Windows NT 4.0
- %systemdir% refers to %windir%\system32
- *.* refers to the files (not directories) contained in a directory
- RX means Read and Execute
| File
System Object |
Default
Power User Permissions |
Default
User Permissions |
|---|---|---|
| c:\boot.ini
|
RX
|
None
|
| c:\ntdetect.com
|
RX
|
None
|
| c:\ntldr
|
RX
|
None
|
| c:\ntbootdd.sys
|
RX
|
None
|
| c:\autoexec.bat
|
Modify
|
RX
|
| c:\config.sys
|
Modify
|
RX
|
| \ProgramFiles
|
Modify
|
RX
|
| %windir%
|
Modify
|
RX
|
| %windir%\*.*
|
RX
|
RX
|
| %windir%\config\*.*
|
RX
|
RX
|
| %windir%\cursors\*.*
|
RX
|
RX
|
| %windir%\Temp
|
Modify
|
Synchronize, Traverse, Add File, Add
Subdir
|
| %windir%\repair
|
Modify
|
List
|
| %windir%\addins
|
Modify (Dir\Subdirs) RX (Files)
|
RX
|
| %windir%\Connection Wizard
|
Modify (Dir\Subdirs) RX (Files)
|
RX
|
| %windir%\fonts\*.*
|
RX
|
RX
|
| %windir%\help\*.*
|
RX
|
RX
|
| %windir%\inf\*.*
|
RX
|
RX
|
| %windir%\java
|
Modify (Dir\Subdirs) RX (Files)
|
RX
|
| %windir%\media\*.*
|
RX
|
RX
|
| %windir%\msagent
|
Modify (Dir\Subdirs) RX (Files)
|
RX
|
| %windir%\security
|
RX
|
RX
|
| %windir%\speech
|
Modify (Dir\Subdirs) RX (Files)
|
RX
|
| %windir%\system\*.*
|
Read, Execute
|
RX
|
| %windir%\twain_32
|
Modify (Dir\Subdirs) RX (Files)
|
RX
|
| %windir%\Web
|
Modify (Dir\Subdirs) RX (Files)
|
RX
|
| %systemdir%
|
Modify
|
RX
|
| %systemdir%\*.*
|
RX
|
RX
|
| %systemdir%\config
|
List
|
List
|
| %systemdir%\dhcp
|
RX
|
RX
|
| %systemdir%\dllcache
|
None
|
None
|
| %systemdir%\drivers
|
RX
|
RX
|
| %systemdir%\CatRoot
|
Modify (Dir\Subdirs) RX (Files)
|
RX
|
| %systemdir%\ias
|
Modify (Dir\Subdirs) RX (Files)
|
RX
|
| %systemdir%\mui
|
Modify (Dir\Subdirs) RX (Files)
|
RX
|
| %systemdir%\OS2\*.*
|
RX
|
RX
|
| %systemdir%\OS2\DLL\*.*
|
RX
|
RX
|
| %systemdir%\RAS\*.*
|
RX
|
RX
|
| %systemdir%\ShellExt
|
Modify (Dir\Subdirs) RX (Files)
|
RX
|
| %systemdir%\Viewers\*.*
|
RX
|
RX
|
| %systemdir%\wbem
|
Modify (Dir\Subdirs) RX (Files)
|
RX
|
| %systemdir%\wbem\mof
|
Modify
|
RX
|
| %UserProfile%
|
Full Control
|
Full Control
|
| All Users
|
Modify
|
Read
|
| All Users\Documents
|
Modify
|
Modify
|
| All Users\Application Data
|
Modify
|
Modify
|
Note that a Power User can write new files into the following directories, but cannot modify the files that are installed there during text-mode setup. Furthermore all other Power Users will inherit Modify permissions on files created in these directories.
- %windir%
- %windir%\config
- %windir%\cursors
- %windir%\fonts
- %windir%\help
- %windir%\inf
- %windir%\media
- %windir%\system
- %systemdir%
- %systemdir%\OS2
- %systemdir%\OS2\DLL
- %systemdir%\RAS
- %systemdir%\Viewers
For directories designated as [Modify (Dir\Subdirs) RX (Files)], Power Users can write new files, however other Power Users will only be able to Read those files.
