archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
2.0 GiB
Tree: daad8a087a
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'daad8a087a'
${ noResults }
windows-xp/Source/XPSP1/NT/termsrv/admtools/c2config/inf/high/c2ntfacl.inf

566 lines
14 KiB
Raw Normal View History

Add source files
4 years ago
  1. ; * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
  2. ;
  3. ; File System ACL definition file
  4. ;
  5. ; Use this file to set the ACL's on files and directories to the desired
  6. ; security. The format of each entry is:
  7. ;
  8. ; [DirPath]
  9. ; Domain\Account = [Predefined Access | FileAccessString [, DirAccessString]]
  10. ;
  11. ; [FilePath]
  12. ; Domain\Account = [Predefined Access | FileAccessString]
  13. ;
  14. ; where:
  15. ;
  16. ; FilePath is the path of the file or directory to set. This is in the
  17. ; format of a file path name. The file path may contain environment
  18. ; variables (such as %systemroot%) which will be expanded on the
  19. ; system running tha application.
  20. ;
  21. ; the last item in the FilePath string may be a directory, file,
  22. ; wildcard file or an exclamation ("!"). In the case of an exclamation
  23. ; all files and sub-directories of the preceeding path will be set
  24. ; to the specified security.
  25. ;
  26. ; for example:
  27. ;
  28. ; [%systemroot%\system32\!]
  29. ;
  30. ; would assign the security description of that section
  31. ; to all files and sub-directories UNDER the
  32. ; %systemroot\system32 directory as well as to the
  33. ; %systemroot\system32 directory itself. To assign
  34. ; security to just the files in that directory ,
  35. ; an entry such as the following would be needed:
  36. ;
  37. ; [%systemroot%\system32\*.*]
  38. ;
  39. ;
  40. ; Domain\Account
  41. ; specifies the account to recieve the specified access for that
  42. ; file. Account may be an account or a group. For Example to give
  43. ; permissions to all administrator accounts, the:
  44. ;
  45. ; BUILTIN\Administrators
  46. ;
  47. ; would be the correct entry.
  48. ;
  49. ; access string is defined as one of the following:
  50. ;
  51. ; a combination of access chars
  52. ;
  53. ; access
  54. ; char File Access Dir Access
  55. ; ---- ---------------- ----------------
  56. ; R = Read Data List Directory
  57. ; W = Write Data Add File
  58. ; X = Execute File Traverse Directory
  59. ; D = Delete Delete
  60. ; P = Change Perms Change Perms
  61. ; O = Take Ownership Take Ownership
  62. ;
  63. ; e.g. SYSTEM = RWXD
  64. ;
  65. ;
  66. ; there are also some predefined combination access keys:
  67. ;
  68. ; NONE = no access
  69. ; ALL = RWXDPO
  70. ;
  71. ; Standard Directory & File access references are:
  72. ;
  73. ; Access Access Granted
  74. ; Name (Dir)(File)
  75. ; ----------- ------------------
  76. ; FullControl = (ALL)(ALL)
  77. ; Change = (RWXD)(RWXD)
  78. ; AddRead = (RWX)(RX)
  79. ; Read = (RX)(RX)
  80. ; Add = (WX)(none specified)
  81. ; List = (RX)(none specified)
  82. ; NoAccess = (NONE)(NONE)
  83. ;
  84. ;
  85. ; * * * * * * * * * * * * N O T E * * * * * * * * * * * * * * * * *
  86. ;
  87. ; For correct application of the access control, the more restrictive
  88. ; access entries must be placed ahead of (on top of) the more permissive
  89. ; access. The correct "sort" order would be:
  90. ;
  91. ; NoAccess, List, Add, Read, AddRead, Change, FullControl
  92. ;
  93. ;
  94. ; * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
  95. ;
  96. ; NOTE: the security items are applied from the top of the file to the
  97. ; bottom. Because of that, top level directory entries with more re-
  98. ; strictive security should be at the top of the file and less restric-
  99. ; tive entries to specific users and/or specific files should be listed
  100. ; next.
  101. ;
  102. ; * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
  105. ; remove access for Everyone for whole drive
  107. [%SystemDrive%\!]
