home *** CD-ROM | disk | FTP | other *** search
/ PC World Komputer 2010 April / PCWorld0410.iso / WindowsServerTrial / server.iso / sources / install.wim / 2 / Windows / inf / defltdc.inf < prev    next >
Windows Setup INFormation  |  2008-01-19  |  71KB  |  486 lines

  1.  ■; Copyright (c) Microsoft Corporation.  All rights reserved.
  2. ;
  3. ; Security Configuration Template for Security Configuration Editor
  4. ;
  5. ; Template Name:        DefltDC.INF
  6. ; Template Version:     05.10.DD.0000
  7. ;
  8. ; Default Security for Windows NT 5.1 Domain Controllers.
  9. ; Account Policies not set - Use DCFirst if first DC, else pull from existing domain.
  10. [version]
  11. signature="$CHICAGO$"
  12. revision=1
  13. DriverVer=06/21/2006,6.0.6001.18000
  14. [System Access]
  15. ;----------------------------------------------------------------
  16. ;Local Policies - Security Options
  17. ;----------------------------------------------------------------
  18. LSAAnonymousNameLookup = 0
  19. ;----------------------------------------------------------------
  20. ;Event Log - Log Settings
  21. ;----------------------------------------------------------------
  22. ;Audit Log Retention Period:
  23. ;0 = Overwrite Events As Needed
  24. ;1 = Overwrite Events As Specified by Retention Days Entry
  25. ;2 = Never Overwrite Events (Clear Log Manually)
  26. [System Log]
  27. MaximumLogSize = 20480
  28. AuditLogRetentionPeriod = 0
  29. ;RetentionDays = 7
  30. RestrictGuestAccess = 1
  31. [Security Log]
  32. MaximumLogSize = 131072
  33. AuditLogRetentionPeriod = 0
  34. ;RetentionDays = 7
  35. RestrictGuestAccess = 1
  36. [Application Log]
  37. MaximumLogSize = 20480
  38. AuditLogRetentionPeriod = 0
  39. ;RetentionDays = 7
  40. RestrictGuestAccess = 1
  41. ;----------------------------------------------------------------
  42. ;Registry Values
  43. ;----------------------------------------------------------------
  44. [Registry Values]
  45. ; Registry value name in full path = Type, Value
  46. ; REG_SZ                      ( 1 )
  47. ; REG_EXPAND_SZ               ( 2 )  // with environment variables to expand
  48. ; REG_BINARY                  ( 3 )
  49. ; REG_DWORD                   ( 4 )
  50. ; REG_MULTI_SZ                ( 7 )
  51. ;Copied to Default DC GPO if first DC
  52. ;We need to make sure Server-Side Packet Signing is on in the DC case.
  53. ;The rest of the registry values are maintained from the server.
  54. MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableSecuritySignature=4,1
  55. MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\RequireSecuritySignature=4,1
  56. ;All DC's should be consistent wrt secure channel signing and LMC
  57. MACHINE\System\CurrentControlSet\Control\Lsa\LmCompatibilityLevel=4,3
  58. MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireSignOrSeal=4,1
  59. MACHINE\System\CurrentControlSet\Services\NTDS\Parameters\LDAPServerIntegrity=4,1
  60. ;----------------------------------------------------------------------
  61. ;   Privileges & Rights
  62. ;----------------------------------------------------------------------
  63. ;
  64. ;World                          S-1-1-0
  65. ;
  66. ;NT Authority                   S-1-5
  67. ;ENTERPRISE_CONTROLLERS         9
  68. ;AUTHENTICATED_USER             11
  69. ;LOCAL_SERVICE                  19
  70. ;NETWORK_SERVICE                20
  71. ;
  72. ;Built-In Domain SubAuthority = S-1-5-32
  73. ;ADMINISTRATORS                 544
  74. ;USERS                          545
  75. ;GUESTS                         546
  76. ;POWER_USERS  (DEPRECATED)
  77. ;ACCOUNT_OPS                    548
  78. ;SYSTEM_OPS                     549
  79. ;PRINT_OPS                      550
  80. ;BACKUP_OPS                     551
  81. ;REPLICATOR                     552
  82. ;RAS_SERVERS                    553
  83. ;PREW2KCOMPACCESS               554
  84. ;REMOTE_DESKTOP_USERS           555
  85. ;NETWORK_CONFIGURATION_OPS      556
  86. ;LOGGING_USERS                  559
  87. ;
  88. [Privilege Rights]
  89. ;Add Whatever a DC should have by default.
  90. ;Remove Power Users from every right since it no longer exists but may have been added.
  91. ;Remove Whatever *Default* Server Rights don't belong on a DC
  92. ;If Server and DC Defaults are the same, then only power users is removed
  93. ;If You remove Everyone, Remove Authenticated Users as well.
