home *** CD-ROM | disk | FTP | other *** search
/ PC World Komputer 2010 April / PCWorld0410.iso / WindowsServerTrial / server.iso / sources / install.wim / 4 / Windows / inf / dcup5.inf < prev    next >
Windows Setup INFormation  |  2008-01-18  |  63KB  |  416 lines
  1.  ■; Copyright (c) Microsoft Corporation.  All rights reserved.
  2. ;
  3. ; Security Configuration Template for Security Configuration Editor
  4. ;
  5. ; Template Name:        DCUp5.INF
  6. ; Template Version:     05.10.DU.0000
  7. ;
  8. ; Default Security for NT5 to NT5 DC Upgrade
  9. ;
  10. ; Revision History
  11. ; 0000  - Win2k to Win2k DC upgrades (straight setup - no DCPromo)
  14. ; Please DO NOT EDIT version section.
  15. ;
  16. [version]
  17. signature="$CHICAGO$"
  18. revision=1
  19. DriverVer=06/21/2006,6.0.6001.18000
  21. [System Access]
  22. ;----------------------------------------------------------------
  23. ;Local Policies - Security Options
  24. ;----------------------------------------------------------------
  25. LSAAnonymousNameLookup = 0
  27. ;----------------------------------------------------------------
  28. ;Event Log - Log Settings
  29. ;----------------------------------------------------------------
  31. [System Log]
  32. RestrictGuestAccess = 1
  34. [Security Log]
  35. RestrictGuestAccess = 1
  37. [Application Log]
  38. RestrictGuestAccess = 1
  40. [Privilege Rights]
  41. ;
  42. ;World                          S-1-1-0
  43. ;
  44. ;NT Authority                   S-1-5
  45. ;ENTERPRISE_CONTROLLERS         9
  46. ;AUTHENTICATED_USER             11
  47. ;LOCAL_SERVICE                  19
  48. ;NETWORK_SERVICE                20
  49. ;
  50. ;Built-In Domain SubAuthority = S-1-5-32
  51. ;ADMINISTRATORS                 544
  52. ;USERS                          545
  53. ;GUESTS                         546
  54. ;POWER_USERS (DEPRECATED)
  55. ;ACCOUNT_OPS                    548
  56. ;SYSTEM_OPS                     549
  57. ;PRINT_OPS                      550
  58. ;BACKUP_OPS                     551
  59. ;REPLICATOR                     552
  60. ;RAS_SERVERS                    553
  61. ;PREW2KCOMPACCESS               554
  62. ;REMOTE_DESKTOP_USERS           555
  63. ;NETWORK_CONFIGURATION_OPS      556
  65. SeAssignPrimaryTokenPrivilege = Add:, *S-1-5-19, *S-1-5-20
  66. SeAuditPrivilege = Add:, *S-1-5-19, *S-1-5-20
  67. SeBatchLogonRight = Add:, *S-1-5-32-544, *S-1-5-32-551
  68. SeChangeNotifyPrivilege = Add:, *S-1-5-32-554, *S-1-5-19, *S-1-5-20
  69. SeCreateGlobalPrivilege = Add:, *S-1-5-6, *S-1-5-32-544, *S-1-5-19, *S-1-5-20
  70. SeCreateSymbolicLinkPrivilege = Add:, *S-1-5-32-544
  71. SeImpersonatePrivilege = Add:, *S-1-5-6, *S-1-5-32-544, *S-1-5-19, *S-1-5-20
  72. SeIncreaseQuotaPrivilege = Add:, *S-1-5-19, *S-1-5-20
  73. SeIncreaseWorkingSetPrivilege = Add:, *S-1-5-32-545
  74. SeLoadDriverPrivilege = Add:, *S-1-5-32-550
  75. SeManageVolumePrivilege = Add:, *S-1-5-32-544
  76. SeNetworkLogonRight = Add:, *S-1-5-9, *S-1-5-32-554
  77. SeRemoteInteractiveLogonRight = Add:, *S-1-5-32-544, Remove:, *S-1-5-32-555
  78. SeShutdownPrivilege = Remove:, *S-1-5-32-548
  79. SeSystemTimePrivilege = Add:, *S-1-5-19, *S-1-5-32-549, Remove:, *S-1-5-20
  80. SeTimeZonePrivilege = Add:, *S-1-5-32-544, *S-1-5-19, *S-1-5-32-549
  81. SeInteractiveLogonRight = Remove:, TsInternetUser
  83. ;----------------------------------------------------------------
  84. ;Registry Values
  85. ;----------------------------------------------------------------
  86. [Registry Values]
  87. ;Define only those reg values that are new for Whistler so upgraded Win2k DC = Clean-install Whistler Server+DCpromo.
