home *** CD-ROM | disk | FTP | other *** search
/ PC World 2001 July / PCWorld_2001-07_cd.bin / Software / Topware / w2ksp2en / w2ksp2.exe / i386 / dcup.in_ / dcup.inf
Encoding:
Windows Setup INFormation  |  2001-05-04  |  19.3 KB  |  307 lines
  1. ; (c) Microsoft Corporation 1997-2000
  2. ;
  3. ; Security Configuration Template for Security Configuration Editor
  4. ;
  5. ; Template Name:     DCUp.INF
  6. ; Template Version:    05.00.DU.0000
  7. ;
  8. ; Default Template For DC Promo when applied to a 4.0 Upgrade.
  9. ; This template should NOT be used on Workstations or Servers.
  10. ;
  11. ; Revision History
  12. ; 0000    -    Original.
  13.  
  14.  
  15. ; Please DO NOT EDIT version section.
  16. ;
  17. [version]
  18. signature="$CHICAGO$"
  19. revision=1
  20. DriverVer=04/24/2001,5.00.2195.2959
  21.  
  22. ;----------------------------------------------------------------------
  23. ;   Privileges & Rights
  24. ;----------------------------------------------------------------------
  25. ;
  26. ; Setting of privileges & logon rights for well-known users & groups.
  27. ;
  28. ;SeNetworkLogonRight            = Access this computer from the network
  29. ;SeTcbPrivilege                 = Act as part of the operating System           - (Advanced)
  30. ;SeMachineAccountPrivilege      = Add workstations to the domain                - (Advanced)
  31. ;SeBackupPrivilege              = Back up files and directories
  32. ;SeChangeNotifyPrivilege        = Bypass traverse checking                      - (Advanced)
  33. ;SeSystemtimePrivilege          = Change the system time
  34. ;SeCreatePagefilePrivilege      = Create a pagefile                             - (Advanced)
  35. ;SeCreateTokenPrivilege         = Create a token object                         - (Advanced)
  36. ;SeCreatePermanentPrivilege     = Create permanent shared objects               - (Advanced)
  37. ;SeDebugPrivilege               = Debug programs                                - (Advanced)
  38. ;SeRemoteShutdownPrivilege      = Force shutdown from a remote system
  39. ;SeAuditPrivilege               = Generate security audits                      - (Advanced)
  40. ;SeIncreaseQuotaPrivilege       = Increase quotas                               - (Advanced)
  41. ;SeIncreaseBasePriorityPrivilege= Increase scheduling priority                  - (Advanced)
  42. ;SeLoadDriverPrivilege          = Load and unload device drivers
  43. ;SeLockMemoryPrivilege          = Lock pages in memory                          - (Advanced)
  44. ;SeBatchLogonRight              = Log on as a batch job                         - (Advanced)
  45. ;SeServiceLogonRight            = Log on as a service                           - (Advanced)
  46. ;SeInteractiveLogonRight        = Log on locally                                - (Advanced)
  47. ;SeSecurityPrivilege            = Manage auditing and security log              - (Advanced)
  48. ;SeSystemEnvironmentPrivilege   = Modify firmware environment variables         - (Advanced)
  49. ;SeProfileSingleProcessPrivilege= Profile single process                        - (Advanced)
  50. ;SeSystemProfilePrivilege       = Profile system performance                    - (Advanced)
  51. ;SeAssignPrimaryTokenPrivilege  = Replace a process-level token                 - (Advanced)
  52. ;SeRestorePrivilege             = Restore files and directories
  53. ;SeShutdownPrivilege            = Shut down the system
  54. ;SeTakeOwnershipPrivilege       = Take ownership of files or other objects
  55. ;SeUnsolicitedInputPrivilege                                                    - (Advanced)
  56. ;
  57. [Privilege Rights]
  58. ;Remove Power User from everything to force engine to recalculate existing rights
  59. ;and add to default dC GPO.  Adds only for rights that did not exist on NT4 or
  60. ;which have modified defaults for NT5.
