Users can't run subst.exe or attrib.exe ??

Discussion in 'Windows Vista File Management' started by Keith Hill [MVP], Sep 27, 2007.

  1. For some reason, my Vista Enterprise system has reset permissions on a
    number of EXEs in the windows dirs and now I have to elevate to execute
    attrib.exe and subst.exe. The following EXEs are affected:

    C:\Windows\System32\at.exe
    C:\Windows\System32\attrib.exe
    C:\Windows\System32\cacls.exe
    C:\Windows\System32\debug.exe
    C:\Windows\System32\DRWATSON.EXE
    C:\Windows\System32\edlin.exe
    C:\Windows\System32\eventcreate.exe
    C:\Windows\System32\ftp.exe
    C:\Windows\System32\net.exe
    C:\Windows\System32\net1.exe
    C:\Windows\System32\netsh.exe
    C:\Windows\System32\reg.exe
    C:\Windows\System32\regedt32.exe
    C:\Windows\System32\regsvr32.exe
    C:\Windows\System32\runas.exe
    C:\Windows\System32\sc.exe
    C:\Windows\System32\subst.exe
    C:\Windows\System32\telnet.exe

    Their ACLs are:

    AccessToString : NT AUTHORITY\INTERACTIVE Allow ReadAndExecute, Synchronize
    NT AUTHORITY\SYSTEM Allow FullControl
    BUILTIN\Administrators Allow FullControl

    And they should be:

    AccessToString : NT AUTHORITY\SYSTEM Allow ReadAndExecute, Synchronize
    BUILTIN\Administrators Allow ReadAndExecute, Synchronize
    BUILTIN\Users Allow ReadAndExecute, Synchronize
    NT SERVICE\TrustedInstaller Allow FullControl

    What's annoying the hell out of me is that:

    1) I can't add TrustedInstallers back to the ACLs list - it says it doesn't
    exist
    2) I add back Users with ReadAndExecute and a few days later that entry has
    been stripped out (again)

    Anybody have any idea what is going on? I suspect either Group Policy or
    System File Protection but I'm not sure how to find out if that is what is
    causing this.
     
    Keith Hill [MVP], Sep 27, 2007
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.