  88. ;Unlike DefltDC and DCUp, these registry values will never be added to the Default DC GPO.
  89. ;Note: Packet Signing defined in Default DC GPO (via Defltdc or DCUp) when Win2k Domain was created.
  91. ;We need to make sure Server-Side Packet Signing is on in the DC case.
  92. MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableSecuritySignature=4,1
  93. MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\RequireSecuritySignature=4,1
  95. MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UndockWithoutLogon=4,1
  97. MACHINE\System\CurrentControlSet\Control\Lsa\DisableDomainCreds=4,0
  98. MACHINE\System\CurrentControlSet\Control\Lsa\EveryoneIncludesAnonymous=4,0
  99. MACHINE\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy\Enabled=4,0
  100. MACHINE\System\CurrentControlSet\Control\Lsa\LmCompatibilityLevel=4,3
  102. MACHINE\System\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedPaths\Machine=8,Add:,Software\Microsoft\Windows NT\CurrentVersion\Print,Software\Microsoft\Windows NT\CurrentVersion\Windows,Remove:,System\CurrentControlSet\Control\ProductOptions,System\CurrentControlSet\Control\Server Applications,Software\Microsoft\Windows NT\CurrentVersion
  103. MACHINE\System\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedExactPaths\Machine=8,Add:,System\CurrentControlSet\Control\ProductOptions,System\CurrentControlSet\Control\Server Applications,Software\Microsoft\Windows NT\CurrentVersion
  105. MACHINE\System\CurrentControlSet\Control\Session Manager\Kernel\ObCaseInsensitive=4,1
  107. MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\RestrictNullSessAccess=4,1
  109. MACHINE\System\CurrentControlSet\Services\LDAP\LDAPClientIntegrity=4,1
  111. MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireSignOrSeal=4,1
  113. [Service General Setting]
  114. ;Note: startup type should not be configured during setup\dcpromo.
  115. ;autostarted on workstations and servers, standalone or joined
  116. Browser,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  117. ;TrkWks,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  118. ;Dnscache,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;NO)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  119. ;PolicyAgent,,"D:(A;;CCLCSWLORC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  120. dmserver,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  121. ;PlugPlay,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  122. ;Spooler,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  123. ;ProtectedStorage,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  124. ;RpcSs,,"D:(A;;CCLCSWLORC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPLO;;;IU)(A;;CCLCSWRPLO;;;BU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  125. NtmsSvc,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  126. ;seclogon,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  127. SamSs,,"D:(A;;CCLCSWLORC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLO;;;IU)(A;;CCLCSWLO;;;BU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  128. ;lanmanserver,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  129. ;SENS,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  130. ;Schedule,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  131. Sysmonlog,,"D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCLCRPLOCR;;;LU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  132. ;LmHosts,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  133. ;LanmanWorkstation,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  134. ;RemoteRegistry,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  136. ;Not autostarted, but non-default DACL - Remove PU ability to change template
  137. ClipSrv,,"D:(A;;CCLCSWLORC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPLO;;;IU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  138. NetDDE,,"D:(A;;CCLCSWLORC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPLO;;;IU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  139. NetDDEdsdm,,"D:(A;;CCLCSWLORC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPLO;;;IU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  140. ;EventSystem,,"D:(A;;CCLCSWRPLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  142. ;Not autostarted if machine is standalone
  143. ;Netlogon,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  144. ;W32Time,,"D:(A;;CCLCSWLORC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPLO;;;IU)(A;;CCLCSWRPLO;;;BU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  146. ;Server Only Services
  147. Dfs,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  148. LicenseService,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  150. ;IIS Specific Services - Leave them alone
  151. ;IISADMIN,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  152. ;W3SVC,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  153. ;MSFTPSVC,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  154. ;SMTPSVC,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  157. ;
  158. ; set default startup for the following services - do not touch permissions
  159. ;
  160. TrkSvr,4,""
  161. upnphost,4,""
  162. ssdpsrv,4,""
  165. [Registry Keys]
  167. ;Same as parent, but this is the target of a symlink - set explicitly.
