PDA

View Full Version : Vista admin permissions?


FastRedPonyCar
07-12-07, 03:04 PM
I'm listed as a computer admin in vista ultimate yet when I try and make changes to any dll files in the system32 folder, it says I lack the permissions. WTF??

If I right click on system32 folder and go to properties, it says the folder is read only. Unchecking this box pops up an "Access denied" message saying i have to provide admin permissions to make changes. I hit continue and says access denied.

I disabled the user account control to kill the annoying allow or cancel messages and I thought mabey turning that off would fix this but it didn't.

After digging around on google, I discovered that even though I'm listed as an admin, i'm still techically a basic user/admin.

How do I get around this??

JasonPC
07-12-07, 03:22 PM
This is user account control. You are essentially a limited administrator in Vista. You can disable it by pressing Winkey+R, typing msconfig, clicking the tools tab in msconfig, scrolling to Disable UAC, and pressing launch. It's not really recommended to keep it disabled for prolonged use though.

FastRedPonyCar
07-12-07, 06:38 PM
I already disabled the UAC and it's still giving me this message. I tried creating a new user and gave it admin level control and it still gives the same message that I don't have permission.

|MaguS|
07-12-07, 06:53 PM
Some files/folders in Vista are completly protected... I know if I show hidden folders I get these folders I can't even browse.

FastRedPonyCar
07-12-07, 11:13 PM
Well the reason I'm asking is because there's a modification that users can make to the vista theme that requires replacing a few DLL's in that system32 folder and when I try and replace, rename or delete the files already in the folder, I can't.

If I try and go to the individual files' permissions the option to change specific permissions is grayed out and even setting myself as the folder owner/auditor/etc isn't possible.

nekrosoft13
07-12-07, 11:16 PM
Some files/folders in Vista are completly protected... I know if I show hidden folders I get these folders I can't even browse.


if you change permissions you can browse them

evilchris
07-13-07, 12:15 AM
"Trustedinstaller" is the owner of the folder and has full access. Pretty ****ed up group, it runs as a service. You can try taking ownership and modding your own ACL for the admin group, but I haven't used Vista enough to know if this is a bad idea.

f1f0
07-13-07, 04:46 AM
Reboot into Safe Mode and pwn the directory from there.

Started from Windows XP, MS began to limit user's right (even administrators) by putting some special directories/registry keys under another user's control. Its main purpose isn't to limit virus's effects, but to have someone/something to blame if anything went wrong, not Windows itself. As if that wasn't enough, there are some dedicated (kernel) threads just to watch if these "critical" areas get changed and complain/reboot/BSOD the system.

If you'd ask me, that is a dumb way to "improve" stability.

Rakeesh
07-13-07, 05:47 AM
How do I get around this??

Easy, just claim ownership of the files/directories in question, then you can do whatever you want with them.

http://www.howtogeek.com/howto/windows-vista/how-to-delete-a-system-file-in-windows-vista/

Reboot into Safe Mode and pwn the directory from there.

That won't work, the kernel won't allow that operation. In fact, you can't even reboot into XP and delete it from there either, as its kernel won't allow it either. NTFS allows for giving rights to special users that don't normally have any kind of account, and if a file or directory belongs to such an account, then all NT based kernels will not allow you to do anything with that file unless its ownership is changed first.

f1f0
07-13-07, 06:21 AM
That won't work, the kernel won't allow that operation. In fact, you can't even reboot into XP and delete it from there either, as its kernel won't allow it either. NTFS allows for giving rights to special users that don't normally have any kind of account, and if a file or directory belongs to such an account, then all NT based kernels will not allow you to do anything with that file unless its ownership is changed first.

By 'pwning' I meant taking over the file/directory. In normal operation, if a file is being exclusively opened, the system will prevent it from being changed by any other processes, regardless of permission. That's why you sometime have to reboot just to delete a file while "obviously" no one is using it, well, a bug in a user space program can easily confuse the system. The situation is much better handed in *NIXes.

Now that Vista doesn't only set some special files/directories under another user's hand, it also invokes a few threads to watch over those files to ensure nothing goes "wrong". Booting into Safe Mode (hopefully) will bypass those picky eyes.

Until MS decides Safe Mode is not "safe" enough, next time...

