ACL Security in Windows Vista

A posting on TechNet (by Jesper Johansson) discusses Vista Security changes. Jesper points out a few Vista changes that try to deal with ACL problems:

  • Accounts created during setup become administrators programs execute with Ambient Authority (administrative privileges, with free access to the file system.
  • Default ACLs includes ACL entries for Everyone, Power Users, etc, this includes the default ACL for C:\  gave Read and Create access to Everyone.
  • Limitations exist on ACLs to assign permissions to the an object that changes owner - permissions were not transferred.
  • Owners have implicit rights to an object, no matter what permissions they need.

Read the full posting http://technet.microsoft.com/en-us/magazine/cc138011.aspx  

Kenneth Hamer-Hodges

 

Ken is an Independent Consultant in South Florida for secure cloud-based software and mobile access software. Graduated in the UK, developed the first Capability-Based Computers (PP-250), became a Charted Engineer, and awarded a Fellowship of the IEE (London). Partnered on a dozen patents developing Object Engineering fundamentals while working in UK, USA, Germany, and Belgium. Invitation speaker at conferences on Operating Systems and Communications.

Comments

Post a Comment