  170. "MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  171. "MACHINE\SOFTWARE\Microsoft\NTDS",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  172. "MACHINE\SOFTWARE\Microsoft\OLAP Server\CurrentVersion\SECURITY",1,"D:AR"
  173. "MACHINE\SOFTWARE\Microsoft\Speech",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  174. "MACHINE\SOFTWARE\Microsoft\SystemCertificates",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  175. "MACHINE\SOFTWARE\Microsoft\SystemCertificates\Authroot",2,"D:AI(A;CIOI;GA;;;S-1-5-80-242729624-280608522-2219052887-3187409060-2225943459)"
  177. "MACHINE\SOFTWARE\Microsoft\Windows",0,"D:AR"
  179. "MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  180. "MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  182. ;Don't overwrite the following keys which are protected and secured by the component
  183. "MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy",1,"D:AR"
  184. "MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies",1,"D:AR"
  185. "MACHINE\SOFTWARE\Microsoft\SMS",1,"D:AR"
  187. "MACHINE\SOFTWARE\Microsoft\Windows NT",0,"D:AR"
  189. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  190. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EFS",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  191. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PerHwIdStorage",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  192. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing",2,"D:P(A;CI;GRGWSD;;;LS)(A;CI;GRGWSD;;;NS)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  194. "MACHINE\SYSTEM",0,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  196. "MACHINE\SYSTEM\Clone",1,"D:AR"
  198. "MACHINE\SYSTEM\ControlSet001",1,"D:AR"
  199. "MACHINE\SYSTEM\ControlSet002",1,"D:AR"
  200. "MACHINE\SYSTEM\ControlSet003",1,"D:AR"
  201. "MACHINE\SYSTEM\ControlSet004",1,"D:AR"
  202. "MACHINE\SYSTEM\ControlSet005",1,"D:AR"
  203. "MACHINE\SYSTEM\ControlSet006",1,"D:AR"
  204. "MACHINE\SYSTEM\ControlSet007",1,"D:AR"
  205. "MACHINE\SYSTEM\ControlSet008",1,"D:AR"
  206. "MACHINE\SYSTEM\ControlSet009",1,"D:AR"
  207. "MACHINE\SYSTEM\ControlSet010",1,"D:AR"
  209. "MACHINE\SYSTEM\CurrentControlSet\Control",0,"D:P(A;CI;GR;;;AU)(A;CI;GRGWSD;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  211. "MACHINE\SYSTEM\CurrentControlSet\Control\Class",0,"D:AR"
  212. "MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts",2,"D:(A;CI;GR;;;WD)"
  213. "MACHINE\SYSTEM\CurrentControlSet\Control\GraphicsDrivers",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  214. "MACHINE\SYSTEM\CurrentControlSet\Control\LSA",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  215. "MACHINE\SYSTEM\CurrentControlSet\Control\LSA\JD",2,"D:P(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  216. "MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Skew1",2,"D:P(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  217. "MACHINE\SYSTEM\CurrentControlSet\Control\LSA\GBG",2,"D:P(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  218. "MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Data",2,"D:P(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  219. "MACHINE\SYSTEM\CurrentControlSet\Control\Nsi",2,"D:P(A;CI;KR;;;BU)(A;CI;KA;;;BA)(A;CI;KA;;;SY)(A;CI;CCDCLCSWRPWPSDRC;;;NS)(A;CI;CCDCLCSWRPWPSDRC;;;LS)(A;CI;CCDCLCSWRPSDRC;;;NO)(A;CI;CCDCLCSWRPWPSDRC;;;S-1-5-80-2940520708-3855866260-481812779-327648279-1710889582)(A;CIIO;RC;;;S-1-3-4)"
  220. "MACHINE\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a00-9b1a-11d4-9123-0050047759bc}\4",2,"D:P(A;CI;CCDCLCSWRPRC;;;AU)(A;CI;CCDCLCSWRPWPSDRC;;;LS)(A;CI;CCDCLCSWRPWPSDRC;;;NS)((A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CIIO;RC;;;S-1-3-4)"