  94. ;
  95. SeAssignPrimaryTokenPrivilege = Add:, *S-1-5-19, *S-1-5-20
  96. SeAuditPrivilege = Add:, *S-1-5-19, *S-1-5-20
  97. SeBackupPrivilege = Add:, *S-1-5-32-544, *S-1-5-32-551, *S-1-5-32-549
  98. SeBatchLogonRight = Add:, *S-1-5-32-544, *S-1-5-32-551, *S-1-5-32-559
  99. SeChangeNotifyPrivilege = Add:, *S-1-5-32-544, *S-1-5-11, *S-1-1-0, *S-1-5-32-554, *S-1-5-19, *S-1-5-20, Remove:, *S-1-5-32-551,  *S-1-5-32-545
  100. SeCreateGlobalPrivilege = Add:, *S-1-5-19, *S-1-5-20
  101. SeImpersonatePrivilege = Add:, *S-1-5-19, *S-1-5-20
  102. SeCreatePagefilePrivilege = Add:, *S-1-5-32-544
  103. ;SeCreatePermanentPrivilege = Remove:, *S-1-5-32-547
  104. SeCreateSymbolicLinkPrivilege = Add:, *S-1-5-32-544
  105. ;SeCreateTokenPrivilege = Remove:, *S-1-5-32-547
  106. SeDebugPrivilege = Add:, *S-1-5-32-544
  107. SeIncreaseBasePriorityPrivilege = Add:, *S-1-5-32-544
  108. SeIncreaseQuotaPrivilege = Add:, *S-1-5-32-544, *S-1-5-19, *S-1-5-20
  109. SeIncreaseWorkingSetPrivilege = Add:, *S-1-5-32-545
  110. SeInteractiveLogonRight = Add:, *S-1-5-32-548, *S-1-5-32-544, *S-1-5-32-551, *S-1-5-32-549, *S-1-5-32-550, Remove:,  *S-1-5-11, *S-1-5-32-546, &-501, *S-1-5-32-545, *S-1-1-0
  111. SeLoadDriverPrivilege = Add:, *S-1-5-32-544, *S-1-5-32-550
  112. ;SeLockMemoryPrivilege = Remove:, *S-1-5-32-547
  113. SeMachineAccountPrivilege = Add:, *S-1-5-11
  114. SeManageVolumePrivilege = Add:, *S-1-5-32-544
  115. SeNetworkLogonRight = Add:, *S-1-5-32-544, *S-1-5-11, *S-1-1-0, *S-1-5-9, *S-1-5-32-554, Remove:, *S-1-5-32-551, *S-1-5-32-546, &-501, *S-1-5-32-545
  116. SeProfileSingleProcessPrivilege = Add:, *S-1-5-32-544
  117. SeRemoteInteractiveLogonRight = Add:, *S-1-5-32-544, Remove:, *S-1-5-32-555, *S-1-5-11, *S-1-5-32-546, &-501, *S-1-5-32-545, *S-1-1-0
  118. SeRemoteShutdownPrivilege = Add:, *S-1-5-32-544, *S-1-5-32-549
  119. SeRestorePrivilege = Add:, *S-1-5-32-544, *S-1-5-32-551, *S-1-5-32-549
  120. SeSecurityPrivilege = Add:, *S-1-5-32-544
  121. ;SeServiceLogonRight = Remove:, *S-1-5-32-547
  122. SeShutdownPrivilege = Add:, *S-1-5-32-544, *S-1-5-32-551, *S-1-5-32-549, *S-1-5-32-550, Remove:, *S-1-5-11, *S-1-5-32-546, &-501, *S-1-5-32-545, *S-1-1-0
  123. SeSystemEnvironmentPrivilege = Add:, *S-1-5-32-544
  124. SeSystemProfilePrivilege = Add:, *S-1-5-32-544
  125. SeSystemTimePrivilege = Add:, *S-1-5-32-544, *S-1-5-32-549, *S-1-5-19, Remove:,  *S-1-5-20
  126. SeTakeOwnershipPrivilege = Add:, *S-1-5-32-544
  127. SeTimeZonePrivilege = Add:, *S-1-5-32-544, *S-1-5-19, *S-1-5-32-549
  128. ;SeTcbPrivilege = Remove:, *S-1-5-32-547
  129. ;
  130. ;SeDenyInteractiveLogonRight = Remove:, *S-1-5-32-547
  131. ;SeDenyBatchLogonRight = Remove:, *S-1-5-32-547
  132. ;SeDenyServiceLogonRight = Remove:, *S-1-5-32-547
  133. ;SeDenyNetworkLogonRight = Remove:, *S-1-5-32-547
  134. ;SeDenyRemoteInteractiveLogonRight = Remove:, *S-1-5-32-547
  135. ;
  136. SeUndockPrivilege = Add:, *S-1-5-32-544, Remove:,  *S-1-5-32-545
  137. ;SeSyncAgentPrivilege = Remove:, *S-1-5-32-547
  138. SeEnableDelegationPrivilege = Add:, *S-1-5-32-544
  139. [Service General Setting]
  140. ;Note: startup type should not be configured during setup\dcpromo.