  108. BUILTIN\Administrators = FullControl
  109. SYSTEM = FullControl
  111. [%SystemDrive%\]
  112. BUILTIN\Users = List
  113. ;Anonymous = List
  114. BUILTIN\Administrators = FullControl
  115. SYSTEM = FullControl
  117. [%SystemDrive%\*.*]
  118. BUILTIN\Users = R
  119. ;Anonymous = R
  120. BUILTIN\Administrators = FullControl
  121. SYSTEM = FullControl
  123. [%SystemDrive%\IO.SYS]
  124. BUILTIN\Administrators = FullControl
  125. SYSTEM = FullControl
  127. [%SystemDrive%\MSDOS.SYS]
  128. BUILTIN\Administrators = FullControl
  129. SYSTEM = FullControl
  131. [%SystemDrive%\BOOT.INI]
  132. BUILTIN\Administrators = FullControl
  133. SYSTEM = FullControl
  135. [%SystemDrive%\NTDETECT.COM]
  136. BUILTIN\Administrators = FullControl
  137. SYSTEM = FullControl
  139. [%SystemDrive%\NTLDR.]
  140. BUILTIN\Administrators = FullControl
  141. SYSTEM = FullControl
  143. [%SystemDrive%\AUTOEXEC.BAT]
  144. BUILTIN\Administrators = FullControl
  145. SYSTEM = FullControl
  147. [%SystemDrive%\CONFIG.SYS]
  148. BUILTIN\Administrators = FullControl
  149. SYSTEM = FullControl
  151. [%SystemDrive%\TEMP\!]
  152. BUILTIN\Users = RWX
  153. ;Anonymous = RWX
  154. CREATOR OWNER= RWXD, RWD
  155. BUILTIN\Administrators = FullControl
  156. SYSTEM = FullControl
  158. ;[%SystemDrive%\USERS\!]
  159. ;BUILTIN\Users = R
  160. ;Anonymous = R
  161. ;CREATOR OWNER= RWXD, RWD
  162. ;BUILTIN\Administrators = FullControl
  163. ;SYSTEM = FullControl
  165. ;[%SystemDrive%\USERS\DEFAULT\!]
  166. ;BUILTIN\Users = RWD, RWD
  167. ;Anonymous = RWD, RWD
  168. ;CREATOR OWNER= RWXD, RWD
  169. ;SYSTEM = FullControl
  170. ;BUILTIN\Administrators = FullControl
  172. ;[%SystemDrive%\WIN32APP\!]
  173. ;SYSTEM = FullControl
  174. ;BUILTIN\Administrators = FullControl
  176. [%SystemRoot%\!]
  177. BUILTIN\Users = R
  178. ;Anonymous = R
  179. BUILTIN\Administrators = FullControl
  180. SYSTEM = FullControl
  182. ;cannot deny users since it breaks WIN16 apps
  183. ;[%SystemRoot%]
  184. ;BUILTIN\Administrators = FullControl
  185. ;SYSTEM = FullControl
  187. [%SystemRoot%\*.*]
  188. BUILTIN\Users = R
  189. ;Anonymous = R
  190. BUILTIN\Administrators = FullControl
  191. SYSTEM = FullControl
  193. [%SystemRoot%\*.INI]
  194. BUILTIN\Users = READ
  195. ;Anonymous = READ
  196. BUILTIN\Administrators = FullControl
  197. SYSTEM = FullControl
  199. [%SystemRoot%\EXPLORER.EXE]
  200. BUILTIN\Users = Read
  201. ;Anonymous = Read
  202. BUILTIN\Administrators = FullControl
  203. SYSTEM = FullControl
  205. [%SystemRoot%\HELP\]
  206. BUILTIN\Users = Change
  207. ;Anonymous = Change
  208. BUILTIN\Administrators = FullControl
  209. SYSTEM = FullControl
  211. [%SystemRoot%\REPAIR\!]
