From: Tim Meddick on
Security "Groups" aren't assigned SIDs - only "Users" - that's why I
stressed adding the "Administrators" Group to the user-list and NOT the
(built-in) user named "Administrator"

Please note again the difference :

Administrators = YES
Administrator = NO

==

Cheers, Tim Meddick, Peckham, London. :-)




"Larry Lindstrom" <larryl_turbo(a)hotmail.com> wrote in message
news:hul2nv$bio$1(a)news.eternal-september.org...
> On 6/7/2010 11:16 AM, Tim Meddick wrote:
>> The fact you gave both OSs the same username / domain is irrelevant.
>>
>> A username on a NT-based Windows OS, is, in effect, a friendly name.
>>
>> For instance, My full username is "Tim" but if you look in the registry,
>> the computer knows me as user :
>> S-1-5-21-1957994488-1004336348-682003330-1003
>>
>> ...a unique ID!! Stands to reason doesn't it? As if there were no unique
>> ID assigned to simple user names, then everyone connected to a network
>> who happened to have the same username would be able to access each
>> other's files!!!
>
> Thanks again Tim:
>
> That does make sense, which is probably the reason your following
> suggestion isn't working. :)
>
>> Is your Win7 account an administrator-level account?
>
> Yes.
>
>> If so, and you still can't gain access to the XP files, then do as I
>> first suggested, but instead of adding "Everyone" add "Administrators"
>> (that's Administrators NOT Administrator) to the users granted access
>> from the root of [c:] drive.
>
> I did, and that doesn't work either. Probably for the same reason
> simple user names don't work. I'm guessing the "Administrators" group on
> the XP boot has a different SID from "Administrators" on the Win7 boot.
> Otherwise, it would be setting itself up for the same vulnerability you
> describe above. All "Administrators" group users of that computer would
> have access to all files of any computer that grant access to
> "Administrators".
>
> When setting up file permissions, with <Properties - Security - Add -
> From this location - Add>. The only location is "DRAGON". I'm guessing
> this identifies a computer. For some reason my other XP, a MediaCenter
> PC, "TFA", is not in the list of locations, even though it is available
> in Window Explore "My Network Places".
>
> Just curious, how would I get "TFA", the other PC's name, in that
> location list.
>
> That's why the subject for this thread is what it is.
>
> Perhaps I misunderstand the purpose of the location list. If I can
> get the Win7 Boot computer referenced in the locations list, is that a
> first step in granting these permissions?
>
> As stated, I appreciate your assistance.
>
> Thanks
> Larry

From: Larry Lindstrom on
On 6/8/2010 12:03 PM, Tim Meddick wrote:
> Security "Groups" aren't assigned SIDs - only "Users" - that's why I
> stressed adding the "Administrators" Group to the user-list and NOT the
> (built-in) user named "Administrator"
>
> Please note again the difference :
>
> Administrators = YES
> Administrator = NO

Thanks Again Tim:

Still no luck.

I went into the drive's root properties, this is actually drive D:,
separate from my C: drive with the system on it.

<Properties - Security - Add>

I've tried different combinations for this window's
"Object Types", this time I left "Built-in security
principals", "Groups" and "Users" all checked.

Then I pasted "Administrators" into the "Enter the
object names to select"

This resulted in the "Group or user names" list adding:

Administrators (DRAGON\Administrators)

I then shut down XP and booted Win7.

The MMC (Microsoft Management Console) was run and "larryl" was
added to the "Administrators" group.

And still no luck.

I have PNG screenshots of all of this. I'm reluctant to post these
in a newsgroup like this. But I can post them if you think it would be
OK, or I could put them on my web page if you think that might be helpful.

I need to spend a day or two on another project. I'll try to keep
an eye on this thread, but responses may be a bit slow.

Thanks
Larry

From: John John - MVP on
Larry Lindstrom wrote:
> On 6/8/2010 12:03 PM, Tim Meddick wrote:
>> Security "Groups" aren't assigned SIDs - only "Users" - that's why I
>> stressed adding the "Administrators" Group to the user-list and NOT the
>> (built-in) user named "Administrator"
>>
>> Please note again the difference :
>>
>> Administrators = YES
>> Administrator = NO
>
> Thanks Again Tim:
>
> Still no luck.