  141. ;autostarted on workstations and servers, standalone or joined
  142. Browser,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  143. ;TrkWks,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  144. ;Dnscache,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;NO)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  145. ;PolicyAgent,,"D:(A;;CCLCSWLORC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  146. dmserver,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  147. ;PlugPlay,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  148. ;Spooler,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  149. ;ProtectedStorage,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  150. ;RpcSs,,"D:(A;;CCLCSWLORC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPLO;;;IU)(A;;CCLCSWRPLO;;;BU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  151. NtmsSvc,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  152. ;seclogon,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  153. SamSs,,"D:(A;;CCLCSWLORC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLO;;;IU)(A;;CCLCSWLO;;;BU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  154. ;lanmanserver,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  155. ;SENS,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  156. ;Schedule,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  157. Sysmonlog,,"D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCLCRPLOCR;;;LU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  158. ;LmHosts,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  159. ;LanmanWorkstation,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  160. ;RemoteRegistry,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  161. ClipSrv,,"D:(A;;CCLCSWLORC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPLO;;;IU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  162. NetDDE,,"D:(A;;CCLCSWLORC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPLO;;;IU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  163. NetDDEdsdm,,"D:(A;;CCLCSWLORC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPLO;;;IU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  164. ;EventSystem,,"D:(A;;CCLCSWRPLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  165. ;Not autostarted if machine is standalone
  166. ;Netlogon,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  167. ;W32Time,,"D:(A;;CCLCSWLORC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPLO;;;IU)(A;;CCLCSWRPLO;;;BU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  168. ;Server Only Services
  169. Dfs,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  170. LicenseService,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  171. ;IIS Specific Services - Leave them alone
  172. ;IISADMIN,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  173. ;W3SVC,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  174. ;MSFTPSVC,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  175. ;SMTPSVC,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  176. ;
  177. ; set default startup for the following services - do not touch permissions
  178. ;
  179. TrkSvr,4,""
  180. upnphost,4,""
  181. ssdpsrv,4,""
  182. [Registry Keys]
  183. "MACHINE\SOFTWARE\Microsoft\COM3",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  184. "MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  185. "MACHINE\SOFTWARE\Microsoft\NTDS",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  186. "MACHINE\SOFTWARE\Microsoft\Speech",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  187. "MACHINE\SOFTWARE\Microsoft\SystemCertificates",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  188. "MACHINE\SOFTWARE\Microsoft\SystemCertificates\Authroot",2,"D:AI(A;CIOI;GA;;;S-1-5-80-242729624-280608522-2219052887-3187409060-2225943459)"
  189. "MACHINE\SOFTWARE\Microsoft\Transaction Server",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  190. "MACHINE\SOFTWARE\Microsoft\Windows",0,"D:AR"
  191. "MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  192. "MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  193. "MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  194. ;Don't overwrite the following keys which are protected and secured by the component
  195. "MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy",1,"D:AR"
  196. "MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies",1,"D:AR"
  197. "MACHINE\SOFTWARE\Microsoft\SMS",1,"D:AR"
  198. "MACHINE\SOFTWARE\Microsoft\Windows NT",0,"D:AR"
  199. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  200. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EFS",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  201. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PerHwIdStorage",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  202. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing",2,"D:P(A;CI;GRGWSD;;;LS)(A;CI;GRGWSD;;;NS)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  203. "MACHINE\SYSTEM",0,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  204. "MACHINE\SYSTEM\Clone",1,"D:AR"
  205. "MACHINE\SYSTEM\ControlSet001",1,"D:AR"
  206. "MACHINE\SYSTEM\ControlSet002",1,"D:AR"
  207. "MACHINE\SYSTEM\ControlSet003",1,"D:AR"
  208. "MACHINE\SYSTEM\ControlSet004",1,"D:AR"
  209. "MACHINE\SYSTEM\ControlSet005",1,"D:AR"
  210. "MACHINE\SYSTEM\ControlSet006",1,"D:AR"
  211. "MACHINE\SYSTEM\ControlSet007",1,"D:AR"
  212. "MACHINE\SYSTEM\ControlSet008",1,"D:AR"
  213. "MACHINE\SYSTEM\ControlSet009",1,"D:AR"
  214. "MACHINE\SYSTEM\ControlSet010",1,"D:AR"
  215. "MACHINE\SYSTEM\CurrentControlSet\Control",0,"D:P(A;CI;GR;;;AU)(A;CI;GRGWSD;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  216. "MACHINE\SYSTEM\CurrentControlSet\Control\Class",0,"D:AR"
  217. "MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts",2,"D:(A;CI;GR;;;WD)"
  218. "MACHINE\SYSTEM\CurrentControlSet\Control\GraphicsDrivers",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  219. "MACHINE\SYSTEM\CurrentControlSet\Control\LSA",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  220. "MACHINE\SYSTEM\CurrentControlSet\Control\LSA\JD",2,"D:P(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  221. "MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Skew1",2,"D:P(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  222. "MACHINE\SYSTEM\CurrentControlSet\Control\LSA\GBG",2,"D:P(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  223. "MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Data",2,"D:P(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  224. "MACHINE\SYSTEM\CurrentControlSet\Control\Nsi",2,"D:P(A;CI;KR;;;BU)(A;CI;KA;;;BA)(A;CI;KA;;;SY)(A;CI;CCDCLCSWRPWPSDRC;;;NS)(A;CI;CCDCLCSWRPWPSDRC;;;LS)(A;CI;CCDCLCSWRPSDRC;;;NO)(A;CI;CCDCLCSWRPWPSDRC;;;S-1-5-80-2940520708-3855866260-481812779-327648279-1710889582)(A;CIIO;RC;;;S-1-3-4)"
  225. "MACHINE\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a00-9b1a-11d4-9123-0050047759bc}\4",2,"D:P(A;CI;CCDCLCSWRPRC;;;AU)(A;CI;CCDCLCSWRPWPSDRC;;;LS)(A;CI;CCDCLCSWRPWPSDRC;;;NS)((A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CIIO;RC;;;S-1-3-4)"
