There is a program I use sometimes called Webroot Antispyware. It is a very good antimalware program, but here is the deal. If I visit their definitions folder, it has some kind of advanced permissions on it. I cannot change it via right click/properties in Windows, nor can I run Pete Romainges Attribute Changer program to change it. It seems to have an even more advanced lock-in than normal attributes, which is really confusing for me!
However, I can run Unlocker on it to move the files no problem. But the webroot definitions folder cannot be copied, pasted, cut, or anything involving moving it whatsoever EXCEPT by using Unlocker. This has be very intrigued. I would like to know how they set this advanced property? Is it magic? LOL
I believe it sets the owner to a permission level above yours, such as System, unlocker runs under system as well giving it permission to move the files around (This is just speculation, I don't have a definate answer for you, sorry!)
I believe it sets the owner to a permission level above yours, such as System, unlocker runs under system as well giving it permission to move the files around (This is just speculation, I don't have a definate answer for you, sorry!)
That would be weird though, because when I use it, I am in Admin account with full permissions.
How could it be a higher account level than mine?
That doesn't seem to make sense to me, haha!
Do you have any more information on it?
If there is an account higher than admin, I sure would love to know!
The system account and the administrator account (Administrators group) have the same file privileges, but they have different functions. The system account is used by the operating system and by services that run under Windows. There are many services and processes within Windows that need the capability to log on internally (for example during a Windows installation). The system account was designed for that purpose; it is an internal account, does not show up in User Manager, cannot be added to any groups, and cannot have user rights assigned to it. On the other hand, the system account does show up on an NTFS volume in File Manager in the Permissions portion of the Security menu. By default, the system account is granted full control to all files on an NTFS volume. Here the system account has the same functional privileges as the administrator account.
The system account is the same as the Admin account (which is kinda not what I said, but I meant it the way I'm about to explain)
It has the same rights as you- but it doesn't! It's used by the system to lock processes, start services, ect. It has "special" uses like that.
I found that a single use of the DOS command CACLS gives permanent access to what Windows normally denies.
I have used this to give :-
Myself FULL access to read and modify the contents of C:\System Volume Information ; and
All Users Read Access of the same.
This enables an All User startup script to get a list of all connected drive letters,
and to detect whether Windows has yet again started monitoring the drives I have forbidden.
I am averse to risk taking, so I make a partition image backup before doing this sort of tweak.
Do you have an example of a commandline in how it would look? I was looking up some of the commands online, but wanted to get a general idea how they work. Right now, I am thinking of trying a GUI version for that, but I'd love to know how the commandline looks too.
You can do an example path, if you want, just so I can see how to properly do it.
Do you have an example of a commandline in how it would look? I was looking up some of the commands online, but wanted to get a general idea how they work. Right now, I am thinking of trying a GUI version for that, but I'd love to know how the commandline looks too.
You can do an example path, if you want, just so I can see how to properly do it.
CACLS was all I had in XP, it is also in W7.
There are more powerful tools in W7 and Vista as well.
On XP I used Start > Run > CMD.EXE
and invoked two commands
CACLS C:\SYSTEM~1\_RESTO~1 /E /G Users:R
CACLS C:\SYSTEM~1_RESTO~1\d* /T /C /E /P Users:R
The first allows "Users" to do a directory listing showing Restore Point folders etc.
The second allows the Users's start-up script to execute
TYPE C:\SYSTEM~1\_RESTO~1\drivetable.txt | SORT | FIND /V "C:\" > %TEMP%\drivetable.txt
After which the script compared %TEMP%\drivetable.txt with a previously approved state,
and warned if System Restore monitoring had been extended over drives I had forbidden.
You will see all that can be done by
CACLS /?
BE CAREFUL.
Do the wrong thing and you may need to re-install Windows,
either immediately or later when a non-Admin user is able to do something they should be prohibited from.