Vista Will Not Let Administrator Create Folder In Root of System Volume?

[Will]

I just had my first encounter with Vista, and it was ugly. Logged in as
local administrator, I am not able to manually create a folder in the root
of the system volume. What gives with that? Administrator is surely in
the DACL for the root of the volume with Modify privileges.

I then took ownership of the volume and gave it to Administrator - taking
away from the TrustedInstaller (this is some kind of role?) - and it made no
difference: I still cannot create a folder in the root.

Speaking of TrustedInstaller, how do I get that back as the owner of the
root of the volume? I don't see a way to add that entity into anything.

I have a badly-behaved installer that requires the program be installed into
the root of the boot volume, and I cannot change that default location, so
unfortunately I need to deal with this issue.

My general impression with Vista is that they are trying so hard to make
things pretty that they are stripping out much of the meaningful detailed
error messages that would let an advanced user actually understand what is
failing and fix it. They could at least provide a "Details" button on the
pretty version of the error dialog that would spit out subsystem names,
error codes, and some kind of meaningful explanation of detail.

 

[Michael Walraven]

Will,

(Vista Home Premium, account is in administrator group)
Seems to Work for me.
Start Orb
Computer
Double click C: drive
right click, new, folder
'new folder' folder created, changed name to zz, now have folder c:\zz

What error do you get when you try?

Michael

 

[Mac]

You'd need to check the event logs.

 

[Will]

Will,

(Vista Home Premium, account is in administrator group)
Seems to Work for me.
Start Orb
Computer
Double click C: drive
right click, new, folder
'new folder' folder created, changed name to zz, now have folder c:\zz

Windows XP Home doesn't really have much security. XP Home doesn't have
any NTFS for example, and therefore no DACL on file system objects. So my
first question would be maybe Vista Home has such a reduced security profile
my question wouldn't matter on that OS?

What error do you get when you try?

The event viewer shows event id 4656, which I guess is Vista equivalent of
560 for a file system object open failure. Detailed Event Viewer message
is as follows.

Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 6/21/2007 6:36:35 PM
Event ID: 4656
Task Category: File System
Level: Information
Keywords: Audit Failure
User: N/A
Computer: Dell-Laptop
Description:
A handle to an object was requested.

Subject:
Security ID: Dell-Laptop\Administrator
Account Name: Administrator
Account Domain: Dell-Laptop
Logon ID: 0x205c0

Object:
Object Server: Security
Object Type: File
Object Name: C:\New Folder
Handle ID: 0x0

Process Information:
Process ID: 0x880
Process Name: C:\Windows\explorer.exe

Access Request Information:
Transaction ID: {00000000-0000-0000-0000-000000000000}
Accesses: DELETE
READ_CONTROL
WRITE_DAC
SYNCHRONIZE
ReadData (or ListDirectory)
WriteData (or AddFile)
ReadEA
WriteEA
ReadAttributes
WriteAttributes

Access Mask: 0x17019b
Privileges Used for Access Check: -
Restricted SID Count: 0
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-Auditing"
Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />
<EventID>4656</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>12800</Task>
<Opcode>0</Opcode>
<Keywords>0x8010000000000000</Keywords>
<TimeCreated SystemTime="2007-06-22T01:36:35.068Z" />
<EventRecordID>495</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="64" />
<Channel>Security</Channel>
<Computer>Dell-Laptop</Computer>
<Security />
</System>
<EventData>
<Data
Name="SubjectUserSid">S-1-5-21-3512659313-603798815-1369288244-500</Data>
<Data Name="SubjectUserName">Administrator</Data>
<Data Name="SubjectDomainName">Dell-Laptop</Data>
<Data Name="SubjectLogonId">0x205c0</Data>
<Data Name="ObjectServer">Security</Data>
<Data Name="ObjectType">File</Data>
<Data Name="ObjectName">C:\New Folder</Data>
<Data Name="HandleId">0x0</Data>
<Data Name="TransactionId">{00000000-0000-0000-0000-000000000000}</Data>
<Data Name="AccessList">%%1537
%%1538
%%1539
%%1541
%%4416
%%4417
%%4419
%%4420
%%4423
%%4424
</Data>
<Data Name="AccessMask">0x17019b</Data>
<Data Name="PrivilegeList">-</Data>
<Data Name="RestrictedSidCount">0</Data>
<Data Name="ProcessId">0x880</Data>
<Data Name="ProcessName">C:\Windows\explorer.exe</Data>
</EventData>
</Event>

 

[Bruce Chambers]

"

Windows XP Home doesn't really have much security.

That's not quite true. WinXP Home can be nearly as secured as WinXP
Pro, but the controls and mechanism simply aren't as readily apparent as
they are in WinXP Pro. They mostly have to be accessed in Safe Mode.

XP Home doesn't have
any NTFS for example, and therefore no DACL on file system objects.

Completely untrue. WinXP Home can be installed upon, and access, an
NTFS partition if the user so desires. The file security features most
be accessed in Safe Mode, however.



--

Bruce Chambers

Help us help you:



They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -Benjamin Franklin

Many people would rather die than think; in fact, most do. -Bertrand Russell