You can't have it both ways, Larry, private is private, either the files
are private or they are not. There is no "peeking" at private folders
and there are no varying levels of privacy, it's all or nothing. From
Windows 7 you would need to take ownership of the folder then grant
yourself adequate access rights to the objects within. I can only
suggest that you use standard NTFS permissions to control access to the
files or that you use encryption or a third party solution. Be sure
that you understand the risks of file loss if you decide to use NTFS
encryption!

John
From: Tim Meddick on
John - the way I see it (the OP's problem) is this ;

I am well aware that he does not want to dismiss the current "private"
status of the XP folders on a dual-boot system.

However, as far as I am aware, making folders "private" does [should] *not*
make those XP folders inaccessible to a user on the Win7 OS who is a member
of the Administrators group!

Members of the Administrators group, on any (previous) NT-based OS, have
access across dual-boot systems, to *any* files and folders on drives
belonging to their opposing OS.

The OP has made sure (partly on my advice) that the folders in question
have been granted Administrators-Group full-access while in the XP OS -
Then, still cannot access those same folders in an Administrator-level user
on the Win7 OS.

Can you explain this anomaly, or do you think this is normal?

==

Cheers, Tim Meddick, Peckham, London. :-)




"John John - MVP" <audetweld(a)nbnet.nb.ca> wrote in message
news:OpdpeV9BLHA.1388(a)TK2MSFTNGP05.phx.gbl...
>
> Larry Lindstrom wrote:
>> On 6/8/2010 12:03 PM, Tim Meddick wrote:
>>> Security "Groups" aren't assigned SIDs - only "Users" - that's why I
>>> stressed adding the "Administrators" Group to the user-list and NOT the
>>> (built-in) user named "Administrator"
>>>
>>> Please note again the difference :
>>>
>>> Administrators = YES
>>> Administrator = NO
>>
>> Thanks Again Tim:
>>
>> Still no luck.
>
> You can't have it both ways, Larry, private is private, either the files
> are private or they are not. There is no "peeking" at private folders
> and there are no varying levels of privacy, it's all or nothing. From
> Windows 7 you would need to take ownership of the folder then grant
> yourself adequate access rights to the objects within. I can only
> suggest that you use standard NTFS permissions to control access to the
> files or that you use encryption or a third party solution. Be sure that
> you understand the risks of file loss if you decide to use NTFS
> encryption!
>
> John

From: Tim Meddick on
Anyone using M$ Outlook Express as their news reader, will be able to view
any images that you post - be they in-line (as part of the text) or as an
attachment - makes no difference.

Many others will be able to view any images you include as well.

Although, I am obliged to stress that it is strictly *not* what is termed;
accepted "netiquette".

However, for expediency, if you did make an exception, and post any images,
I personally would like to see them (an am able to view them as I use
M$-OE)...

==

Cheers, Tim Meddick, Peckham, London. :-)



"Larry Lindstrom" <larryl_turbo(a)hotmail.com> wrote in message
news:hunis2$g7v$1(a)news.eternal-september.org...
> On 6/8/2010 12:03 PM, Tim Meddick wrote:
>> Security "Groups" aren't assigned SIDs - only "Users" - that's why I
>> stressed adding the "Administrators" Group to the user-list and NOT the
>> (built-in) user named "Administrator"
>>
>> Please note again the difference :
>>
>> Administrators = YES
>> Administrator = NO
>
> Thanks Again Tim:
>
> Still no luck.
>
> I went into the drive's root properties, this is actually drive D:,
> separate from my C: drive with the system on it.
>
> <Properties - Security - Add>
>
> I've tried different combinations for this window's
> "Object Types", this time I left "Built-in security
> principals", "Groups" and "Users" all checked.
>
> Then I pasted "Administrators" into the "Enter the
> object names to select"
>
> This resulted in the "Group or user names" list adding:
>
> Administrators (DRAGON\Administrators)
>
> I then shut down XP and booted Win7.
>
> The MMC (Microsoft Management Console) was run and "larryl" was added
> to the "Administrators" group.
>
> And still no luck.
>
> I have PNG screenshots of all of this. I'm reluctant to post these in
> a newsgroup like this. But I can post them if you think it would be OK,
> or I could put them on my web page if you think that might be helpful.
>
> I need to spend a day or two on another project. I'll try to keep an
> eye on this thread, but responses may be a bit slow.
>
> Thanks
> Larry
>