  221. "MACHINE\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a01-9b1a-11d4-9123-0050047759bc}\4",2,"D:P(A;CI;CCDCLCSWRPRC;;;AU)(A;CI;CCDCLCSWRPWPSDRC;;;LS)(A;CI;CCDCLCSWRPWPSDRC;;;NS)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CIIO;RC;;;S-1-3-4)"
  222. "MACHINE\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a1C-9b1a-11d4-9123-0050047759bc}\0",2,"D:P(A;CI;CCDCLCSWRPRC;;;AU)(A;CI;CCDCLCSWRPWPSDRC;;;LS)(A;CI;CCDCLCSWRPWPSDRC;;;NS)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CIIO;RC;;;S-1-3-4)"
  223. "MACHINE\SYSTEM\CurrentControlSet\Control\PriorityControl",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  224. "MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)"
  226. "MACHINE\SYSTEM\CurrentControlSet\Enum",1,"D:AR"
  227. "MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles",1,"D:AR"
  229. ;Don't whack more restrictive security subkeys
  230. "MACHINE\SYSTEM\CurrentControlSet\Services",0,"D:P(A;CI;GR;;;AU)(A;CI;GRGWSD;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  231. "MACHINE\SYSTEM\CurrentControlSet\Services\KDC",0,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  232. "MACHINE\SYSTEM\CurrentControlSet\Services\LicenseInfo",2,"D:AR(A;CI;CCLCSWRPRC;;;NS)(A;CIIO;CCDCLCSWRPRC;;;NS)"
  233. "MACHINE\SYSTEM\CurrentControlSet\Services\NTDS",0,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  234. "MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters",0,"D:P(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  235. "MACHINE\SYSTEM\CurrentControlSet\Services\NTFRS",0,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  236. "MACHINE\SYSTEM\CurrentControlSet\Services\SysmonLog\Log Queries",2,"D:(A;CI;GA;;;NS)(A;CI;CCDCLCSWSDRC;;;LU)"
  239. "MACHINE\SYSTEM\CurrentControlSet\Services\WinTrust",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  241. "USERS\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\ProtectedRoots",1,"D:AR"
  243. [File Security]
  246. ;---------------------------------------------------------------------------------------------
  247. ;ProgramFiles
  248. ;---------------------------------------------------------------------------------------------
  249. "%SceInfCommonProgramFiles%\Microsoft Shared\Speech",2,"D:P(A;CIOI;GRGX;;;AU)(A;CIOI;GRGX;;;SO)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  250. "%SceInfCommonProgramFiles%\SpeechEngines\Microsoft\TTS",2,"D:P(A;CIOI;GRGX;;;AU)(A;CIOI;GRGX;;;SO)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  252. ;---------------------------------------------------------------------------------------------
  253. ;Win64 ProgramFiles Directory
  254. ;---------------------------------------------------------------------------------------------
  256. ;---------------------------------------------------------------------------------------------
  257. ; ProgramData Folder (Typically \ProgramData)
  258. ;---------------------------------------------------------------------------------------------
  261. ;---------------------------------------------------------------------------------------------
  262. ;System Root (Typically \WINDOWS)
  263. ;---------------------------------------------------------------------------------------------
  265. ;Different from parent
  266. "%SystemRoot%\Debug",2,"D:P(A;;GX;;;AU)(A;;GX;;;SO)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  267. "%SystemRoot%\Driver Cache",2,"D:P(A;CIOI;GRGX;;;AU)(A;CIOI;GRGX;;;SO)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  268. "%SystemRoot%\mui",2,"D:P(A;CIOI;GRGX;;;AU)(A;CIOI;GRGX;;;SO)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  270. ;Directories that did not exist when security applied during clean-install Server - Creator specifies directory security.