  226. "MACHINE\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a01-9b1a-11d4-9123-0050047759bc}\4",2,"D:P(A;CI;CCDCLCSWRPRC;;;AU)(A;CI;CCDCLCSWRPWPSDRC;;;LS)(A;CI;CCDCLCSWRPWPSDRC;;;NS)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CIIO;RC;;;S-1-3-4)"
  227. "MACHINE\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a1C-9b1a-11d4-9123-0050047759bc}\0",2,"D:P(A;CI;CCDCLCSWRPRC;;;AU)(A;CI;CCDCLCSWRPWPSDRC;;;LS)(A;CI;CCDCLCSWRPWPSDRC;;;NS)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CIIO;RC;;;S-1-3-4)"
  228. "MACHINE\SYSTEM\CurrentControlSet\Control\PriorityControl",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  229. "MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)"
  230. "MACHINE\SYSTEM\CurrentControlSet\Enum",1,"D:AR"
  231. "MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles",1,"D:AR"
  232. "MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server",1,"D:AR"
  233. ;Don't whack more restrictive security subkeys during DCPromo
  234. "MACHINE\SYSTEM\CurrentControlSet\Services",0,"D:P(A;CI;GR;;;AU)(A;CI;GRGWSD;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  235. "MACHINE\SYSTEM\CurrentControlSet\Services\KDC",0,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  236. "MACHINE\SYSTEM\CurrentControlSet\Services\LicenseInfo",2,"D:AR(A;CI;CCLCSWRPRC;;;NS)(A;CIIO;CCDCLCSWRPRC;;;NS)"
  237. "MACHINE\SYSTEM\CurrentControlSet\Services\NTDS",0,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  238. "MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters",0,"D:P(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  239. "MACHINE\SYSTEM\CurrentControlSet\Services\NTFRS",0,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  240. "MACHINE\SYSTEM\CurrentControlSet\Services\SysmonLog\Log Queries",2,"D:(A;CI;GA;;;NS)(A;CI;CCDCLCSWSDRC;;;LU)"
  241. "MACHINE\SYSTEM\CurrentControlSet\Services\WinTrust",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  242. "USERS\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\ProtectedRoots",1,"D:AR"
  243. [File Security]
  244. ;---------------------------------------------------------------------------------------------
  245. ;ProgramFiles
  246. ;---------------------------------------------------------------------------------------------
  247. "%SceInfCommonProgramFiles%\SpeechEngines\Microsoft\TTS",2,"D:P(A;CIOI;GRGX;;;AU)(A;CIOI;GRGX;;;SO)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  248. ;---------------------------------------------------------------------------------------------
  249. ;Win64 ProgramFiles Directory
  250. ;---------------------------------------------------------------------------------------------
  251. ;---------------------------------------------------------------------------------------------
  252. ;System Root (Typically \WINDOWS)
  253. ;---------------------------------------------------------------------------------------------
  254. ;Different from parent
  255. "%SystemRoot%\Debug",2,"D:P(A;;GX;;;AU)(A;;GX;;;SO)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  256. "%SystemRoot%\Driver Cache",2,"D:P(A;CIOI;GRGX;;;AU)(A;CIOI;GRGX;;;SO)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  257. "%SystemRoot%\mui",2,"D:P(A;CIOI;GRGX;;;AU)(A;CIOI;GRGX;;;SO)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  258. ;Directories that did not exist when security applied during clean-install Server - Creator specifies directory security.
  259. ;We explicitly ignore so as not to whack the component-specified DIRECTORY security during DCPromo.
  260. ;Previous directory security should be compatible with DC's or component should reset during DCPromo.
  261. "%Systemroot%\repair\default",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
  262. "%Systemroot%\repair\ntuser.dat",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
  263. "%Systemroot%\repair\sam",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
  264. "%Systemroot%\repair\security",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
  265. "%Systemroot%\repair\software",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
  266. "%Systemroot%\repair\system",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
  267. ;Profiles folder (typically %systemdrive%\Documents and Settings)
  268. ;Profile for LocalService and NetworkService, moved from Users in Longhorn, creator specifies security
  269. "%SystemRoot%\ServiceProfiles\LocalService",1,"D:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;LS)"
  270. "%SystemRoot%\ServiceProfiles\NetworkService",1,"D:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;NS)"
  271. ;---------------------------------------------------------------------------------------------
  272. ;System Directory (Typically \Windows\System32)
  273. ;---------------------------------------------------------------------------------------------
  274. ;Differences from parent
  275. "%SystemDirectory%\config",2,"D:P(A;CI;GRGX;;;AU)(A;CI;GRGX;;;SO)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  276. "%SystemDirectory%\LogFiles",2,"D:P(A;CIOI;GRGX;;;AU)(A;CIOI;GRGX;;;SO)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  277. "%SystemDirectory%\mui",2,"D:P(A;CIOI;GRGX;;;AU)(A;CIOI;GRGX;;;SO)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  278. "%SystemDirectory%\spool",2,"D:(A;CIOI;GA;;;PO)"
  279. "%SystemDirectory%\windows media\server",2,"D:(A;CIOI;GRGWGXSD;;;NS)"
  280. "%SystemDirectory%\wbem\mof",2,"D:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  281. "%SystemDirectory%\CMOS.RAM",2,"D:P(A;;GRGX;;;AU)(A;;GRGWGXSD;;;SO)(A;;GA;;;BA)(A;;GA;;;SY)"
  282. "%SystemDirectory%\Midimap.cfg",2,"D:P(A;;GRGX;;;AU)(A;;GRGWGXSD;;;SO)(A;;GA;;;BA)(A;;GA;;;SY)"
  283. ; Directories that might not exist when security is applied; but are listed here
  284. ; so that they get secured correctly on converting the file system to NTFS
  285. "%SystemDirectory%\Windows media",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGWGXSD;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  286. "%SystemDirectory%\Windows media\Server\WMSServerUpgrade.exe",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  287. "%SystemDirectory%\Windows media\Server\interop_msxml.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  288. "%SystemDirectory%\Windows Media\Server\Admin\mmc\WMSHTTPAuthenPropPage.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  289. "%SystemDirectory%\Windows Media\Server\Admin\mmc\WMSHttpSysCfg.exe",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  290. "%SystemDirectory%\Windows Media\Server\Admin\web\WMSASPADMIN.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  291. ;-----------------------------------------------------------------------------------------
  292. ; SysWOW64 directories
  293. ;-----------------------------------------------------------------------------------------
  294. ;---------------------------------------------------------------------------------------------
  295. ;DS Data and Log Directories.  Engine resolves via registry.
  296. ;---------------------------------------------------------------------------------------------
  297. ;Relying on fact that engine lets last one win when DSLog and DSDit are the same.
