NTFS Permissions

[SmokingRope]

I reinstall my copy of windows xp every 2 months using an unattended installation cd. I only reformat my system partition and leave all my data on a different hard drive. What i've noticed is that user permissions get lost between installations. More specifically I've noticed that GUID's are used for storing user permissions by NTFS leaving a long list of {###'s} entries that don't resolve to a user name in the fresh installation. The user names themselves don't change. Is there any way i can keep my permissions between installations?

[gosh]

You're talking about SID's. There are some sid's built in, but most users will have a unique sid. defltwk.inf has a list of all the built in sid's

-gosh

[GrofLuigi]

If I may chime in, this is similar to what I see when I apply the "NoDefaultAdminOwner" tweak AKA let windows assign permissions of newly created objects to administrator group instead of admin account (phew that was long). Then I usually eradicate the account and work as THE Administrator acount, but permissions of files created before (between install time and aplying the tweak) remain and show as question marks because the SID doesn't resolve.

I remember I encountered this some time ago and solved it, by now I can't remember... Playing with registry/files permissions is no joy... I hit Apply and Windows says yessir, but bringing up permissions dialog after that shows the question marks again.

On a similar note, does anyone know where are root permissions stored? I.e. in filesystem, those above the partitions (since partitions have some permissions they say they have inherited from their parent), same with HKLM for example, what is their parent? Poor little heirs... Nobody mentioned them in his/her last will.

The OS is XP. And AccessEnum from Sysinternals helps a lot with this.

GL

Edited October 12, 2007 by GrofLuigi

[SmokingRope]

So if i interpret this correctly i could setup access control based on certain groups that are predefined. looking through defltwk.inf i found groups like:

• Administrators
  
• Users
  
• Guests
  
• power_users
  
• backup_ops
  

If i setup permissions using these groups, the SID's will persist across installations, however isn't there any way to create a new user account with a specific SID?

[gosh]

I explained how windows xp sets root permissions in http://www.msfn.org/board/Locking_C_drive_...ll_t105820.html

It might be possible to specify what sid you want, either by modifying the default security template used by setup, or by possibly editing the SAM (HKLM\Sam). It would take experimenting to figure this out.

The problem with security settings is they are applied on the fly during setup, so if you modify a security setting in a template it might be overwritten later by another setting. Setup makes setup security.inf that it applies, but this file doesn't exist on the xp cd, setup creates it dynamically during setup.

-gosh

[SmokingRope]

I don't really want to change any of the permissions, i actually just want them to stay the same across installations. Right now, when i reinstall, all the folder permissions disapear.

I want for example, 'D:\games' to be readable by only the 'Games' user and 'D:\homework' to be accessible by only my 'smokingrope' user. I may be able to do something with the default security groups to accomplish this but it would be contrived. There must be some way to either replace the old SID's with the new ones just after installation, or tell the installer the SID to use for each of my users.

I would guess that the former would be easy enough, however writing a script or custom app is just not an option for me right now.

I have found NewSID. It looks to be too specialized for my needs.

I have started reading about the sysprep utility and hope that it can help in accomplishing my goal.