  271. ;We explicitly ignore so as not to whack the component-specified DIRECTORY security during DCPromo.
  272. ;Previous directory security should be compatible with DC's or component should reset during DCPromo.
  273. "%Systemroot%\repair\default",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
  274. "%Systemroot%\repair\ntuser.dat",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
  275. "%Systemroot%\repair\sam",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
  276. "%Systemroot%\repair\security",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
  277. "%Systemroot%\repair\software",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
  278. "%Systemroot%\repair\system",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"
  280. ; Directories that might not exist when security is applied; but are listed here
  281. ; so that they get secured correctly on converting the file system to NTFS
  282. "%SystemRoot%\PCHEALTH\HELPCTR",2,"D:P(A;CIOI;GRGX;;;WD)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  284. ;Profile for LocalService and NetworkService, moved from Users in Longhorn, creator specifies security
  285. "%SystemRoot%\ServiceProfiles\LocalService",1,"D:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;LS)"
  286. "%SystemRoot%\ServiceProfiles\NetworkService",1,"D:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;NS)"
  288. ;---------------------------------------------------------------------------------------------
  289. ;System Directory (Typically \Windows\System32)
  290. ;---------------------------------------------------------------------------------------------
  291. ;Differences from parent
  292. "%SystemDirectory%\config",2,"D:P(A;CI;GRGX;;;AU)(A;CI;GRGX;;;SO)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  293. ;Profile for system account - moved from Docs and Settings in Whistler. Creator specifies security.
  294. "%SystemDirectory%\LogFiles",2,"D:P(A;CIOI;GRGX;;;AU)(A;CIOI;GRGX;;;SO)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  295. "%SystemDirectory%\mui",2,"D:P(A;CIOI;GRGX;;;AU)(A;CIOI;GRGX;;;SO)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  296. "%SystemDirectory%\oobe",2,"D:P(A;CIOI;GRGX;;;AU)(A;CIOI;GRGX;;;SO)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  297. "%SystemDirectory%\spool",2,"D:(A;CIOI;GA;;;PO)"
  298. "%SystemDirectory%\wbem\mof",2,"D:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  301. "%SystemDirectory%\Autoexec.nt",2,"D:P(A;;GRGX;;;AU)(A;;GRGWGXSD;;;SO)(A;;GA;;;BA)(A;;GA;;;SY)"
  302. "%SystemDirectory%\CMOS.RAM",2,"D:P(A;;GRGX;;;AU)(A;;GRGWGXSD;;;SO)(A;;GA;;;BA)(A;;GA;;;SY)"
  303. "%SystemDirectory%\Config.nt",2,"D:P(A;;GRGX;;;AU)(A;;GRGWGXSD;;;SO)(A;;GA;;;BA)(A;;GA;;;SY)"
  304. "%SystemDirectory%\Midimap.cfg",2,"D:P(A;;GRGX;;;AU)(A;;GRGWGXSD;;;SO)(A;;GA;;;BA)(A;;GA;;;SY)"
  306. ;Directories that did not exist when security applied during clean-install Server - Creator specifies directory security.
  307. ;We explicitly ignore so as not to whack the component-specified DIRECTORY security during DCPromo.
  308. ;Previous directory security should be compatible with DC's or component should reset during DCPromo.
