W
Will
Can someone tell me for Windows 2000 and Windows XP, what are the default
permissions on the user's hive tree (HKCU in regedit)? And importantly I
want to know do those permissions inherit from the top of the hive all the
way to the bottom, or are there places in the middle or bottom parts of the
tree that stop inheriting and hardcode their own ACL?
I need to know this in detail to help support movement of profiles from
local to domain users. We have followed the common guidance about the
ProfileList SID entries in HKLM and changing the profile they point to.
This trick has worked perfectly for us for Windows 2003 servers. But on
Windows XP computers we are still missing something. Many times even for
an administrative domain user, the HKLM ProfileList SID changes by adding a
..BAK at the end. Ther domain user login starts to use a Documents &
Settings\TEMP Profile as well. Since the Domain user is being given Full
Control access to the new profile directory in the ACL, I'm suspecting that
the different behavior in XP may be due to some permissions in the ACL for
the registry entries in the user hive stored in the profile directory.
permissions on the user's hive tree (HKCU in regedit)? And importantly I
want to know do those permissions inherit from the top of the hive all the
way to the bottom, or are there places in the middle or bottom parts of the
tree that stop inheriting and hardcode their own ACL?
I need to know this in detail to help support movement of profiles from
local to domain users. We have followed the common guidance about the
ProfileList SID entries in HKLM and changing the profile they point to.
This trick has worked perfectly for us for Windows 2003 servers. But on
Windows XP computers we are still missing something. Many times even for
an administrative domain user, the HKLM ProfileList SID changes by adding a
..BAK at the end. Ther domain user login starts to use a Documents &
Settings\TEMP Profile as well. Since the Domain user is being given Full
Control access to the new profile directory in the ACL, I'm suspecting that
the different behavior in XP may be due to some permissions in the ACL for
the registry entries in the user hive stored in the profile directory.