The following table describes the default access control settings that are applied to registry objects for Power Users and Users during a clean install of Windows 2000. For a given object, permissions apply to that object and all child objects unless the child object is also listed in the table.
| Registry
Object |
Default
Power User Permissions |
Default
User Permissions |
|---|---|---|
| HKEY_LOCAL_MACHINE
|
|
|
| HKLM\Software
|
Modify
|
Read
|
| HKLM\SW\Classes\helpfile
|
Read
|
Read
|
| HKLM\SW\Classes\.hlp
|
Read
|
Read
|
| HKLM\SW\MS\Command
Processor
|
Read
|
Read
|
| HKLM\SW\MS\Cryptography\OID
|
Read
|
Read
|
| HKLM\SW\MS\Cryptography\Providers\Trust
|
Read
|
Read
|
| HKLM\SW\MS\Cryptography\Services
|
Read
|
Read
|
| HKLM\SW\MS\Driver Signing
|
Read
|
Read
|
| HKLM\SW\MS\EnterpriseCertificates
|
Read
|
Read
|
| HKLM\SW\MS\Non-Driver
Signing
|
Read
|
Read
|
| HKLM\SW\MS\NetDDE
|
None
|
None
|
| HKLM\SW\MS\Ole
|
Read
|
Read
|
| HKLM\SW\MS\Rpc
|
Read
|
Read
|
| HKLM\SW\MS\Secure
|
Read
|
Read
|
| HKLM\SW\MS\SystemCertificates
|
Read
|
Read
|
| HKLM\SW\MS\Windows\CV\RunOnce
|
Read
|
Read
|
| HKLM\SW\MS\W NT\CV\DiskQuota
|
Read
|
Read
|
| HKLM\SW\MS\W
NT\CV\Drivers32
|
Read
|
Read
|
| HKLM\SW\MS\W NT\CV\Font
Drivers
|
Read
|
Read
|
| HKLM\SW\MS\W NT\CV\FontMapper
|
Read
|
Read
|
| HKLM\SW\MS\W NT\CV\Image
File Execution Options
|
Read
|
Read
|
| HKLM\SW\MS\W NT\CV\IniFileMapping
|
Read
|
Read
|
| HKLM\SW\MS\W NT\CV\Perflib
|
Read (via Interactive)
|
Read (via Interactive)
|
| HKLM\SW\MS\W NT\CV\SecEdit
|
Read
|
Read
|
| HKLM\SW\MS\W NT\CV\Time
Zones
|
Read
|
Read
|
| HKLM\SW\MS\W
NT\CV\Windows
|
Read
|
Read
|
| HKLM\SW\MS\W NT\CV\Winlogon
|
Read
|
Read
|
| HKLM\SW\MS\W NT\CV\AsrCommands
|
Read
|
Read
|
| HKLM\SW\MS\W NT\CV\Classes
|
Read
|
Read
|
| HKLM\SW\MS\W NT\CV\Console
|
Read
|
Read
|
| HKLM\SW\MS\W NT\CV\EFS
|
Read
|
Read
|
| HKLM\SW\MS\W NT\CV\ProfileList
|
Read
|
Read
|
| HKLM\SW\MS\W NT\CV\Svchost
|
Read
|
Read
|
| HKLM\SW\Policies
|
Read
|
Read
|
| HKLM\System
|
Read
|
Read
|
| HKLM\SYSTEM\CCS\Control\SecurePipeServers\winreg
|
None
|
None
|
| HKLM\SYSTEM\CCS\Control\Session
Manager\Executive
|
Modify
|
Read
|
| HKLM\SYSTEM\CCS\Control\TimeZoneInformation
|
Modify
|
Read
|
| HKLM\SYSTEM\CCS\Control\WMI\Security
|
None
|
None
|
| HKLM\Hardware
|
Read (via Everyone)
|
Read (via Everyone)
|
| HKLM\SAM
|
Read (via Everyone)
|
Read (via Everyone)
|
| HKLM\Security
|
None
|
None
|
|
|
|
| HKEY_USERS
|
|
|
| USERS\.DEFAULT
|
Read
|
Read
|
| USERS\.DEFAULT\SW\MS\NetDDE
|
None
|
None
|
|
|
|
| HKEY_CURRENT_CONFIG
|
= HKLM\System\CCS\HardwareProfiles\Current
|
|
|
|
| HKEY_CURRENT_USER
|
Full Control
|
Full Control
|
|
|
|
| HKEY_CLASSES_ROOT
|
= Merge of HKLM\SW\Classes
+ HKCU\SW\Classes
|
- HKLM = HKEY_LOCAL_MACHINE
- SW = Software
- MS = Microsoft
- CV = CurrentVersion
- CCS = CurrentControlSet
- W NT = Windows NT