  309. "%SystemDirectory%\appmgmt",1,"D:AR"
  312. ; Directories that might not exist when security is applied; but are listed here
  313. ; so that they get secured correctly on converting the file system to NTFS
  314. "%SystemDirectory%\Windows media\Server\ASFArchiver.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  315. "%SystemDirectory%\Windows media\Server\Namespace.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  316. "%SystemDirectory%\Windows media\Server\WMIBridge.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  317. "%SystemDirectory%\Windows media\Server\wmsactscrpt.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  318. "%SystemDirectory%\Windows media\Server\WMServer.exe",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  319. "%SystemDirectory%\Windows media\Server\WMSIpHlp.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  320. "%SystemDirectory%\Windows media\Server\WMSLF.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  321. "%SystemDirectory%\Windows media\Server\WMSServer.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  322. "%SystemDirectory%\Windows media\Server\WMSServerConfig.exe",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  323. "%SystemDirectory%\Windows media\Server\WMSServerResource.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  324. "%SystemDirectory%\Windows media\Server\WMSServerResourceRES.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  325. "%SystemDirectory%\Windows media\Server\WMSServerUpgrade.exe",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  326. "%SystemDirectory%\Windows media\Server\wmssnmp.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  327. "%SystemDirectory%\Windows media\Server\WMSSrvMk.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  328. "%SystemDirectory%\Windows media\Server\Microsoft.WindowsMediaServices.DLL",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  329. "%SystemDirectory%\Windows media\Server\interop_msxml.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  330. "%SystemDirectory%\Windows media\Server\nsneterr.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  331. "%SystemDirectory%\Windows Media\Server\Admin\mmc\PlaylistTransformPropPage.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  332. "%SystemDirectory%\Windows Media\Server\Admin\mmc\strmtest.exe",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  333. "%SystemDirectory%\Windows Media\Server\Admin\mmc\WMIListener.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  334. "%SystemDirectory%\Windows Media\Server\Admin\mmc\WMSACLCheckPropPage.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  335. "%SystemDirectory%\Windows Media\Server\Admin\mmc\WMSAdmin.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  336. "%SystemDirectory%\Windows Media\Server\Admin\mmc\WMSAdminRES.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  337. "%SystemDirectory%\Windows Media\Server\Admin\mmc\WMSAnonAuthenPropPage.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  338. "%SystemDirectory%\Windows Media\Server\Admin\mmc\WMSArchiveSinkV1PropPage.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  339. "%SystemDirectory%\Windows Media\Server\Admin\mmc\WMSBROWSE.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  340. "%SystemDirectory%\Windows Media\Server\Admin\mmc\WMSBrowseRES.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  341. "%SystemDirectory%\Windows Media\Server\Admin\mmc\WMSDigestAuthenPropPage.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  342. "%SystemDirectory%\Windows Media\Server\Admin\mmc\wmseditor.exe",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  343. "%SystemDirectory%\Windows Media\Server\Admin\mmc\WMSHTTPAuthenPropPage.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  344. "%SystemDirectory%\Windows Media\Server\Admin\mmc\WMSHTTPControlPropPage.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  345. "%SystemDirectory%\Windows Media\Server\Admin\mmc\WMSIPAccessPropPage.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  346. "%SystemDirectory%\Windows Media\Server\Admin\mmc\WMSLogPropPages.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  347. "%SystemDirectory%\Windows Media\Server\Admin\mmc\WMSMONITOR.