  298. "%DSDIT%",2,"D:P(A;CIOI;GA;;;SY)(A;CIOI;GA;;;BA)"
  299. "%DSLOG%",2,"D:P(A;CIOI;GA;;;SY)(A;CIOI;GA;;;BA)(A;OICIIO;GA;;;CO)(A;CI;0x100004;;;LS)"
  300. ;---------------------------------------------------------------------------------------------
  301. ;Sysvol. Engine resolves via registry.
  302. ;---------------------------------------------------------------------------------------------
  303. ; Notes about ACL:
  304. ; 1. BA, CO have all rights on %sysvol% folder except FILE_DELETE_CHILD (i.e. "Delete subfolders and files"). 
  305. ;    This buys us the following:
  306. ;    - Prevent deletion of \sysvol subfolder by BA, CO.
  307. "%Sysvol%",2,"D:P(A;CIOI;GRGX;;;AU)(A;CIOI;GRGX;;;SO)(A;;GRGWGXSDWDWO;;;BA)(A;CIOIIO;GA;;;BA)(A;CIOI;GA;;;SY)(A;;GRGWGXSDWDWO;;;CO)(A;CIOIIO;GA;;;CO)"
  308. ; Notes about ACL:
  309. ; 1. BA, CO have all rights on %Sysvol%\sysvol folder and subfolders (note: CIOI) except DELETE and FILE_DELETE_CHILD.
  310. ;    This buys us the following:
  311. ;    - Lack of DELETE right (in combination with lack of FILE_DELETE_CHILD right on parent folder %sysvol%) helps prevent deletion of 
  312. ;      folder by BA, CO. 
  313. ;    - Lack of FILE_DELETE_CHILD help prevent deletion of \<domain> subfolder by BA, CO
  314. ;    - Passing on limited rights to subfolders and files ensures that BA, CO also do not have DELETE right on \<domain> subfolder.
  315. ; 2. Successful folder deletion is audited for Everyone (WD). Also, auditing is set on subfolders and files as well. This is so that
  316. ;    \<domain> subfolder deletion is audited.
  317. "%Sysvol%\sysvol",2,"D:P(A;CIOI;GRGX;;;AU)(A;CIOI;GRGX;;;SO)(A;CIOI;GRGWGXWDWO;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GRGWGXWDWO;;;CO)S:(AU;CIOISA;SD;;;WD)"
  318. ; Notes about ACL:
  319. ; 1. BA, CO have all rights on %Sysvol%\domain folder (note: NOT passed on to subfolders) except DELETE and FILE_DELETE_CHILD.
  320. ;    This buys us the following:
  321. ;    - Lack of DELETE right (in combination with lack of FILE_DELETE_CHILD right on parent folder %sysvol%) helps prevent deletion of 
  322. ;      folder by BA, CO. 
  323. ;    - Lack of FILE_DELETE_CHILD help prevent deletion of \scripts, \policies subfolders by BA, CO.
  324. ; 2. Successful folder deletion is audited for Everyone (WD).
  325. "%Sysvol%\domain",2,"D:P(A;CIOI;GRGX;;;AU)(A;CIOI;GRGX;;;SO)(A;;GRGWGXWDWO;;;BA)(A;CIOIIO;GA;;;BA)(A;CIOI;GA;;;SY)(A;;GRGWGXWDWO;;;CO)(A;CIOIIO;GA;;;CO)S:(AU;SA;SD;;;WD)"
  326. ; Notes about ACL: ACL gives same rights for BA, CO as parent folder.
  327. "%Sysvol%\domain\scripts",2,"D:P(A;CIOI;GRGX;;;AU)(A;CIOI;GRGX;;;SO)(A;;GRGWGXWDWO;;;BA)(A;CIOIIO;GA;;;BA)(A;CIOI;GA;;;SY)(A;;GRGWGXWDWO;;;CO)(A;CIOIIO;GA;;;CO)S:(AU;SA;SD;;;WD)"
  328. "%Sysvol%\domain\policies",2,"D:P(A;CIOI;GRGX;;;AU)(A;CIOI;GRGX;;;SO)(A;;GRGWGXWDWO;;;BA)(A;CIOIIO;GA;;;BA)(A;CIOI;GA;;;SY)(A;;GRGWGXWDWO;;;CO)(A;CIOIIO;GA;;;CO)(A;CIOI;GRGWGX;;;PA)S:(AU;SA;SD;;;WD)"
  329. ;---------------------------------------------------------------------------------------------
  330. ;Default Domain Policy GPO and Default Domain Controllers Policy GPO
