldR AdminFull SystemOpRWD SystemFull CreatorFull]
  383. "SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions" = r12 ; [WorldR AdminFull SystemOpRWD PowerRWD SystemFull CreatorFull]
  384. "SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony" = r6 ; [WorldR AdminFull SystemFull CreatorFull SystemOpRWD PowerRWD]
  386. "SOFTWARE\Microsoft\Windows NT" = r12 ; [WorldR AdminFull SystemOpRWD PowerRWD SystemFull CreatorFull]
  387. "SOFTWARE\Microsoft\Windows NT\CurrentVersion" = r12 ; [WorldR AdminFull SystemOpRWD PowerRWD SystemFull CreatorFull]
  388. "SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug" = r16 ; [WorldRW AdminFull SystemFull CreatorFull]
  389. "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility" = r16 ; [WorldRW AdminFull SystemFull CreatorFull]
  390. "SOFTWARE\Microsoft\Windows NT\CurrentVersion\DiskQuota" = r4 ; [WorldR AdminFull SystemFull CreatorFull]
  391. "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers" = r16 ; [WorldRW AdminFull SystemFull CreatorFull]
  392. "SOFTWARE\Microsoft\Windows NT\CurrentVersion\drivers.desc" = r16 ; [WorldRW AdminFull SystemFull CreatorFull]
  393. "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32" = r4 ; [WorldR AdminFull SystemFull CreatorFull]
  394. "SOFTWARE\Microsoft\Windows NT\CurrentVersion\EFS" = r16 ; [WorldRW AdminFull SystemFull CreatorFull]
  395. "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Embedding" = r16 ; [WorldRW AdminFull SystemFull CreatorFull]
  396. "SOFTWARE\Microsoft\Windows NT\CurrentVersion\File Manager" = r6 ; [WorldR AdminFull SystemFull CreatorFull SystemOpRWD PowerRWD]
  397. "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Font Drivers" = r3 ; [WorldR AdminFull]
  398. "SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontCache" = r3 ; [WorldR AdminFull]
  399. "SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontMapper" = r3 ; [WorldR AdminFull]
  400. "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts" = r16 ; [WorldRW AdminFull SystemFull CreatorFull]
  401. "SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes" = r16 ; [WorldRW AdminFull SystemFull CreatorFull]
  402. "SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize" = r16 ; [WorldRW AdminFull SystemFull CreatorFull]
  403. "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options" = r4 ; [WorldR AdminFull SystemFull CreatorFull]
  404. "SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping" = r4 ; [WorldR AdminFull SystemFull CreatorFull]
  405. "SOFTWARE\Microsoft\Windows NT\CurrentVersion\MCI" = r16 ; [WorldRW AdminFull SystemFull CreatorFull]
  406. "SOFTWARE\Microsoft\Windows NT\CurrentVersion\MCI Extensions" = r16 ; [WorldRW AdminFull SystemFull CreatorFull]
  407. "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Midimap" = r16 ; [WorldRW AdminFull SystemFull CreatorFull]
  408. "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network" = r6 ; [WorldR AdminFull SystemFull CreatorFull SystemOpRWD PowerRWD]
  409. "SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards" = r5 ; [WorldR AdminFull SystemOpRWD SystemFull CreatorFull]
  410. "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib" = r4 ; [WorldR AdminFull SystemFull CreatorFull]
  411. "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports" = r16 ; [WorldRW AdminFull SystemFull CreatorFull]
  412. "SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" = r16 ; [WorldRW AdminFull SystemFull CreatorFull]
  413. "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones" = r7 ; [WorldR AdminFull SystemFull]
  414. "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Type 1 Installer\Type 1 Fonts" = r16 ; [WorldRW AdminFull SystemFull CreatorFull]
  415. "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" = r4 ; [WorldR AdminFull SystemFull CreatorFull]
  416. "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" = r5 ; [WorldR AdminFull SystemOpRWD SystemFull CreatorFull]
  417. "SOFTWARE\Microsoft\Windows NT\CurrentVersion\WOW" = r16 ; [WorldRW AdminFull SystemFull CreatorFull]
  420. ;;;;;;;
  421. ;
  422. ; HKEY_LOCAL_MACHINE\SYSTEM sepcial keys
  423. ;
  424. ;;;;;;;
  426. [HKLM.SYSTEM.SKIP]
  427. ;
  428. ; Subkeys of HKEY_LOCAL_MACHINE\SYSTEM that should not have a security
  429. ; descriptor applied to them.