  61. SeAssignPrimaryTokenPrivilege = Remove:, %SceInfPowerUsers%
  62. SeAuditPrivilege = Remove:, %SceInfPowerUsers%
  63. SeBackupPrivilege = Remove:, %SceInfPowerUsers%
  64. SeBatchLogonRight = Remove:, %SceInfPowerUsers%
  65. SeChangeNotifyPrivilege = Remove:, %SceInfBackupOp%, %SceInfPowerUsers%, %SceInfUsers%
  66. SeCreatePagefilePrivilege = Remove:, %SceInfPowerUsers%
  67. SeCreatePermanentPrivilege = Remove:, %SceInfPowerUsers%
  68. SeCreateTokenPrivilege = Remove:, %SceInfPowerUsers%
  69. SeDebugPrivilege = Remove:, %SceInfPowerUsers%
  70. SeIncreaseBasePriorityPrivilege = Remove:, %SceInfPowerUsers%
  71. SeIncreaseQuotaPrivilege = Remove:, %SceInfPowerUsers%
  72. SeInteractiveLogonRight = Remove:, %SceInfPowerUsers%, %SceInfAuthUsers%, %SceInfGuests%, %SceInfGuest%, %SceInfUsers%, %SceInfEveryone%
  73. SeLoadDriverPrivilege = Remove:, %SceInfPowerUsers%
  74. SeLockMemoryPrivilege = Remove:, %SceInfPowerUsers%
  75. SeNetworkLogonRight = Add:, %SceInfAuthUsers%, Remove:, %SceInfBackupOp%, %SceInfPowerUsers%, %SceInfGuests%, %SceInfGuest%, %SceInfUsers%
  76. SeProfileSingleProcessPrivilege = Remove:, %SceInfPowerUsers%
  77. SeRemoteShutdownPrivilege = Remove:, %SceInfPowerUsers%
  78. SeRestorePrivilege = Remove:, %SceInfPowerUsers%
  79. SeSecurityPrivilege = Remove:, %SceInfPowerUsers%
  80. SeServiceLogonRight = Remove:, %SceInfPowerUsers%
  81. SeShutdownPrivilege = Remove:, %SceInfPowerUsers%, %SceInfAuthUsers%, %SceInfGuests%, %SceInfGuest%, %SceInfUsers%, %SceInfEveryone%
  82. SeSystemEnvironmentPrivilege = Remove:, %SceInfPowerUsers%
  83. SeSystemProfilePrivilege = Remove:, %SceInfPowerUsers%
  84. SeSystemTimePrivilege = Remove:, %SceInfPowerUsers%
  85. SeTakeOwnershipPrivilege = Remove:, %SceInfPowerUsers%
  86. SeTcbPrivilege = Remove:, %SceInfPowerUsers%
  87. ;
  88. SeDenyInteractiveLogonRight = Remove:, %SceInfPowerUsers%
  89. SeDenyBatchLogonRight = Remove:, %SceInfPowerUsers%
  90. SeDenyServiceLogonRight = Remove:, %SceInfPowerUsers%
  91. SeDenyNetworkLogonRight = Remove:, %SceInfPowerUsers%
  92. ;
  93. SeEnableDelegationPrivilege = Add:, %SceInfAdmins%, Remove:, %SceInfPowerUsers%
  94. SeMachineAccountPrivilege = Add:, %SceInfAuthUsers%, Remove:, %SceInfPowerUsers%
  95. SeSyncAgentPrivilege = Remove:, %SceInfPowerUsers%
  96. SeUndockPrivilege = Add:, %SceInfAdmins%, Remove:, %SceInfPowerUsers%, %SceInfUsers%
  97.  
  98. ;----------------------------------------------------------------
  99. ;Registry Values
  100. ;----------------------------------------------------------------
  101. [Registry Values]
  102. ; Registry value name in full path = Type, Value
  103. ; REG_SZ                      ( 1 )
  104. ; REG_EXPAND_SZ               ( 2 )  // with environment variables to expand
  105. ; REG_BINARY                  ( 3 )
  106. ; REG_DWORD                   ( 4 )
  107. ; REG_MULTI_SZ                ( 7 )
  108.  
  109. ;Copied to Default DC GPO
  110. ;We need to make sure Server-Side Packet Signing is on in the DC case.
  111. ;The rest of the registry values are maintained from the server.
  112. MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableSecuritySignature=4,1
  113.  
  114.  
  115. [Registry Keys]
  116.  
  117. "MACHINE\SOFTWARE",2,"D:P(A;CI;GR;;;AU)(A;CI;GRGWSD;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  118.  
  119. ;We have to update classes root because server sets PU there.
  120. "MACHINE\SOFTWARE\Classes",2,"D:(A;CI;GR;;;WD)"
  121.  