  212. BUILTIN\Administrators = FullControl
  214. [%SystemRoot%\SYSTEM\*.*]
  215. BUILTIN\Users = R
  216. ;Anonymous = R
  217. BUILTIN\Administrators = FullControl
  218. SYSTEM = FullControl
  220. ;[%SystemRoot%\SYSTEM\*.exe]
  221. ;BUILTIN\Administrators = FullControl
  222. ;SYSTEM = FullControl
  224. [%SystemRoot%\SYSTEM32\*.*]
  225. BUILTIN\Users = R
  226. ;Anonymous = R
  227. BUILTIN\Administrators = FullControl
  228. SYSTEM = FullControl
  230. [%SystemRoot%\SYSTEM32\*.dll]
  231. BUILTIN\Users = Read
  232. ;Anonymous = Read
  233. BUILTIN\Administrators = FullControl
  234. SYSTEM = FullControl
  236. [%SystemRoot%\SYSTEM32\*.drv]
  237. BUILTIN\Users = Read
  238. ;Anonymous = Read
  239. BUILTIN\Administrators = FullControl
  240. SYSTEM = FullControl
  242. [%SystemRoot%\SYSTEM32\*.exe]
  243. BUILTIN\Administrators = FullControl
  244. SYSTEM = FullControl
  246. [%SystemRoot%\SYSTEM32\AUTOEXEC.NT]
  247. BUILTIN\Users = READ
  248. ;Anonymous = READ
  249. BUILTIN\Administrators = FullControl
  250. SYSTEM = FullControl
  252. [%SystemRoot%\SYSTEM32\CMOS.RAM]
  253. BUILTIN\Users = R W
  254. ;Anonymous = R W
  255. BUILTIN\Administrators = FullControl
  256. SYSTEM = FullControl
  258. [%SystemRoot%\SYSTEM32\CONFIG]
  259. BUILTIN\Administrators = FullControl
  260. BUILTIN\Users = List
  261. ;Anonymous = List
  262. SYSTEM = FullControl
  264. [%SystemRoot%\SYSTEM32\CONFIG\*.*]
  265. BUILTIN\Administrators = FullControl
  266. SYSTEM = Fullontrol
  268. [%SystemRoot%\SYSTEM32\DHCP\!]
  269. BUILTIN\Administrators = FullControl
  270. SYSTEM = FullControl
  272. [%SystemRoot%\SYSTEM32\DRIVERS\!]
  273. BUILTIN\Users = Read
  274. ;Anonymous = Read
  275. BUILTIN\Administrators = FullControl
  276. SYSTEM = FullControl
  278. [%SystemRoot%\SYSTEM32\OS2\!]
  279. BUILTIN\Administrators = FullControl
  280. SYSTEM = FullControl
  282. [%SystemRoot%\SYSTEM32\RAS]
  283. BUILTIN\Administrators = FullControl
  284. SYSTEM = FullControl
  286. [%SystemRoot%\SYSTEM32\RAS\*.*]
  287. BUILTIN\Administrators = FullControl
  288. SYSTEM = FullControl
  290. [%SystemRoot%\SYSTEM32\REPL\!]
  291. BUILTIN\Administrators = FullControl
  292. SYSTEM = FullControl
  294. [%SystemRoot%\SYSTEM32\REPL\EXPORT]
  295. BUILTIN\Administrators = FullControl
  296. SYSTEM = FullControl
  298. [%SystemRoot%\SYSTEM32\REPL\EXPORT\*.*]
  299. BUILTIN\Administrators = FullControl
  300. SYSTEM = FullControl
  302. [%SystemRoot%\SYSTEM32\REPL\EXPORT\SCRIPTS]
  303. BUILTIN\Administrators = FullControl
  304. SYSTEM = FullControl
  306. [%SystemRoot%\SYSTEM32\REPL\EXPORT\SCRIPTS\*.*]
  307. BUILTIN\Administrators = FullControl
  308. SYSTEM = FullControl
  310. [%SystemRoot%\SYSTEM32\REPL\IMPORT]
  311. BUILTIN\Administrators = FullControl
  312. SYSTEM = FullControl
  314. [%SystemRoot%\SYSTEM32\REPL\IMPORT\*.*]
  315. BUILTIN\Administrators = FullControl
  316. SYSTEM = FullControl
  318. [%SystemRoot%\SYSTEM32\REPL\IMPORT\SCRIPTS]
  319. BUILTIN\Administrators = FullControl
  320. SYSTEM = FullControl
  322. [%SystemRoot%\SYSTEM32\REPL\IMPORT\SCRIPTS\*.*]
  323. BUILTIN\Administrators = FullControl
  324. SYSTEM = FullControl
  326. [%SystemRoot%\SYSTEM32\SPOOL\!]
  327. BUILTIN\Users = Read
  328. ;Anonymous = Read
  329. BUILTIN\Administrators = FullControl
  330. SYSTEM = FullControl
  332. [%SystemRoot%\SYSTEM32\WINS\!]
