Vista and Windows Files Protection

  • Thread starter Thread starter marc ochsenmeier
  • Start date Start date
M

marc ochsenmeier

Hi,

it looks like as if Vista does not implement the Windows File Protection
(WFP) anymore.
I know that the User Account Control (UAC) feature and other File System
enhancement protect the Windows Vista files components. Now it looks like
Vista has got rid of WFP!

I have been searching for sfcfiles.dll and the dllcache directory...but they
are not there anymore!

Could anyone confirm this situation?

Thanks for your help.

Marc Ochsenmeier
www.propagating.net
 
marc ochsenmeier said:
it looks like as if Vista does not implement the Windows File Protection
(WFP) anymore.
I know that the User Account Control (UAC) feature and other File System
enhancement protect the Windows Vista files components. Now it looks like
Vista has got rid of WFP!
Click to expand...

Hi Mirc,

Vista uses Windows Resource Protection. In addition to system files, it
protects critical registry keys. In addition, NTFS permissions on system
files and folders have been changed so only TrustedInstaller system account
has write access to system files. This account is also owner of system files
by default. See cmd.exe permissions below as an example (R=read only, F=Full
access).

c:\> cacls c:\windows\system32\cmd.exe
c:\windows\system32\cmd.exe
NT SERVICE\TrustedInstaller:F
BUILTIN\Administrators:R
NT AUTHORITY\SYSTEM:R
BUILTIN\Users:R

c:\>

However, what I have read but have not confirmed yet is that WRP protects
less files than WFP (in terms of how WFP was protecting them). Read more
here:
http://weblog.infoworld.com/securityadviser/archives/2006/12/does_vistas_win.html
 
Both sfc.exe and sfc_os.dll (Windows File Protection) are still in
Windows\System32 folder.
 
Back
Top