  122. "MACHINE\SOFTWARE\Microsoft\Command Processor",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  123.  
  124. "MACHINE\SOFTWARE\Microsoft\Cryptography",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  125. "MACHINE\SOFTWARE\Microsoft\Driver Signing",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  126. "MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  127. "MACHINE\SOFTWARE\Microsoft\Non-Driver Signing",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  128. "MACHINE\SOFTWARE\Microsoft\NetDDE",2,"D:P(A;CI;GA;;;BA)(A;CI;GA;;;SY)"
  129. "MACHINE\SOFTWARE\Microsoft\NTDS",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  130. "MACHINE\SOFTWARE\Microsoft\Ole",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  131. "MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider",1,"D:AR"
  132. "MACHINE\SOFTWARE\Microsoft\Rpc",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  133. "MACHINE\SOFTWARE\Microsoft\SystemCertificates",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  134.  
  135. "MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders",2,"D:P(A;CI;GR;;;BU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  136. "MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  137. "MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  138. "MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  139. "MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  140.  
  141. ;Don't overwrite the following keys which are protected and secured by the component
  142. "MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy",1,"D:AR"
  143. "MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer",1,"D:AR"
  144. "MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies",1,"D:AR"
  145.  
  146. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion",2,"D:(A;CI;GR;;;WD)"
  147. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  148. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  149. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AsrCommands",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GRGWSD;;;BO)"
  150. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Classes",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  151. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  152. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EFS",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  153. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Font Drivers",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  154. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontMapper",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  155. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  156. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  157. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib",2,"D:P(A;CI;GR;;;IU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  158. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009",1,"D:AR"
  159. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  160. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SecEdit",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  161. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  162. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  163. "MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  164.  
  165. "MACHINE\SOFTWARE\Policies",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  166.  
  167. "MACHINE\SYSTEM",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  168.  
  169. "MACHINE\SYSTEM\Clone",1,"D:AR"
  170.  
  171. "MACHINE\SYSTEM\ControlSet001",1,"D:AR"
  172. "MACHINE\SYSTEM\ControlSet002",1,"D:AR"
  173. "MACHINE\SYSTEM\ControlSet003",1,"D:AR"
  174. "MACHINE\SYSTEM\ControlSet004",1,"D:AR"
  175. "MACHINE\SYSTEM\ControlSet005",1,"D:AR"
  176. "MACHINE\SYSTEM\ControlSet006",1,"D:AR"
  177. "MACHINE\SYSTEM\ControlSet007",1,"D:AR"
  178. "MACHINE\SYSTEM\ControlSet008",1,"D:AR"
  179. "MACHINE\SYSTEM\ControlSet009",1,"D:AR"
  180. "MACHINE\SYSTEM\ControlSet010",1,"D:AR"
  181.  
  182. "MACHINE\SYSTEM\CurrentControlSet\Control",2,"D:P(A;CI;GR;;;AU)(A;CI;GRGWSD;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  183.  
  184.  
  185. "MACHINE\SYSTEM\CurrentControlSet\Control\Class",1,"D:AR"
  186. "MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout",2,"D:(A;CI;GR;;;WD)"
  187. "MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts",2,"D:(A;CI;GR;;;WD)"
  188. "MACHINE\SYSTEM\CurrentControlSet\Control\GraphicsDrivers",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  189. "MACHINE\SYSTEM\CurrentControlSet\Control\LSA",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  190. "MACHINE\SYSTEM\CurrentControlSet\Control\PriorityControl",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  191. "MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)"
  192. "MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg",2,"D:P(A;CI;GA;;;BA)(A;CI;GR;;;BO)"
  193. "MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Security",2,"D:P(A;CI;GR;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  194.  
  195. ;Allowed Paths
  196. "MACHINE\SYSTEM\CurrentControlSet\Control\Computername",2,"D:(A;CI;GR;;;WD)"
  197. "MACHINE\SYSTEM\CurrentControlSet\Control\ContentIndex",2,"D:(A;CI;GR;;;WD)"
  198. "MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions",2,"D:(A;CI;GR;;;WD)"
  199. "MACHINE\SYSTEM\CurrentControlSet\Control\Print\Printers",2,"D:(A;CI;GR;;;WD)"
  200. "MACHINE\SYSTEM\CurrentControlSet\Services\EventLog",2,"D:(A;CI;GR;;;WD)"
  201. "MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip",2,"D:(A;CI;GR;;;WD)"
  202.  