Rakeesh
07-13-07, 06:31 AM
Well you don't need to go into safe mode for that either. If you unlock the file handle, you can delete it/rename it/do whatever no matter what has it open.

There are a bunch of programs out there that do this. Here is one such program, it's free too:

http://ccollomb.free.fr/unlocker/

That lock is mostly there to prevent data loss/corruption/BSOD by permitting the program to have exclusive access if it calls for it. A given program doesn't have to lock the file if it doesn't need to, and you can have multiple programs with write access to a single file at a given time if these programs don't call for this kind of lock.

It is good to have this kind of lock if the program is going to be writing to the file in real-time rather than treating it as a database type file whereas changes are in memory until they are periodically (e.g. at a specific event) committed to the file.

f1f0
07-13-07, 08:07 AM
Well you don't need to go into safe mode for that either. If you unlock the file handle, you can delete it/rename it/do whatever no matter what has it open.

There are a bunch of programs out there that do this. Here is one such program, it's free too:

http://ccollomb.free.fr/unlocker/

I'm no longer a Windows user so I don't know how well that applies. Assuming the file in question is being opened in exclusive mode by a running process (which Windows does) , how will the system allow it be *safely* closed?. The whole point of 'reboot-then-delete' procedure is because Windows does not manage these resource well enough (memory and file handle leaking are two prominent examples).

If these apps are able to do such things, it is simply a hack, as much as going into Safe Mode is; and I can hardly imagine they all use the same API in every Windows version.

The last time I tinkered in this area is with Windows' CardSpace files, try your application with one of those.

That lock is mostly there to prevent data loss/corruption/BSOD by permitting the program to have exclusive access if it calls for it. A given program doesn't have to lock the file if it doesn't need to, and you can have multiple programs with write access to a single file at a given time if these programs don't call for this kind of lock.

It is good to have this kind of lock if the program is going to be writing to the file in real-time rather than treating it as a database type file whereas changes are in memory until they are periodically (e.g. at a specific event) committed to the file.

It is fine and dandy, until the program crashes, in a few not-so-uncommon situations, the handle is not released, leaving the system in a undesired state anyway. Why do you need one of these 'unlocker's in the first place?.

FastRedPonyCar
07-13-07, 09:30 AM
Easy, just claim ownership of the files/directories in question, then you can do whatever you want with them.

http://www.howtogeek.com/howto/windows-vista/how-to-delete-a-system-file-in-windows-vista/



That won't work, the kernel won't allow that operation. In fact, you can't even reboot into XP and delete it from there either, as its kernel won't allow it either. NTFS allows for giving rights to special users that don't normally have any kind of account, and if a file or directory belongs to such an account, then all NT based kernels will not allow you to do anything with that file unless its ownership is changed first.

that forum is blocked at work :thumbdwn: Would you mind copy and pasting the soultion if it's not too much?

evilghost
07-13-07, 10:03 AM
I know I could have copy/pasted but you may want the images as well. Looks like you basically take ownership of the file and do a simple cacls (change acls) to issue a Grant to said user with full control.

I'd use the "/E" flag too to edit the permissions instead of replacing them, adding Username to the group.

Want to be really slick:

cacls C:\Path\To\File /E /G %username%:F

FastRedPonyCar
07-13-07, 10:15 AM
I know I could have copy/pasted but you may want the images as well. Looks like you basically take ownership of the file and do a simple cacls (change acls) to issue a Grant to said user with full control.

I'd use the "/E" flag too to edit the permissions instead of replacing them, adding Username to the group.

Want to be really slick:

cacls C:\Path\To\File /E /G %username%:F

I did the "takeown f/ c:\windows\system32" and it worked.

What does the calcs c:\path..etc command do?

Q
07-13-07, 11:57 AM
I've used the GUI to change the owner to myself in order to change/delete system files. This does NOT have to be done in Safe Mode.

Right Click File > Properties
Security Tab > Advanced button
Owner Tab > Change Owner

I then gave my self Full Control permissions.

I haven't had any problems with the files belonging to me, but I'm the only user on the system. You might want to restore the owner after any changes.

|MaguS|
07-14-07, 01:43 PM
What does the calcs c:\path..etc command do?

Installs linux on your machine.