NTFS permissions and how they are changed
I would like to know what are the default NTFS permissions for the Windows folder in Windows XP, and I can't seem to find that information anywhere from Microsoft's TechNet or support knowledgebase.
Does anyone know where to find this info? More precisely I'm interested in a couple of a specific subfolders in the Windows folder:
-WindowsDebugUserMode
-WindowsDebugWPD
-WindowspchealthErrorRepQHEADLES
-WindowspchealthErrorRepQSIGNOFF
-WindowsRegistrationCRMLog
-Windowssystem32spoolPRINTERS
-WindowsTasks
-WindowsTemp
I know that generally the Windows folder has permissions that enabled admins/powerusers to write but users only to read, so that limited users cannot edit critical system files or add drivers to the system or things like that.
But, I ran AccessEnum on C:Windows the other day and according to AccessEnum, those folders in my list have permissions that grant users write access, allowing users to create and edit files.
Isn't this a bit problematic? Limited users can write in any of those folders according to AccessEnum, and that should mean any malware that gets to run under a limited user account can write into any of those folders, in spite of that fact that they are system critical folders and inside the Windows folder.
I would think that would be especially problematic in an enterprise setting, especially if there is a "whitelist" software restriction policy active, because then not only limited users could download files into those folders but also execute them, completely bypassing the protections.
Or is my thinking wrong somewhere along the line?
So what to do with those folders and their permissions? Are they not a security issue?
 (Source: https://support.microsoft.com/ph/1173)
Thanks!
NTFS permissions and how they are changed
Before, the commonly used file system on Microsoft Windows is either FAT or FAT32. I’m not sure if FAT can really be used on Windows but I know it is used on floppy disks most especially the FAT32 file system.
But when NTFS was introduced, it became the default file system on all Microsoft Windows operating systems and one of the reasons why it is now being used instead of the usual FAT or FAT32 is because with NTFS it is possible to assign permissions to different files and folders.
Each file and folder on an NTFS volume contains an Access Control List or ACL. This list contains entries for groups and individual user accounts mapped to their corresponding permissions.
When a user tries to access a resource, Windows checks the ACL if the user is listed and what level of permission is assigned. It doesn’t matter whether the user tries to access the resources on the hard drive or on a remote server.
To see the main NTFS permissions that can be assigned to files and folders, see Shared Folder and NTFS Permissions.
NTFS permissions and how they are changed
Security folder and file permissions give you some network security, but it doesn't secure your PC desktop. NTFS permissions, which can be set only on drives partitioned with NTFS, can be assigned to drives and folders, just like sharing permission.
To modify the permission of the file or folder, we need to go to its properties, and then the "security" tab.
Here we can see the "Access Control List" which shows us what our users can or not do on a particular file or folder. There are two columns. One is Allow and the other one is to deny.
You can see more details to edit NTFS permission by visiting.