• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Windows 7 standard user able to delete read-only files

T

tcsenter

Lifer
WTH? I don't remember limited users being able to do this on Windows XP.

I am rebuilding a PC for someone and have created a restore partition to hold a few system images that I created. Using the password protected Admin account, I set the image files to be read-only. But under the standard user account, I am able to delete these files without any admin prompt. Just click 'delete', I get the 'are you sure?' prompt, to which I click yes, and that's it - deleted!

I checked the privileges for these file but users only have read and execute privileges, not modify, write, or full control. How do I keep standard users from deleting these files?
 
That didn't work, either! I can still delete them and/or the parent directory.

The only thing I can think of is that "authenticated users" have modify permissions on the directory and files. Do these get applied to standard users? I thought authenticated users required things like smart cards, biometric security, or were remote administration users? There isn't even a password set for the standard user account that I've setup.

This was a clean install of Win7 HP FPP (retail), no upgraded settings or migrated permissions from an older installation.
 
Last edited:
Why don't you just deny delete for the required user on the file you are trying to protect. Any local user on a windows box will be a member of both the everyone and authenticated users security groups
 
tcsenter said:
I am rebuilding a PC for someone and have created a restore partition to hold a few system images that I created. Using the password protected Admin account, I set the image files to be read-only. But under the standard user account, I am able to delete these files without any admin prompt. Just click 'delete', I get the 'are you sure?' prompt, to which I click yes, and that's it - deleted!
Click to expand...

If the restore partition isn't NTFS formatted then is no real pemission checking and the MS-DOS read only attribute can be easily bypassed by any user on the system. If you're using NFTS then whole permission situation is very complicated, you have to consider both the permissions that would allow the user to delete the file as well the permissions that would allow the user to change the permissions of file. In particular the owner of the file is always allowed to change the permisisons of the file.
 
semo said:
Why don't you just deny delete for the required user on the file you are trying to protect. Any local user on a windows box will be a member of both the everyone and authenticated users security groups
Click to expand...
That's what I did last night but couldn't follow up because the forums were down, and its working. Guess I hadn't played around enough with Vista's newer security/permission features to discover this until now. I've taken ownership of files/objects and changed effective permissions but never really tried to lock any files down on Vista and W7 before.

Funny, I have about four other boxes out there in the wild with the same recovery/restore partition setup and the image files marked read-only, thinking that was sufficient to deny standard users the ability to delete them. I didn't actually test it until now (I didn't expect it to be different from XP in this regard, where limited users cannot delete read-only files without providing the admin password). Oops!

The partition is NTFS. Thanks for all the responses!
 
Last edited:
tcsenter said:
Funny, I have about four other boxes out there in the wild with the same recovery/restore partition setup and the image files marked read-only, thinking that was sufficient to deny standard users the ability to delete them. I didn't actually test it until now (I didn't expect it to be different from XP in this regard, where limited users cannot delete read-only files without providing the admin password). Oops!
Click to expand...

The NTFS security model hasn't really hasn't changed much since Windows NT was released. Windows XP and Windows 7 use the same set of permssions. Limited users, like any user, can delete a read-only file on XP if that file gives them the "Delete" permission or is in a directory that gives them "Delete subfolers and files" permission. The simplified permission UI doesn't show these permissions seperately, so you can't always tell without using the advanced UI whether a file is actually deletable.
 
tcsenter said:
Funny, I have about four other boxes out there in the wild with the same recovery/restore partition setup and the image files marked read-only, thinking that was sufficient to deny standard users the ability to delete them.
Click to expand...


A better way to deal with it is how many of the Oem dealt with it. Hide the partition completely. The backup software can still access it but not users.
All you have to do is enable hpa on the drive and set it up with the software.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top