  333. BUILTIN\Administrators = FullControl
  334. SYSTEM = FullControl
  336. [%SystemRoot%\SYSTEM32\*.exe]
  337. BUILTIN\Administrators = FullControl
  338. SYSTEM = FullControl
  340. [%SystemRoot%\SYSTEM32\APPEND.EXE ]
  341. BUILTIN\Users = Read
  342. ;Anonymous = Read
  343. BUILTIN\Administrators = FullControl
  344. SYSTEM = FullControl
  346. [%SystemRoot%\SYSTEM32\arevfix.com ]
  347. BUILTIN\Users = Read
  348. ;Anonymous = Read
  349. BUILTIN\Administrators = FullControl
  350. SYSTEM = FullControl
  352. [%SystemRoot%\SYSTEM32\CALC.EXE ]
  353. BUILTIN\Users = Read
  354. ;Anonymous = Read
  355. BUILTIN\Administrators = FullControl
  356. SYSTEM = FullControl
  358. [%SystemRoot%\SYSTEM32\CHCP.COM ]
  359. BUILTIN\Users = Read
  360. ;Anonymous = Read
  361. BUILTIN\Administrators = FullControl
  362. SYSTEM = FullControl
  364. [%SystemRoot%\SYSTEM32\CHGCDM.EXE ]
  365. BUILTIN\Users = Read
  366. ;Anonymous = Read
  367. BUILTIN\Administrators = FullControl
  368. SYSTEM = FullControl
  370. [%SystemRoot%\SYSTEM32\CLOCK.EXE ]
  371. BUILTIN\Users = Read
  372. ;Anonymous = Read
  373. BUILTIN\Administrators = FullControl
  374. SYSTEM = FullControl
  376. [%SystemRoot%\SYSTEM32\COMMAND.COM ]
  377. BUILTIN\Users = Read
  378. ;Anonymous = Read
  379. BUILTIN\Administrators = FullControl
  380. SYSTEM = FullControl
  382. [%SystemRoot%\SYSTEM32\doskbd.exe ]
  383. BUILTIN\Users = Read
  384. ;Anonymous = Read
  385. BUILTIN\Administrators = FullControl
  386. SYSTEM = FullControl
  388. [%SystemRoot%\SYSTEM32\DOSKEY.EXE ]
  389. BUILTIN\Users = Read
  390. ;Anonymous = Read
  391. BUILTIN\Administrators = FullControl
  392. SYSTEM = FullControl
  394. [%SystemRoot%\SYSTEM32\DOSX.EXE ]
  395. BUILTIN\Users = Read
  396. ;Anonymous = Read
  397. BUILTIN\Administrators = FullControl
  398. SYSTEM = FullControl
  400. [%SystemRoot%\SYSTEM32\FREECELL.EXE]
  401. BUILTIN\Users = Read
  402. ;Anonymous = Read
  403. BUILTIN\Administrators = FullControl
  404. SYSTEM = FullControl
  406. [%SystemRoot%\SYSTEM32\GDI.EXE ]
  407. BUILTIN\Users = Read
  408. ;Anonymous = Read
  409. BUILTIN\Administrators = FullControl
  410. SYSTEM = FullControl
  412. [%SystemRoot%\SYSTEM32\HELP.EXE ]
  413. BUILTIN\Users = Read
  414. ;Anonymous = Read
  415. BUILTIN\Administrators = FullControl
  416. SYSTEM = FullControl
  418. [%SystemRoot%\SYSTEM32\KB16.COM ]
  419. BUILTIN\Users = Read
  420. ;Anonymous = Read
  421. BUILTIN\Administrators = FullControl
  422. SYSTEM = FullControl
  424. ;[%SystemRoot%\SYSTEM32\KBDSEL.EXE ]
  425. ;BUILTIN\Users = Read
  426. ;Anonymous = Read
  427. ;BUILTIN\Administrators = FullControl
  428. ;SYSTEM = FullControl
  430. [%SystemRoot%\SYSTEM32\KEYB.COM ]
  431. BUILTIN\Users = Read
  432. ;Anonymous = Read
  433. BUILTIN\Administrators = FullControl
  434. SYSTEM = FullControl
  436. [%SystemRoot%\SYSTEM32\KRNL386.EXE ]
  437. BUILTIN\Users = Read
  438. ;Anonymous = Read
  439. BUILTIN\Administrators = FullControl
  440. SYSTEM = FullControl
  442. [%SystemRoot%\SYSTEM32\LOADFIX.COM ]
  443. BUILTIN\Users = Read
  444. ;Anonymous = Read
  445. BUILTIN\Administrators = FullControl
  446. SYSTEM = FullControl
  448. [%SystemRoot%\SYSTEM32\logoff.exe ]
  449. BUILTIN\Users = Read