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  348. "%SystemDirectory%\Windows Media\Server\Admin\mmc\WMSMonitorRES.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  349. "%SystemDirectory%\Windows Media\Server\Admin\mmc\WMSMulticastSinkPropPage.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  350. "%SystemDirectory%\Windows Media\Server\Admin\mmc\WMSNetworkDataSourcePropPage.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  351. "%SystemDirectory%\Windows Media\Server\Admin\mmc\WMSPLAYLIST.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  352. "%SystemDirectory%\Windows Media\Server\Admin\mmc\WMSPlaylistRES.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  353. "%SystemDirectory%\Windows Media\Server\Admin\mmc\WMSPluginRES.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  354. "%SystemDirectory%\Windows Media\Server\Admin\mmc\WMSScriptPropPage.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  355. "%SystemDirectory%\Windows Media\Server\Admin\mmc\WMSUnicastSinkPropPage.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  356. "%SystemDirectory%\Windows Media\Server\Admin\mmc\WMSWizard.exe",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  357. "%SystemDirectory%\Windows Media\Server\Admin\mmc\WMSWizardRES.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  358. "%SystemDirectory%\Windows Media\Server\Admin\mmc\WMSWMIPropPage.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  359. "%SystemDirectory%\Windows Media\Server\Admin\mmc\wmsperfmon.exe",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  360. "%SystemDirectory%\Windows Media\Server\Admin\mmc\WMSHttpSysCfg.exe",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  361. "%SystemDirectory%\Windows Media\Server\Admin\web\WMSASPADMIN.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  363. ;-----------------------------------------------------------------------------------------
  364. ; SysWOW64 directories
  365. ;-----------------------------------------------------------------------------------------
  370. ;---------------------------------------------------------------------------------------------
  371. ;DS Data and Log Directories.  Engine resolves via registry.
  372. ;---------------------------------------------------------------------------------------------
  373. ;Relying on fact that engine lets last one win when DSLog and DSDit are the same.
  374. "%DSDIT%",2,"D:P(A;CIOI;GA;;;SY)(A;CIOI;GA;;;BA)"
  375. "%DSLOG%",2,"D:P(A;CIOI;GA;;;SY)(A;CIOI;GA;;;BA)(A;OICIIO;GA;;;CO)(A;CI;0x100004;;;LS)"
  377. ;---------------------------------------------------------------------------------------------
  378. ;Sysvol. Engine resolves via registry.
  379. ;---------------------------------------------------------------------------------------------
  380. ;Ignore on upgrade
  381. "%Sysvol%",1,"D:P(A;CIOI;GRGX;;;AU)(A;CIOI;GRGX;;;SO)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  382. "%Sysvol%\domain\policies",1,"D:P(A;CIOI;GRGX;;;AU)(A;CIOI;GRGX;;;SO)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)(A;CIOI;GRGWGXSD;;;PA)"
  386. [Strings]
  387. SceInfAdministrator = "Administrator"
  388. SceInfAdmins = "Administrators"
  389. SceInfAcountOp = "Account Operators"
  390. SceInfAuthUsers = "Authenticated Users"
  391. SceInfBackupOp = "Backup Operators"
  392. SceInfDomainAdmins = "Domain Admins"
  393. SceInfDomainGuests = "Domain Guests"
  394. SceInfDomainUsers = "Domain Users"
  395. SceInfEnterpriseDCs = "ENTERPRISE DOMAIN CONTROLLERS"
  396. SceInfEveryone = "Everyone"
  397. SceInfGuests = "Guests"
  398. SceInfGuest = "Guest"
  399. SceInfLocalService = "Local Service"
  400. SceInfNetworkService = "Network Service"
  401. SceInfPowerUsers = "Power Users"
  402. SceInfPrintOp = "Print Operators"
  403. SceInfProgramFiles = "%ProgramFiles%"
  404. SceInfProgramFilesx86 = "%ProgramFiles(x86)%"
  405. SceInfCommonProgramFiles = "%CommonProgramFiles%"
  406. SceInfRemoteDesktopUsers = "Remote Desktop Users"
  407. SceInfReplicator = "Replicator"
  408. SceInfServerOp = "Server Operators"
  409. SceInfUsers = "Users"
  410. SceInfMTSAdmins = "MTS Administrators"
  411. SceInfMTSImpersonators = "MTS Impersonators"
  412. SceInfMTSAdmin = "MTS_Admin"
  413. SCEInfSysdir1 = "edit.com"
  414. SCEInfSysdir2 = "edit.hlp"
  415. SCEInfHelp1 = "signin.hlp"