Skip navigation

[email protected] - 25 Jul 2007

Setting an Integrity Level to "System"
Thanks for Mark Minasi's excellent Windows Power Tools article, "Icacls Shows Integrity" (June 2007, InstantDoc ID 95681). I tried the scenario Mark describes regarding setting an integrity level to "system" using psexec. Here's what happened: When I set the integrity level to "system" on a file, the file was marked as Integrity system, but I can delete it from Windows Explorer. When I set "system" on a directory, the directory was marked as Integrity system, but I can't remove any file in the directory or delete the directory itself. Any idea why this doesn't work on a file?
—Marc Ochsenmeier

One of the weird things we learned back in NT 101 is that, unlike everything else in Windows, there are two different permissions that allow you to delete a file, and you can delete a file if you have either. The two permissions are the "delete" permission on the file object itself, and the "delete files and folders" permission on the folder object that contains the file. Because the folder is not System, you get to sneak in the back door. "Ah," you say, "Then why is it that a medium process can't delete a high-integrity file sitting in a medium-integrity folder?" Simple: I filed a bug about that during the testing process and Microsoft put a patch on it for the medium/high situation. They never thought to patch the system situation.
—Mark Minasi

Moving vs. Copying on a Server
Eric Rux makes a good point—"Be sure to teach users the difference between moving and copying"—in his article "Let's Get Organized: File Server Basics" (May 2007, InstantDoc ID 95364). However, it's worth noting the technical issue that a file/folder move from one folder to another on the same server will also bring the existing NTFS permissions and potentially undo all your good set-up work, whereas a copy will leave these behind. Perhaps users should be encouraged to move files/ folders to a structure that is used as a staging area and then IT staff perform a copy and delete to the final destination to cleanse unwanted permissions.
—Duncan Priest

Stop the Spread of Malicious Software
I just read Paul Thurrott's article "FBI Identifies 1 Million Botnet Victims" (June 2007, InstantDoc ID 96323), and I'd like to respond to his comment, "Although the FBI can't find every infected PC or contact all the owners of these computers. . ." Maybe not, but there is a lot that could be done that isn't being done.
1. ISPs should close port 25 so that users are forced to send mail through a monitored port on the ISP's server. Anyone having a legitimate need to have port 25 open (e.g., a law firm needing its own mail server for reasons of confidentiality) can ask to have their port 25 opened.
2. Monitor and meter other traffic from subscribers to identify infected systems.
3. Institute some kind of sender verification.
4. Go after any US-based business that uses spamvertising. Granted, some of them likely bought their advertising service in ignorance that the recipient list is suspect, but many choose to look the other way, and they must be held to account.
—Hafizullah Chishti

Vista Power Management
I just bought an Apple TV, and it suddenly dawned on me as I turned off the hibernate feature of my Windows XP box (so it will always be on when I need it to listen to music or watch TV programs) that the current power management models in both XP and Vista are lacking when you consider using your PC as a media device for your home.

I want my PC to do the following:
1. After midnight,
if my computer is no longer in use (and no streaming media is begin sent from it), to go into the lowest power-save mode possible (i.e., hibernate).
2. At 6:00 p.m., before I get home from work, the computer should come back up and be ready to stream media.
3. Any time the computer isn't in use between midnight and 6:00 p.m., it should run in the lowest possible power state but still listen for streaming media requests and wake up immediately when a request is made.

I have read all about Vista power management, and as far as I can tell, Vista doesn't do any of the above. Yet the items on my list are what I want from power management in a media hub computer that runs my house.
—Kendall Bennett

Thanks for the Tip
Today I restored my computer to its last restore point because it had a virus. After that, I couldn't update my OS through Windows Update. I Googled the problem and bumped into your JSI FAQ site and Tip 10651. My problem was solved in 5 minutes! I love Google,, and Tip 10651!
—Joris de Bruijn

See Associated Figure

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.