  331. ;---------------------------------------------------------------------------------------------
  332. "%Sysvol%\domain\policies\{31b2f340-016d-11d2-945f-00c04fb984f9}",2,"D:P(A;CIOI;GRGX;;;AU)(A;CIOI;GRGX;;;SO)(A;;GRGWGXWDWO;;;BA)(A;CIOIIO;GA;;;BA)(A;CIOI;GA;;;SY)(A;;GRGWGXWDWO;;;CO)(A;CIOIIO;GA;;;CO)S:(AU;SA;SD;;;WD)"
  333. "%Sysvol%\domain\policies\{6ac1786c-016f-11d2-945f-00c04fb984f9}",2,"D:P(A;CIOI;GRGX;;;AU)(A;CIOI;GRGX;;;SO)(A;;GRGWGXWDWO;;;BA)(A;CIOIIO;GA;;;BA)(A;CIOI;GA;;;SY)(A;;GRGWGXWDWO;;;CO)(A;CIOIIO;GA;;;CO)S:(AU;SA;SD;;;WD)"
  334. ;---------------------------------------------------------------------------------------------
  335. ;Don't allow access of console apps remotely
  336. ;---------------------------------------------------------------------------------------------
  337. "%SceInfProgramFiles%\Common Files\Microsoft Shared\Web Server Extensions\50\bin\owsadm.exe",2,"D:P(A;;GRGX;;;IU)(A;;GRGX;;;SU)(A;;GRGX;;;S-1-5-3)(A;;GA;;;BA)(A;;GA;;;SY)(A;;GA;;;CO)"
  338. "%SceInfProgramFiles%\Common Files\Microsoft Shared\Web Server Extensions\50\bin\owsrmadm.exe",2,"D:P(A;;GRGX;;;IU)(A;;GRGX;;;SU)(A;;GRGX;;;S-1-5-3)(A;;GA;;;BA)(A;;GA;;;SY)(A;;GA;;;CO)"
  339. "%SceInfProgramFiles%\Microsoft SQL Server\80\Tools\Binn\bcp.exe",2,"D:P(A;;GRGX;;;IU)(A;;GRGX;;;SU)(A;;GRGX;;;S-1-5-3)(A;;GA;;;BA)(A;;GA;;;SY)(A;;GA;;;CO)"
  340. "%SceInfProgramFiles%\Microsoft SQL Server\80\Tools\Binn\DTSRUN.exe",2,"D:P(A;;GRGX;;;IU)(A;;GRGX;;;SU)(A;;GRGX;;;S-1-5-3)(A;;GA;;;BA)(A;;GA;;;SY)(A;;GA;;;CO)"
  341. "%SceInfProgramFiles%\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe",2,"D:P(A;;GRGX;;;IU)(A;;GRGX;;;SU)(A;;GRGX;;;S-1-5-3)(A;;GA;;;BA)(A;;GA;;;SY)(A;;GA;;;CO)"
  342. ;"%SceInfProgramFiles%\Microsoft SQL Server\MSSQL$UDDI\Binn\cmdwrap.exe",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
  343. ;"%SceInfProgramFiles%\Microsoft SQL Server\MSSQL$UDDI\Binn\sqlmaint.exe",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
  344. ;"%SceInfProgramFiles%\Microsoft SQL Server\MSSQL$UDDI\Binn\sqlservr.exe",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
  345. "%SystemRoot%\Cluster\ResrcMon.exe",2,"D:P(A;;GRGX;;;IU)(A;;GRGX;;;SU)(A;;GRGX;;;S-1-5-3)(A;;GA;;;BA)(A;;GA;;;SY)(A;;GA;;;CO)"
  346. "%SystemRoot%\Microsoft.NET\Framework\v1.1.4322\gacutil.exe",2,"D:P(A;;GRGX;;;IU)(A;;GRGX;;;SU)(A;;GRGX;;;S-1-5-3)(A;;GA;;;BA)(A;;GA;;;SY)(A;;GA;;;CO)"
  347. "%SystemRoot%\Microsoft.NET\Framework\v1.1.4322\MigPol.exe",2,"D:P(A;;GRGX;;;IU)(A;;GRGX;;;SU)(A;;GRGX;;;S-1-5-3)(A;;GA;;;BA)(A;;GA;;;SY)(A;;GA;;;CO)"
  348. "%Systemdirectory%\appverif.exe",2,"D:P(A;;GRGX;;;IU)(A;;GRGX;;;SU)(A;;GRGX;;;S-1-5-3)(A;;GA;;;BA)(A;;GA;;;SY)(A;;GA;;;CO)"
  349. "%Systemdirectory%\atmadm.exe",2,"D:P(A;;GRGX;;;IU)(A;;GRGX;;;SU)(A;;GRGX;;;S-1-5-3)(A;;GA;;;BA)(A;;GA;;;SY)(A;;GA;;;CO)"
  350. "%Systemdirectory%\bootok.exe",2,"D:P(A;;GRGX;;;IU)(A;;GRGX;;;SU)(A;;GRGX;;;S-1-5-3)(A;;GA;;;BA)(A;;GA;;;SY)(A;;GA;;;CO)"
  351. "%Systemdirectory%\bootvrfy.exe",2,"D:P(A;;GRGX;;;IU)(A;;GRGX;;;SU)(A;;GRGX;;;S-1-5-3)(A;;GA;;;BA)(A;;GA;;;SY)(A;;GA;;;CO)"
  352. "%Systemdirectory%\Com\comrereg.exe",2,"D:P(A;;GRGX;;;IU)(A;;GRGX;;;SU)(A;;GRGX;;;S-1-5-3)(A;;GA;;;BA)(A;;GA;;;SY)(A;;GA;;;CO)"
