G
Guest
How do you add a shortcut to everyones desktop? I no longer see an "All
Users" profile.
Users" profile.
J
Jimmy Brush
Hello,
The public desktop is located here:
C:\Users\Public\Desktop
The public desktop is located here:
C:\Users\Public\Desktop
J
Jimmy Brush
You're welcome.
I should also point out here that the hidden entry titled "All Users" inside
the users folder that is displayed with a shortcut icon is not actually a
folder.
It is a junction that points old programs that access it to the new location
(\Users\Public\Desktop). This is why if you double-click it, it says access
denied
. You will see many of these application-compatability junctions in
Windows Vista.
To find out what location they are pointing to, you can issue a "dir /al"
command in the command prompt - this command will show you the junctions in
the current directory and where they point to.
I should also point out here that the hidden entry titled "All Users" inside
the users folder that is displayed with a shortcut icon is not actually a
folder.
It is a junction that points old programs that access it to the new location
(\Users\Public\Desktop). This is why if you double-click it, it says access
denied
. You will see many of these application-compatability junctions inWindows Vista.
To find out what location they are pointing to, you can issue a "dir /al"
command in the command prompt - this command will show you the junctions in
the current directory and where they point to.
S
Saucy
When you unhide hidden files you may come across links to folders with the
old names such as "My Documents". You click on them and get an access denied
error. This is because these are a type symbolic link - they're there for
backward compatibility:
http://en.wikipedia.org/wiki/NTFS_symbolic_link
Don't ask me more, I don't know.
Saucy
old names such as "My Documents". You click on them and get an access denied
error. This is because these are a type symbolic link - they're there for
backward compatibility:
http://en.wikipedia.org/wiki/NTFS_symbolic_link
Don't ask me more, I don't know.
Saucy
A
Alexander Suhovey
Jimmy Brush said:I should also point out here that the hidden entry titled "All Users"
inside the users folder that is displayed with a shortcut icon is not
actually a folder.
It is a junction that points old programs that access it to the new
location (\Users\Public\Desktop). This is why if you double-click it, it
says access denied
application-compatability junctions in Windows Vista.
Hmm, I wonder why they did this one (All Users one pointing to C:\Program
Data) a symlink while others are 'just' junctions (hardlinks?).
T
Tom Lake
Jimmy Brush said:You're welcome.
I should also point out here that the hidden entry titled "All Users" inside the
users folder that is displayed with a shortcut icon is not actually a folder.
It is a junction that points old programs that access it to the new location
(\Users\Public\Desktop). This is why if you double-click it, it says access denied
Vista.
Thank you! I was going crazy trying to figure out why even Administrator
couldn't get in!
Tom Lake
D
Dale
Many of those inaccessable special folders really are accessable. They have
special permissions set so that you can't list the files and folders, and
therefore can't open the folder, but you can paste documents to the folder,
such as a shortcut you want on all users desktop instead of just your
desktop, by right-clicking on the file or shortcut and selecting copy or
cut, as appropriate, and then right-clicking on the special folder and
pressing paste.
Alternatively, you could change those special permissions to get access but
I wouldn't suggest it. There is plenty of existing functionality to use
those special folders so that you can do most things without incurring the
risks that the new permissions are trying to protect you from.
Dale
special permissions set so that you can't list the files and folders, and
therefore can't open the folder, but you can paste documents to the folder,
such as a shortcut you want on all users desktop instead of just your
desktop, by right-clicking on the file or shortcut and selecting copy or
cut, as appropriate, and then right-clicking on the special folder and
pressing paste.
Alternatively, you could change those special permissions to get access but
I wouldn't suggest it. There is plenty of existing functionality to use
those special folders so that you can do most things without incurring the
risks that the new permissions are trying to protect you from.
Dale
J
Jimmy Brush
Hmm, I wonder why they did this one (All Users one pointing to C:\Program
Good question... I have no idea. Junctions and directory symbolic links
should behave pretty much the same (neither are hard links, btw), but I do
wonder if there is some sort of behavioral difference that shows up under
certain circumstances that made MS decide to use one over the other for this
folder.
Good question... I have no idea. Junctions and directory symbolic links
should behave pretty much the same (neither are hard links, btw), but I do
wonder if there is some sort of behavioral difference that shows up under
certain circumstances that made MS decide to use one over the other for this
folder.
J
Jimmy Brush
Thank you! I was going crazy trying to figure out why even Administrator
The reason access is denied is to protect against faulty applications and
other side effects of having the same files inside of multiple folders.
Imagine the case of a backup utility backing up the same files multiple
times (when accessing them thru their real folder location and then a
junction), or the case of trying to delete just the junction but ending up
deleting all of the files inside of it.
There are also junctions that point back on themelves, creating a hall of
mirrors effect; this would drive most applications crazy.
The reason access is denied is to protect against faulty applications and
other side effects of having the same files inside of multiple folders.
Imagine the case of a backup utility backing up the same files multiple
times (when accessing them thru their real folder location and then a
junction), or the case of trying to delete just the junction but ending up
deleting all of the files inside of it.
There are also junctions that point back on themelves, creating a hall of
mirrors effect; this would drive most applications crazy.
J
Jimmy Brush
Agreed.
A
Alexander Suhovey
Jimmy Brush said:
Exactly.
As a side note, there seems to be some lack of documentation regarding
reparse points, junctions, symlinks and hardlinks. The shortest description
I found comes from blog entry comments on Scott Hanselman's site
http://www.hanselman.com/blog/Comme...a59c-8a16-4c8e-a4ef-fd6d5e64be99#commentstart
===========================================
Symbolic link in NTFS is same as symbolic link in UNIX.