  430. ;
  431. "SYSTEM\Clone"
  432. "SYSTEM\ControlSet001"
  433. "SYSTEM\ControlSet001"
  434. "SYSTEM\ControlSet002"
  435. "SYSTEM\ControlSet003"
  436. "SYSTEM\ControlSet004"
  437. "SYSTEM\ControlSet005"
  438. "SYSTEM\ControlSet006"
  439. "SYSTEM\ControlSet007"
  440. "SYSTEM\ControlSet008"
  441. "SYSTEM\ControlSet009"
  442. "SYSTEM\ControlSet010"
  445. [HKLM.SYSTEM.EXCEPTIONS]
  446. ;
  447. ; Subkeys of HKEY_LOCAL_MACHINE\SYSTEM that should have a security
  448. ; descriptor applied to them and their subkeys, that is differnet than
  449. ; the one applied to their parent keys.
  450. ;
  451. "SYSTEM\CurrentControlSet" = r4 ; [WorldR AdminFull SystemFull CreatorFull]
  452. "SYSTEM\CurrentControlSet\Control" = r5 ; [SystemOpRWD WorldR AdminFull SystemFull CreatorFull]
  453. "SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg" = r1 ; [AdminFull]
  455. "SYSTEM\CurrentControlSet\Control\Session Manager\Executive" = r11 ; [WorldR AdminFull SystemOpRW PowerRW SystemFull CreatorFull]
  456. "SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" = r7 ; [WorldR AdminFull SystemFull]
  458. "SYSTEM\CurrentControlSet\Control\GraphicsDrivers" = r7 ; [WorldR AdminFull SystemFull]
  459. "SYSTEM\CurrentControlSet\Control\Lsa" = r4 ; [WorldR AdminFull SystemFull CreatorFull]
  460. "SYSTEM\CurrentControlSet\Control\PriorityControl" = r16 ; [WorldRW AdminFull SystemFull CreatorFull]
  461. "SYSTEM\CurrentControlSet\Control\ProductOptions" = r4 ; [WorldR SystemFull AdminFull CreatorFull]
  462. "SYSTEM\CurrentControlSet\Control\TimeZoneInformation" = r11 ; [WorldR AdminFull SystemOpRW PowerRW SystemFull CreatorFull]
  463. "SYSTEM\CurrentControlSet\Control\Windows" = r8 ; [WorldR AdminFull SystemFull SystemOpRW]
  465. "SYSTEM\CurrentControlSet\Enum" = r15 ; [WorldR SystemFull]
  467. "SYSTEM\CurrentControlSet\Hardware Profiles" = r4 ; [WorldR AdminFull SystemFull CreatorFull]
  468. "SYSTEM\CurrentControlSet\Hardware Profiles\0001" = r4 ; [WorldR AdminFull SystemFull CreatorFull]
  469. "SYSTEM\CurrentControlSet\Hardware Profiles\0001\Software" = r18 ; [WorldRWD AdminFull SystemFull CreatorFull]
  470. "SYSTEM\CurrentControlSet\Hardware Profiles\0001\System" = r13 ; [WorldR AdminRWD SystemFull]
  471. "SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet" = r4 ; [WorldR AdminFull SystemFull CreatorFull]
  472. "SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control" = r5 ; [SystemOpRWD WorldR AdminFull SystemFull CreatorFull]
  473. "SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum" = r5 ; [SystemOpRWD WorldR AdminFull SystemFull CreatorFull]
  474. "SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Services" = r5 ; [SystemOpRWD WorldR AdminFull SystemFull CreatorFull]
  476. "SYSTEM\CurrentControlSet\Services" = r5 ; [WorldR AdminFull SystemOpRWD SystemFull CreatorFull]
  477. "SYSTEM\CurrentControlSet\Services\EventLog" = r4 ; [WorldR AdminFull SystemFull CreatorFull]
  478. "SYSTEM\CurrentControlSet\Services\WinTrust" = r7 ; [AdminFull SystemFull WorldR]
  480. "SYSTEM\Select" = r4 ; [WorldR AdminFull SystemFull CreatorFull]
  482. "SYSTEM\Setup" = r4 ; [WorldR AdminFull SystemFull CreatorFull]
  485. ;;;;;;;
  486. ;
  487. ; HKEY_CLASSES_ROOT sepcial keys
  488. ;
  489. ;;;;;;;
  491. [HKCR.SKIP]
  492. ;
  493. ; Subkeys of HKEY_CLASSES_ROOT that should not
  494. ; have security descriptors applied to them.