  203. "MACHINE\SYSTEM\CurrentControlSet\Enum",1,"D:AR"
  204.  
  205. "MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles",1,"D:AR"
  206.  
  207. "MACHINE\SYSTEM\CurrentControlSet\Services",2,"D:P(A;CI;GR;;;AU)(A;CI;GRGWSD;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  208. "MACHINE\SYSTEM\CurrentControlSet\Services\EventLog",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  209. "MACHINE\SYSTEM\CurrentControlSet\Services\KDC",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  210. "MACHINE\SYSTEM\CurrentControlSet\Services\NTDS",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  211. "MACHINE\SYSTEM\CurrentControlSet\Services\NTFRS",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  212.  
  213. "MACHINE\SYSTEM\CurrentControlSet\Services\WinTrust",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  214.  
  215. "USERS\.DEFAULT",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"
  216. "USERS\.DEFAULT\Software\Microsoft\NetDDE",2,"D:P(A;CI;GA;;;BA)(A;CI;GA;;;SY)"
  217. "USERS\.DEFAULT\SOFTWARE\Microsoft\Protected Storage System Provider",1,"D:AR"
  218.  
  219.  
  220. [File Security]
  221.  
  222. ;---------------------------------------------------------------------------------------
  223. ;x86 Boot Files
  224. ;---------------------------------------------------------------------------------------
  225. "c:\boot.ini",2,"D:P(A;;GRGWGXSD;;;SO)(A;;GA;;;BA)(A;;GA;;;SY)"
  226. "c:\ntdetect.com",2,"D:P(A;;GRGWGXSD;;;SO)(A;;GA;;;BA)(A;;GA;;;SY)"
  227. "c:\ntldr",2,"D:P(A;;GRGWGXSD;;;SO)(A;;GA;;;BA)(A;;GA;;;SY)"
  228. "c:\ntbootdd.sys",2,"D:P(A;;GRGWGXSD;;;SO)(A;;GA;;;BA)(A;;GA;;;SY)"
  229. "c:\autoexec.bat",2,"D:P(A;;GRGX;;;AU)(A;;GRGWGXSD;;;SO)(A;;GA;;;BA)(A;;GA;;;SY)"
  230. "c:\config.sys",2,"D:P(A;;GRGX;;;AU)(A;;GRGWGXSD;;;SO)(A;;GA;;;BA)(A;;GA;;;SY)"
  231.  
  232. ;---------------------------------------------------------------------------------------------
  233. ;System Drive (\)
  234. ;---------------------------------------------------------------------------------------------
  235. "%PF%",2,"D:P(A;CIOI;GRGX;;;AU)(A;CIOI;GRGWGXSD;;;SO)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  236.  
  237. ;---------------------------------------------------------------------------------------------
  238. ;System Root (Typically \WINNT)
  239. ;---------------------------------------------------------------------------------------------
  240. "%SystemRoot%",2,"D:P(A;CIOI;GRGX;;;AU)(A;CIOI;GRGWGXSD;;;SO)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)(A;;GRGX;;;WD)"
  241. "%SystemRoot%\Debug\UserMode",2,"D:PAR(A;;0x00100023;;;AU)(A;OIIO;0x00100006;;;AU)(A;CIOI;GRGWGXSD;;;SO)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)"
  242. "%SystemRoot%\explorer.exe",2,"D:(A;;GRGX;;;WD)"
  243. "%SystemRoot%\Installer",1,"D:AR"
  244. "%SystemRoot%\Profiles",1,"D:AR"
  245. "%SystemRoot%\repair",2,"D:P(A;CI;GRGX;;;AU)(A;CIOI;GRGWGXSD;;;SO)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  246. "%SystemRoot%\security",2,"D:P(A;CIOI;GRGX;;;AU)(A;CIOI;GRGX;;;SO)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)"
  247. "%Systemroot%\tasks",1,"D:AR"
  248. "%SystemRoot%\Temp",2,"D:P(A;CI;0x100026;;;AU)(A;CIOI;GRGWGXSD;;;SO)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  249.  