Hard link in NTFS is same as hard link in UNIX.
Junction is similar to symbol links for directories only.
Symbolic links are the only links that work on both files and directories.
Symlinks and hardlinks have the same POSIX semantics as in UNIX. Junctions
behave like classical NTFS using reparse points. (Symbolic links might also
be based on reparse points)
============================================
A
Alexander Suhovey
Jimmy Brush said:
Exactly.
As a side note, there seems to be some lack of documentation regarding
reparse points, junctions, symlinks and hardlinks. The shortest description
I found comes from blog entry comments on Scott Hanselman's site
http://www.hanselman.com/blog/Comme...a59c-8a16-4c8e-a4ef-fd6d5e64be99#commentstart
===========================================
Symbolic link in NTFS is same as symbolic link in UNIX.
Hard link in NTFS is same as hard link in UNIX.
Junction is similar to symbol links for directories only.
Symbolic links are the only links that work on both files and directories.
Symlinks and hardlinks have the same POSIX semantics as in UNIX. Junctions
behave like classical NTFS using reparse points. (Symbolic links might also
be based on reparse points)
============================================
S
Saucy
OK. What I don't understand is:
I read these "junction points" or whatever they are, that show up as links
to folders with the old names e.g. "My Documents", are there for 'backward
compatibility'.
Now if one clicks on them one gets an access denied. However if one "drags
'n drops" a document onto the link, the document gets sent to the right
place i.e. if I create a document and save it on the Desktop, then open
Explorer, then drag it onto the junction point named "My Documents", it will
show up in "Documents".
How is it that I can drag and drop to on it properly, but not just click on
it and have it open the appropriate folder? And why not just give it that
ability - why allow this but not that?
Thanks,
Saucy
I read these "junction points" or whatever they are, that show up as links
to folders with the old names e.g. "My Documents", are there for 'backward
compatibility'.
Now if one clicks on them one gets an access denied. However if one "drags
'n drops" a document onto the link, the document gets sent to the right
place i.e. if I create a document and save it on the Desktop, then open
Explorer, then drag it onto the junction point named "My Documents", it will
show up in "Documents".
How is it that I can drag and drop to on it properly, but not just click on
it and have it open the appropriate folder? And why not just give it that
ability - why allow this but not that?
Thanks,
Saucy
J
Jimmy Brush
Hello,
The deny permission on the application compatability junctions effectively
disallows you from listing their contents. It does not prevent you from
"passing over" the junction into its target.
For example, attempting to access "c:\users\all users\" will return access
denied (you are trying to list the contents of a junction), but accessing
"c:\users\all users\microsoft" will work (you are listing the contents of a
folder that is inside the folder that the junction points to - this is
allowed).
It is important to disallow listing the contents of junctions to prevent
applications that think the junction is a folder from misbehaving, because
applications see junctions as normal folders unless they do something
special. For example, a backup program would end up backing up the same
files multiple times (it would access the files both inside their actual
folder as well as from any junctions pointing to their folder).
And, there are some junctions that point back onto themselves creating a
hall-of-mirrors effect - this would cause applications to crash / misbehave
if they were scanning the folder hierarchy.
Also, deleting an application compatability junction or a folder that
contains the application compatability junction would end up deleting all
the files/folders inside the folder where the junction points to, which may
not be what you want (you may just want to delete the junction itself, not
the files inside of its target).
The deny permission on the application compatability junctions effectively
disallows you from listing their contents. It does not prevent you from
"passing over" the junction into its target.
For example, attempting to access "c:\users\all users\" will return access
denied (you are trying to list the contents of a junction), but accessing
"c:\users\all users\microsoft" will work (you are listing the contents of a
folder that is inside the folder that the junction points to - this is
allowed).
It is important to disallow listing the contents of junctions to prevent
applications that think the junction is a folder from misbehaving, because
applications see junctions as normal folders unless they do something
special. For example, a backup program would end up backing up the same
files multiple times (it would access the files both inside their actual
folder as well as from any junctions pointing to their folder).
And, there are some junctions that point back onto themselves creating a
hall-of-mirrors effect - this would cause applications to crash / misbehave
if they were scanning the folder hierarchy.
Also, deleting an application compatability junction or a folder that
contains the application compatability junction would end up deleting all
the files/folders inside the folder where the junction points to, which may
not be what you want (you may just want to delete the junction itself, not
the files inside of its target).
A
Alexander Suhovey
Jimmy Brush said:
Jimmy,
Great post. One clarification though: backup programs do not usually rely on
NTFS permissions when accessing files and folders but rather on "Back up
files and folders" user right. From corresponding policy description:
=======================================
Back up files and directories
This user right determines which users can bypass file and directory,
registry, and other persistent object permissions for the purposes of
backing up the system.
Specifically, this user right is similar to granting the following
permissions to the user or group in question on all files and folders on the
system:
Traverse Folder/Execute File
List Folder/Read Data
Read Attributes
Read Extended Attributes
Read Permissions
Caution:
Assigning this user right can be a security risk. Since there is no way to
be sure that a user is backing up data, stealing data, or copying data to be
distributed, only assign this user right to trusted users.
Default on workstations and servers:
Administrators
Backup Operators.
Default on domain controllers:
Administrators
Backup Operators
Server Operators
=======================================
G
Guest
Good point, I just pulled that out as a quick example .
- JB
.- JB