  353. "%Systemdirectory%\comclust.exe",2,"D:P(A;;GRGX;;;IU)(A;;GRGX;;;SU)(A;;GRGX;;;S-1-5-3)(A;;GA;;;BA)(A;;GA;;;SY)(A;;GA;;;CO)"
  354. "%Systemdirectory%\convlog.exe",2,"D:P(A;;GRGX;;;IU)(A;;GRGX;;;SU)(A;;GRGX;;;S-1-5-3)(A;;GA;;;BA)(A;;GA;;;SY)(A;;GA;;;CO)"
  355. "%Systemdirectory%\cprofile.exe",2,"D:P(A;;GRGX;;;IU)(A;;GRGX;;;SU)(A;;GRGX;;;S-1-5-3)(A;;GA;;;BA)(A;;GA;;;SY)(A;;GA;;;CO)"
  356. "%Systemdirectory%\driverquery.exe",2,"D:P(A;;GRGX;;;IU)(A;;GRGX;;;SU)(A;;GRGX;;;S-1-5-3)(A;;GA;;;BA)(A;;GA;;;SY)(A;;GA;;;CO)"
  357. "%Systemdirectory%\forcedos.exe",2,"D:P(A;;GRGX;;;IU)(A;;GRGX;;;SU)(A;;GRGX;;;S-1-5-3)(A;;GA;;;BA)(A;;GA;;;SY)(A;;GA;;;CO)"
  358. "%Systemdirectory%\gettype.exe",2,"D:P(A;;GRGX;;;IU)(A;;GRGX;;;SU)(A;;GRGX;;;S-1-5-3)(A;;GA;;;BA)(A;;GA;;;SY)(A;;GA;;;CO)"
  359. "%Systemdirectory%\gpresult.exe",2,"D:P(A;;GRGX;;;IU)(A;;GRGX;;;SU)(A;;GRGX;;;S-1-5-3)(A;;GA;;;BA)(A;;GA;;;SY)(A;;GA;;;CO)"
  360. "%Systemdirectory%\inuse.exe",2,"D:P(A;;GRGX;;;IU)(A;;GRGX;;;SU)(A;;GRGX;;;S-1-5-3)(A;;GA;;;BA)(A;;GA;;;SY)(A;;GA;;;CO)"
  361. "%Systemdirectory%\ipsec6.exe",2,"D:P(A;;GRGX;;;IU)(A;;GRGX;;;SU)(A;;GRGX;;;S-1-5-3)(A;;GA;;;BA)(A;;GA;;;SY)(A;;GA;;;CO)"
  362. "%Systemdirectory%\ipxroute.exe",2,"D:P(A;;GRGX;;;IU)(A;;GRGX;;;SU)(A;;GRGX;;;S-1-5-3)(A;;GA;;;BA)(A;;GA;;;SY)(A;;GA;;;CO)"
  363. "%Systemdirectory%\jdbgmgr.exe",2,"D:P(A;;GRGX;;;IU)(A;;GRGX;;;SU)(A;;GRGX;;;S-1-5-3)(A;;GA;;;BA)(A;;GA;;;SY)(A;;GA;;;CO)"
  364. "%Systemdirectory%\jview.exe",2,"D:P(A;;GRGX;;;IU)(A;;GRGX;;;SU)(A;;GRGX;;;S-1-5-3)(A;;GA;;;BA)(A;;GA;;;SY)(A;;GA;;;CO)"
  365. "%Systemdirectory%\lserver.exe",2,"D:P(A;;GRGX;;;IU)(A;;GRGX;;;SU)(A;;GRGX;;;S-1-5-3)(A;;GA;;;BA)(A;;GA;;;SY)(A;;GA;;;CO)"
  366. "%Systemdirectory%\macfile.exe",2,"D:P(A;;GRGX;;;IU)(A;;GRGX;;;SU)(A;;GRGX;;;S-1-5-3)(A;;GA;;;BA)(A;;GA;;;SY)(A;;GA;;;CO)"
  367. "%Systemdirectory%\ntsd.exe",2,"D:P(A;;GRGX;;;IU)(A;;GRGX;;;SU)(A;;GRGX;;;S-1-5-3)(A;;GA;;;BA)(A;;GA;;;SY)(A;;GA;;;CO)"
  368. "%Systemdirectory%\nw16.exe",2,"D:P(A;;GRGX;;;IU)(A;;GRGX;;;SU)(A;;GRGX;;;S-1-5-3)(A;;GA;;;BA)(A;;GA;;;SY)(A;;GA;;;CO)"
  369. "%Systemdirectory%\nwscript.exe",2,"D:P(A;;GRGX;;;IU)(A;;GRGX;;;SU)(A;;GRGX;;;S-1-5-3)(A;;GA;;;BA)(A;;GA;;;SY)(A;;GA;;;CO)"
  370. "%Systemdirectory%\openfiles.exe",2,"D:P(A;;GRGX;;;IU)(A;;GRGX;;;SU)(A;;GRGX;;;S-1-5-3)(A;;GA;;;BA)(A;;GA;;;SY)(A;;GA;;;CO)"
  371. "%Systemdirectory%\pentnt.exe",2,"D:P(A;;GRGX;;;IU)(A;;GRGX;;;SU)(A;;GRGX;;;S-1-5-3)(A;;GA;;;BA)(A;;GA;;;SY)(A;;GA;;;CO)"
  372. "%Systemdirectory%\ping6.exe",2,"D:P(A;;GRGX;;;IU)(A;;GRGX;;;SU)(A;;GRGX;;;S-1-5-3)(A;;GA;;;BA)(A;;GA;;;SY)(A;;GA;;;CO)"
  373. "%Systemdirectory%\proxycfg.exe",2,"D:P(A;;GRGX;;;IU)(A;;GRGX;;;SU)(A;;GRGX;;;S-1-5-3)(A;;GA;;;BA)(A;;GA;;;SY)(A;;GA;;;CO)"
  374. "%Systemdirectory%\rcp.exe",2,"D:P(A;;GRGX;;;IU)(A;;GRGX;;;SU)(A;;GRGX;;;S-1-5-3)(A;;GA;;;BA)(A;;GA;;;SY)(A;;GA;;;CO)"
  375. "%Systemdirectory%\rexec.exe",2,"D:P(A;;GRGX;;;IU)(A;;GRGX;;;SU)(A;;GRGX;;;S-1-5-3)(A;;GA;;;BA)(A;;GA;;;SY)(A;;GA;;;CO)"
  376. "%Systemdirectory%\routemon.exe",2,"D:P(A;;GRGX;;;IU)(A;;GRGX;;;SU)(A;;GRGX;;;S-1-5-3)(A;;GA;;;BA)(A;;GA;;;SY)(A;;GA;;;CO)"
