ACL Security in Windows Vista

A posting on TechNet (by Jesper Johansson) discusses Vista Security changes. Jesper points out a few Vista changes that try to deal with ACL problems:

  • Accounts created during setup become administrators programs execute with Ambient Authority (administrative privileges, with free access to the file system.
  • Default ACLs includes ACL entries for Everyone, Power Users, etc, this includes the default ACL for C:\  gave Read and Create access to Everyone.
  • Limitations exist on ACLs to assign permissions to the an object that changes owner - permissions were not transferred.
  • Owners have implicit rights to an object, no matter what permissions they need.

Read the full posting  

Kenneth Hamer-Hodges