  250. ;---------------------------------------------------------------------------------------------
  251. ;System Directory (Typically \Winnt\System32)
  252. ;---------------------------------------------------------------------------------------------
  253. "%SystemDirectory%",2,"D:P(A;CIOI;GRGX;;;AU)(A;CIOI;GRGWGXSD;;;SO)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)(A;OINP;GRGX;;;WD)"
  254. "%SystemDirectory%\config",2,"D:P(A;CI;GRGX;;;AU)(A;CI;GRGX;;;SO)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  255. "%SystemDirectory%\dhcp",2,"D:P(A;CIOI;GRGX;;;AU)(A;CIOI;GRGX;;;SO)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  256. "%SystemDirectory%\dllcache",2,"D:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)"
  257. "%SystemDirectory%\ias",2,"D:P(A;CIOI;GRGWGXSD;;;SO)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  258. "%SystemDirectory%\GroupPolicy",2,"D:P(A;CIOI;GRGX;;;AU)(A;CIOI;GRGX;;;SO)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  259. "%SystemDirectory%\NTMSData",1,"D:AR"
  260. "%SystemDirectory%\spool",2,"D:(A;CIOI;GA;;;PO)"
  261.  
  262. "%SystemDirectory%\Autoexec.nt",2,"D:P(A;;GRGX;;;AU)(A;;GRGWGXSD;;;SO)(A;;GA;;;BA)(A;;GA;;;SY)"
  263. "%SystemDirectory%\CMOS.RAM",2,"D:P(A;;GRGX;;;AU)(A;;GRGWGXSD;;;SO)(A;;GA;;;BA)(A;;GA;;;SY)"
  264. "%SystemDirectory%\Config.nt",2,"D:P(A;;GRGX;;;AU)(A;;GRGWGXSD;;;SO)(A;;GA;;;BA)(A;;GA;;;SY)"
  265. "%SystemDirectory%\Midimap.cfg",2,"D:P(A;;GRGX;;;AU)(A;;GRGWGXSD;;;SO)(A;;GA;;;BA)(A;;GA;;;SY)"
  266.  
  267. "%SystemDirectory%\hpmon.dll",2,"D:(A;;GRGWGXSD;;;PO)"
  268. "%SystemDirectory%\hpmon.hlp",2,"D:(A;;GRGWGXSD;;;PO)"
  269.  
  270. ;---------------------------------------------------------------------------------------------
  271. ;DS Data and Log Directories.  THESE ENVIRONMENT VARIABLES EXIST ONLY DURING DCPROMO
  272. ;---------------------------------------------------------------------------------------------
  273. "%DSDIT%",2,"D:P(A;CIOI;GA;;;SY)(A;CIOI;GA;;;BA)"
  274. "%DSLOG%",2,"D:P(A;CIOI;GA;;;SY)(A;CIOI;GA;;;BA)"
  275.  
  276. ;---------------------------------------------------------------------------------------------
  277. ;Sysvol.                        THIS ENVIRONMENT VARIABLE EXISTS ONLY DURING DCPROMO
  278. ;---------------------------------------------------------------------------------------------
  279. "%Sysvol%",2,"D:P(A;CIOI;GRGX;;;AU)(A;CIOI;GRGX;;;SO)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
  280. "%Sysvol%\domain\policies",2,"D:P(A;CIOI;GRGX;;;AU)(A;CIOI;GRGX;;;SO)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)(A;CIOI;GRGWGXSD;;;PA)"
  281.  
  282. [Strings]
  283. PF = %ProgramFiles%
  284. CF = %CommonProgramFiles%
  285. SceInfAdministrator = Administrator
  286. SceInfAdmins = Administrators
  287. SceInfAcountOp = Account Operators
  288. SceInfAuthUsers = Authenticated Users
  289. SceInfBackupOp = Backup Operators
  290. SceInfDomainAdmins = Domain Admins
  291. SceInfDomainGuests = Domain Guests
  292. SceInfDomainUsers = Domain Users
  293. SceInfEveryone = Everyone
  294. SceInfGuests = Guests
  295. SceInfGuest = Guest
  296. SceInfPowerUsers = Power Users
  297. SceInfPrintOp = Print Operators
  298. SceInfReplicator = Replicator
  299. SceInfServerOp = Server Operators
  300. SceInfUsers = Users
  301. SceInfMTSAdmins = MTS Administrators
  302. SceInfMTSImpersonators = MTS Impersonators
  303. SceInfMTSAdmin = MTS_Admin
  304. SCEInfSysdir1 = edit.com
  305. SCEInfSysdir2 = edit.hlp
  306. SCEInfHelp1 = signin.hlp
  307.