  377. "%Systemdirectory%\rsh.exe",2,"D:P(A;;GRGX;;;IU)(A;;GRGX;;;SU)(A;;GRGX;;;S-1-5-3)(A;;GA;;;BA)(A;;GA;;;SY)(A;;GA;;;CO)"
  378. "%Systemdirectory%\RsLnk.exe",2,"D:P(A;;GRGX;;;IU)(A;;GRGX;;;SU)(A;;GRGX;;;S-1-5-3)(A;;GA;;;BA)(A;;GA;;;SY)(A;;GA;;;CO)"
  379. "%Systemdirectory%\Rss.exe",2,"D:P(A;;GRGX;;;IU)(A;;GRGX;;;SU)(A;;GRGX;;;S-1-5-3)(A;;GA;;;BA)(A;;GA;;;SY)(A;;GA;;;CO)"
  380. "%Systemdirectory%\RsServ.exe",2,"D:P(A;;GRGX;;;IU)(A;;GRGX;;;SU)(A;;GRGX;;;S-1-5-3)(A;;GA;;;BA)(A;;GA;;;SY)(A;;GA;;;CO)"
  381. "%Systemdirectory%\RsTore.exe",2,"D:P(A;;GRGX;;;IU)(A;;GRGX;;;SU)(A;;GRGX;;;S-1-5-3)(A;;GA;;;BA)(A;;GA;;;SY)(A;;GA;;;CO)"
  382. "%Systemdirectory%\rsvp.exe",2,"D:P(A;;GRGX;;;IU)(A;;GRGX;;;SU)(A;;GRGX;;;S-1-5-3)(A;;GA;;;BA)(A;;GA;;;SY)(A;;GA;;;CO)"
  383. "%Systemdirectory%\scardsvr.exe",2,"D:P(A;;GRGX;;;IU)(A;;GRGX;;;SU)(A;;GRGX;;;S-1-5-3)(A;;GA;;;BA)(A;;GA;;;SY)(A;;GA;;;CO)"
  384. "%Systemdirectory%\schtasks.exe",2,"D:P(A;;GRGX;;;IU)(A;;GRGX;;;SU)(A;;GRGX;;;S-1-5-3)(A;;GA;;;BA)(A;;GA;;;SY)(A;;GA;;;CO)"
  385. "%Systemdirectory%\sfmprint.exe",2,"D:P(A;;GRGX;;;IU)(A;;GRGX;;;SU)(A;;GRGX;;;S-1-5-3)(A;;GA;;;BA)(A;;GA;;;SY)(A;;GA;;;CO)"
  386. "%Systemdirectory%\sfmpsexe.exe",2,"D:P(A;;GRGX;;;IU)(A;;GRGX;;;SU)(A;;GRGX;;;S-1-5-3)(A;;GA;;;BA)(A;;GA;;;SY)(A;;GA;;;CO)"
  387. "%Systemdirectory%\sfmsvc.exe",2,"D:P(A;;GRGX;;;IU)(A;;GRGX;;;SU)(A;;GRGX;;;S-1-5-3)(A;;GA;;;BA)(A;;GA;;;SY)(A;;GA;;;CO)"
  388. "%Systemdirectory%\systeminfo.exe",2,"D:P(A;;GRGX;;;IU)(A;;GRGX;;;SU)(A;;GRGX;;;S-1-5-3)(A;;GA;;;BA)(A;;GA;;;SY)(A;;GA;;;CO)"
  389. "%Systemdirectory%\tracert6.exe",2,"D:P(A;;GRGX;;;IU)(A;;GRGX;;;SU)(A;;GRGX;;;S-1-5-3)(A;;GA;;;BA)(A;;GA;;;SY)(A;;GA;;;CO)"
  390. "%Systemdirectory%\tsshutdn.exe",2,"D:P(A;;GRGX;;;IU)(A;;GRGX;;;SU)(A;;GRGX;;;S-1-5-3)(A;;GA;;;BA)(A;;GA;;;SY)(A;;GA;;;CO)"
  391. "%Systemdirectory%\ups.exe",2,"D:P(A;;GRGX;;;IU)(A;;GRGX;;;SU)(A;;GRGX;;;S-1-5-3)(A;;GA;;;BA)(A;;GA;;;SY)(A;;GA;;;CO)"
  392. "%Systemdirectory%\vwipxspx.exe",2,"D:P(A;;GRGX;;;IU)(A;;GRGX;;;SU)(A;;GRGX;;;S-1-5-3)(A;;GA;;;BA)(A;;GA;;;SY)(A;;GA;;;CO)"
  393. [Strings]
  394. SceInfAdministrator = "Administrator"
  395. SceInfAdmins = "Administrators"
  396. SceInfAcountOp = "Account Operators"
  397. SceInfAuthUsers = "Authenticated Users"
  398. SceInfBackupOp = "Backup Operators"
  399. SceInfDomainAdmins = "Domain Admins"
  400. SceInfDomainGuests = "Domain Guests"
  401. SceInfDomainUsers = "Domain Users"
  402. SceInfEnterpriseDCs = "ENTERPRISE DOMAIN CONTROLLERS"
  403. SceInfEveryone = "Everyone"
  404. SceInfGuests = "Guests"
  405. SceInfGuest = "Guest"
  406. SceInfPowerUsers = "Power Users"
  407. SceInfPrintOp = "Print Operators"
  408. SceInfReplicator = "Replicator"
  409. SceInfServerOp = "Server Operators"
  410. SceInfUsers = "Users"
  411. SceInfLocalService = "Local Service"
  412. SceInfNetworkService = "Network Service"
  413. SceInfProgramFiles = "%ProgramFiles%"
  414. SceInfProgramFilesx86 = "%ProgramFiles(x86)%"
  415. SceInfCommonProgramFiles = "%CommonProgramFiles%"
  416. SceInfRemoteDesktopUsers = "Remote Desktop Users"
  417. SceDefltDCProfileDescription = "Default Security Settings applied during DCPromo."