  495. ;
  497. [HKCR.EXCEPTIONS]
  498. ;
  499. ; Subkeys of HKEY_CLASSES_ROOT that should have security descriptors
  500. ; that are different than the ones applied to the parent key.
  501. ;
  502. "helpfile" = r4 ; [WorldR AdminFull SystemFull CreatorFull]
  503. ".hlp" = r4 ; [WorldR AdminFull SystemFull CreatorFull]
  507. @*: [UpgradePhase1RootKeys]
  508. @*: ; This section specifies the security descriptors to be applied to
  509. @*: ; certain keys on the upgrade case.
  510. @*: ; The format of each line in this section is the same as the format
  511. @*: ; defined for [Phase1RootKeys] section
  512. @*: ;
  513. @*:
  514. @*:
  515. @*:
  516. @*: ;;;;;;;
  517. @*: ;
  518. @*: ; HKEY_CURRENT_USER (DEFAULT hive) sepcial keys
  519. @*: ;
  520. @*: ;;;;;;;
  521. @*:
  522. @*: [UPGRADE.HKCU.SKIP]
  523. @*: ;
  524. @*: ; Subkeys of HKEY_CURRENT_USER that should not
  525. @*: ; have security descriptors applied to them.
  526. @*: ;
  527. @*:
  528. @*: [UPGRADE.HKCU.EXCEPTIONS]
  529. @*: ;
  530. @*: ; Subkeys of HKEY_CLASSES_ROOT that should have a security
  531. @*: ; descriptor applied to them and their subkeys, that is differnet than
  532. @*: ; the one applied to their parent keys.
  533. @*: ;
  534. @*:
  535. @*:
  536. @*:
  537. @*: [UpgradePhase2RootKeys]
  538. @*: ; This section specifies the security descriptors to be applied to
  539. @*: ; certain keys on the upgrade case.
  540. @*: ; The format of each line in this section is the same as the format
  541. @*: ; defined for [Phase1RootKeys] section
  542. @*: ;
  543. @*:
  544. @*:
  545. @*: ;;;;;;;
  546. @*: ;
  547. @*: ; HKEY_LOCAL_MACHINE\SOFTWARE sepcial keys
  548. @*: ;
  549. @*: ;;;;;;;
  550. @*:
  551. @*: [UPGRADE.HKLM.SOFTWARE.SKIP]
  552. @*: ;
  553. @*: ; Subkeys of HKEY_LOCAL_MACHINE\SOFTWARE that should not have a security
  554. @*: ; descriptor applied to them.
  555. @*: ;
  556. @*:
  557. @*:
  558. @*: [UPGRADE.HKLM.SOFTWARE.EXCEPTIONS]
  559. @*: ;
  560. @*: ; Subkeys of HKEY_LOCAL_MACHINE\SOFTWARE that should have a security
  561. @*: ; descriptor applied to them and their subkeys, that is differnet than
  562. @*: ; the one applied to their parent keys.
  563. @*: ;
  564. @*:
  565. @*: ;;;;;;;
  566. @*: ;
  567. @*: ; HKEY_LOCAL_MACHINE\SYSTEM sepcial keys
  568. @*: ;
  569. @*: ;;;;;;;
  570. @*:
  571. @*: [UPGRADE.HKLM.SYSTEM.SKIP]
  572. @*: ;
  573. @*: ; Subkeys of HKEY_LOCAL_MACHINE\SYSTEM that should not have a security
  574. @*: ; descriptor applied to them.
  575. @*: ;
  576. @*:
  577. @*: [UPGRADE.HKLM.SYSTEM.EXCEPTIONS]
  578. @*: ;
  579. @*: ; Subkeys of HKEY_LOCAL_MACHINE\SYSTEM that should have a security
  580. @*: ; descriptor applied to them and their subkeys, that is differnet than
  581. @*: ; the one applied to their parent keys.
  582. @*: ;
  583. @*:
  584. @*: ;;;;;;;
  585. @*: ;
  586. @*: ; HKEY_CLASSES_ROOT sepcial keys
  587. @*: ;
  588. @*: ;;;;;;;
  589. @*:
  590. @*: [UPGRADE.HKCR.SKIP]
  591. @*: ;
  592. @*: ; Subkeys of HKEY_CLASSES_ROOT that should not
  593. @*: ; have security descriptors applied to them.
  594. @*: ;
  595. @*:
  596. @*: [UPGRADE.HKCR.EXCEPTIONS]
  597. @*: ;
  598. @*: ; Subkeys of HKEY_CLASSES_ROOT that should have security descriptors
  599. @*: ; that are different than the ones applied to the parent key.
  600. @*: ;
  601. @*:
  602. @*: