After you run the Convert.exe utility on an installation of
Windows XP Professional or on Windows XP Home Edition, the All
Users folder and all subfolders (that is, the folders with inheritable
permissions) show only the following permissions:
Everyone: by default, all items (including Full
Control) are selected.
Convert.exe is used to convert the file system from FAT32
to the NTFS file system. During the conversion process, Convert.exe uses the
Setup Security.inf file in the C:\Windows\Security\Templates folder to apply
security settings to the partition. The Setup Security.inf file is created
during Windows XP setup. If the OS was installed on a FAT32 partition, the file
security settings will differ from an installation on an NTFS partition. This
difference causes the problem.
Microsoft
has confirmed that this is a problem in the Microsoft products that are listed
at the beginning of this article.
Note if you purchased your computer from an original equipment
manufacturer (OEM), Microsoft has investigated this problem and is working
directly with OEMs to provide a solution.
With a manual installation of Windows XP Professional or
Windows XP Home Edition, the default permissions of the All
Users folder and all the subfolders that have inheritable permissions
are as follows:
•
Administrators: All items (including Full
Control) are selected.
•
Everyone: Read and Execute, List Folder
Contents, and Read are selected.
•
Power Users: All items except Full Control
are selected.
•
System: All items (including Full Control)
are selected.
•
Users: Read&Execute, List Folder
Contents, and Read are selected.
Microsoft has reviewed the security settings that are
defined in the Setup Security.inf file that is mentioned earlier in this
article. As a result of that review, please note the following points:
•
The following directories were determined to have special
access control lists (ACLs) set incorrectly, or not set at all.
•
The following directories also have a corresponding list of
appropriate special ACLs that are based on a review of NTFS permissions on a
natively configured NTFS system.
•
Not all of the following directories are necessarily
present on every system. Many directories are pertinent to specific components
that may not be installed.
Documents and Settings System and Administrator: Full
Users, Power Users, and Everyone: Read and Execute
•
Documents and Settings\username
System and Administrator: Full User: Full
•
Documents and Settings\Default User Inherited from
"Documents and Settings"
•
Documents and Settings\All Users System and Administrator:
Full
•
Users and Everyone: Read and Execute
•
Documents and Settings\All Users\Desktop Inherited from
"All Users"
•
Documents and Settings\All Users\Favorite Inherited from
"All Users"
•
Documents and Settings\All Users\Start Menu Inherited from
"All Users"
•
Documents and Settings\All Users\Template Inherited from
"All Users"
•
Documents and Settings\All Users\Shared Documents System
and Administrator: Full
•
Creator Owner: Full
•
Power Users: Modify
•
Users: Read, Execute and Write
•
Documents and Settings\All Users\Application Data Same as
"All Users\Documents"
•
...Application Data\Microsoft\Network\Downloader:
•
Full access to LocalSystem
•
Full access to Local Administrators Note: Inherited ACLs are enabled.
•
%allusersprofile%\Start
menu\Programs\Accessories (and all of the link files and subfolders underneath
it) Inherited from %allusersprofile%\Start
menu\Programs
•
%allusersprofile%\Start
menu\Programs\Startup Inherited from
%allusersprofile%\Start menu\Programs
%allusersprofile%\Start
menu\Programs Administrator: Full
•
Everyone: Read and Execute, List Folder contents
•
Power Users: Everything but Full Control
•
System: Full Control
•
Users: Read and Execute, List Folder contents
•
Note Everyone has the right to view this file. Only Power Users and
Administrators have the privilege to change these folders or files.
%allusersprofile%\Start
menu\Programs\Accessories (and all of the link files and subfolders underneath
it) Inherited from %allusersprofile%\Start
menu\Programs %allusersprofile%\Start
menu\Programs\Startup Inherited from
%allusersprofile%\Start menu\Programs
To correct the ACLs that are listed for the specified
directories in this article, and to correct any additional incorrect settings
that the user may have found, you can use the Cacls.exe utility. The Cacls.exe
utility (included in systemroot\System32 folder) is a tool designed for
modifying permissions (access control lists [ACLs]) of NTFS files and folders.
For additional
information about the correct use of the Cacls.exe utility, click the following
article number to view the article in the Microsoft Knowledge Base:
318754 (http://support.microsoft.com/kb/318754/EN-US/)
HOW TO: Use Xcacls.exe to Modify NTFS Permissions
Need More Help? Contact a Support professional by Email, Online or Phone.
Customer Service For non-technical assistance with product purchases, subscriptions, online services, events, training courses, corporate sales, piracy issues, and more.
Newsgroups Pose a question to other users. Discussion groups and Forums about specific Microsoft products, technologies, and services.
Help and Support
Back to the top