  450. ;Anonymous = Read
  451. BUILTIN\Administrators = FullControl
  452. SYSTEM = FullControl
  454. [%SystemRoot%\SYSTEM32\MORE.COM ]
  455. BUILTIN\Users = Read
  456. ;Anonymous = Read
  457. BUILTIN\Administrators = FullControl
  458. SYSTEM = FullControl
  460. [%SystemRoot%\SYSTEM32\MSCDEXNT.EXE]
  461. BUILTIN\Users = Read
  462. ;Anonymous = Read
  463. BUILTIN\Administrators = FullControl
  464. SYSTEM = FullControl
  466. [%SystemRoot%\SYSTEM32\NLSFUNC.EXE ]
  467. BUILTIN\Users = Read
  468. ;Anonymous = Read
  469. BUILTIN\Administrators = FullControl
  470. SYSTEM = FullControl
  472. [%SystemRoot%\SYSTEM32\NTVDM.EXE ]
  473. BUILTIN\Users = Read
  474. ;Anonymous = Read
  475. BUILTIN\Administrators = FullControl
  476. SYSTEM = FullControl
  478. [%SystemRoot%\SYSTEM32\NW16.EXE ]
  479. BUILTIN\Users = Read
  480. ;Anonymous = Read
  481. BUILTIN\Administrators = FullControl
  482. SYSTEM = FullControl
  484. [%SystemRoot%\SYSTEM32\PBRUSH.EXE ]
  485. BUILTIN\Users = Read
  486. ;Anonymous = Read
  487. BUILTIN\Administrators = FullControl
  488. SYSTEM = FullControl
  490. [%SystemRoot%\SYSTEM32\REDIR.EXE ]
  491. BUILTIN\Users = Read
  492. ;Anonymous = Read
  493. BUILTIN\Administrators = FullControl
  494. SYSTEM = FullControl
  496. [%SystemRoot%\SYSTEM32\SHARE.EXE ]
  497. BUILTIN\Users = Read
  498. ;Anonymous = Read
  499. BUILTIN\Administrators = FullControl
  500. SYSTEM = FullControl
  502. [%SystemRoot%\SYSTEM32\SOL.EXE ]
  503. BUILTIN\Users = Read
  504. ;Anonymous = Read
  505. BUILTIN\Administrators = FullControl
  506. SYSTEM = FullControl
  508. [%SystemRoot%\SYSTEM32\SORT.EXE ]
  509. BUILTIN\Users = Read
  510. ;Anonymous = Read
  511. BUILTIN\Administrators = FullControl
  512. SYSTEM = FullControl
  514. [%SystemRoot%\SYSTEM32\USER.EXE ]
  515. BUILTIN\Users = Read
  516. ;Anonymous = Read
  517. BUILTIN\Administrators = FullControl
  518. SYSTEM = FullControl
  520. [%SystemRoot%\SYSTEM32\USERINIT.EXE]
  521. BUILTIN\Users = Read
  522. ;Anonymous = Read
  523. BUILTIN\Administrators = FullControl
  524. SYSTEM = FullControl
  526. [%SystemRoot%\SYSTEM32\VWIPXSPX.EXE]
  527. BUILTIN\Users = Read
  528. ;Anonymous = Read
  529. BUILTIN\Administrators = FullControl
  530. SYSTEM = FullControl
  532. [%SystemRoot%\SYSTEM32\wfshell.exe ]
  533. BUILTIN\Users = Read
  534. ;Anonymous = Read
  535. BUILTIN\Administrators = FullControl
  536. SYSTEM = FullControl
  538. [%SystemRoot%\SYSTEM32\WIN.COM ]
  539. BUILTIN\Users = Read
  540. ;Anonymous = Read
  541. BUILTIN\Administrators = FullControl
  542. SYSTEM = FullControl
  544. [%SystemRoot%\SYSTEM32\winhlp32.exe]
  545. BUILTIN\Users = Read
  546. ;Anonymous = Read
  547. BUILTIN\Administrators = FullControl
  548. SYSTEM = FullControl
  550. [%SystemRoot%\SYSTEM32\WINMINE.EXE ]
  551. BUILTIN\Users = Read
  552. ;Anonymous = Read
  553. BUILTIN\Administrators = FullControl
  554. SYSTEM = FullControl
  556. [%SystemRoot%\SYSTEM32\WOWEXEC.EXE ]
  557. BUILTIN\Users = Read
  558. ;Anonymous = Read
  559. BUILTIN\Administrators = FullControl
  560. SYSTEM = FullControl
  562. [%SystemRoot%\SYSTEM32\SYSTRAY.EXE ]
  563. BUILTIN\Users = Read
  564. ;Anonymous = Read
  565. BUILTIN\Administrators = FullControl
  566. SYSTEM = FullControl