XP Pro "search" feature seems to ignore file permissions

TheMSsForum.com: The Microsoft Software Forum

Hi Guys, I'm messing with settings in my brand new machine, as was
wondering why it seems that XP Pro's "search" feature ignores folder
permissions. For example, I have a user named "user1." If I create a
folder and give him full control of it and deny full control to all
other users on the machine, I'm still able to "search" and see file
names and directory structures that should be off limits.


It just occured to me that maybe this is because I'm checking with my
administrator account, but I explicitly denied administrator
permissions as well.

As a sidenote: I'm running Windows XP Professional, SP2 w/ the latest,
greatest hotfixes (as of November 7th).

Any ideas?
Top

Re: XP Pro "search" feature seems to ignore file permissions by siljaline

siljaline
Mon Nov 08 00:28:49 CST 2004

"G.J." wrote:
> Hi Guys, I'm messing with settings in my brand new machine, as was
> wondering why it seems that XP Pro's "search" feature ignores folder
> permissions. For example, I have a user named "user1." If I create a
> folder and give him full control of it and deny full control to all
> other users on the machine, I'm still able to "search" and see file
> names and directory structures that should be off limits.
>
>
> It just occured to me that maybe this is because I'm checking with my
> administrator account, but I explicitly denied administrator
> permissions as well.
>
> As a sidenote: I'm running Windows XP Professional, SP2 w/ the latest,
> greatest hotfixes (as of November 7th).
>
> Any ideas?

http://support.microsoft.com/default.aspx?scid=kb;en-us;308418

Hope this helps.
Silj

--
siljaline

MS - MVP Windows (IE/OE) 2003/04 AH-VSOP
________________________________________
Security Tools Updates
http://forum.aumha.org/viewforum.php?f=31

(Reply to group, as return address
is invalid - that we may all benefit)


Top

Re: XP Pro "search" feature seems to ignore file permissions by gauss

gauss
Wed Nov 10 09:45:27 CST 2004

"siljaline" <siljaline@nospam.com> wrote in message news:<OnaHxwVxEHA.3808@TK2MSFTNGP15.phx.gbl>...
> "G.J." wrote:
> > Hi Guys, I'm messing with settings in my brand new machine, as was
> > wondering why it seems that XP Pro's "search" feature ignores folder
> > permissions. For example, I have a user named "user1." If I create a
> > folder and give him full control of it and deny full control to all
> > other users on the machine, I'm still able to "search" and see file
> > names and directory structures that should be off limits.
> >
> >
> > It just occured to me that maybe this is because I'm checking with my
> > administrator account, but I explicitly denied administrator
> > permissions as well.
> >
> > As a sidenote: I'm running Windows XP Professional, SP2 w/ the latest,
> > greatest hotfixes (as of November 7th).
> >
> > Any ideas?
>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;308418
>
> Hope this helps.
> Silj
>
> --
> siljaline
>
> MS - MVP Windows (IE/OE) 2003/04 AH-VSOP
> ________________________________________
> Security Tools Updates
> http://forum.aumha.org/viewforum.php?f=31
>
> (Reply to group, as return address
> is invalid - that we may all benefit)

Silj,

Many thanks! I actually am familiar with Windows NT-style file /
directory permissions as a so-called "power user," I suppose -- I've
never had formal training aside from a degree in computer engineering,
which isn't even remotely applicable to windows administration. I
failed to mention my familiarity with the technology. Whoops.

Anyway, The permissions I've got set are that a single user has full
permissions, and that all other groups (including administrators) have
been *denied* full permissions.

Oh, and I turned off the "indexing" service by the way.

Also of note, I turned off the "traversal checking" security policy
for all users experimentally -- in theory that's going to affect other
behaviors of my machine according to a foreboding warning the security
policy editor had built-in, so I'll probably change that back.

What's curious is that with these settings, as my administrator
account, I can't open my secured folder -- it gives me an access
denied message. That's good. However, if I choose to "search" and
specify the folder as the location I want to search, it'll kindly
report back the full directory structure and file names to me, which
may or may not be a problem for others.

Any clues?
G.J.
Top