Author Topic: A security problem?  (Read 8564 times)

0 Members and 1 Guest are viewing this topic.

Offline Bellzemos

  • Avast Evangelist
  • Poster
  • ***
  • Posts: 621
A security problem?
« on: April 04, 2011, 12:09:01 AM »
Hello!

I think I made a mistake, please hlep if you can.

I wanted to have access to all the files & folders in Windows 7 (like I had in Windows XP before). I found some instructions on the web on how to do this.

I made a right-click on the C:\ (system disk), Properties, Security tab, Advanced, Owner tab, Edit... and then I chose Administrators, put a tick on Replace owner on subcontainers and objects and then clicked OK.

The ownership got changed for all the files and folders (except for some Avast! files and paging files). Now I can access all folders, even the System Volume Information folder.

I'm afraid that I compromised my PC's security. Practically, did I really make my PC less safe by applying this change? I am aware of the possibility of deleting an important system file/folder by my mistake, but is there more danger?

Thank you.
Intel Core i7 Q 740 @ 1.73 GHz, 6 GB RAM, Windows 7 Ultimate x64 SP1, Avast! Free Antivirus, Malwarebytes Anti-Malware (free version) and Sandboxie (paid version).

Hermite15

  • Guest
Re: A security problem?
« Reply #1 on: April 04, 2011, 12:24:51 AM »
you just really really messed up ::) you should never have done that. It's almost impossible to correct globally as many system folders don't have inherited owners and/or rights, meaning that you can't correct the damage globally. Thanks god you didn't do the same for access rights ;D ... you would have experienced a few access denied...
 

 Okay, either you leave it as it is now, or you re-install Windows ;)

ps: or try a system restore, but I don't think that this will correct your changes...

edit: the danger is that some folders are owned by system accounts, trusted installer etc...... not sure about the security implications when you change the ownership to usable (by users) accounts like admin etc...
« Last Edit: April 04, 2011, 12:27:36 AM by Logos »

doktornotor

  • Guest
Re: A security problem?
« Reply #2 on: April 04, 2011, 12:44:25 AM »
Eh... There are some templates to apply default permissions, but those of course cover only a pristine Windows install, not anything installed after that.  ::)

Offline Bellzemos

  • Avast Evangelist
  • Poster
  • ***
  • Posts: 621
Re: A security problem?
« Reply #3 on: April 04, 2011, 12:49:24 AM »
Here's where I read about how to get access and then tried it on the root of my drive: http://windows.microsoft.com/en-US/windows-vista/Troubleshoot-access-denied-when-opening-files-or-folders

Someone from an other forum wrote me that I should expect big trouble. If someone can tell me: should I reinstall (repair?) Windows ASAP or just leave all as it is? I'm aware now that I really messed it up and am sorry. Is it possible that I'll be just fine (and safe!) with settings as they are now? I really don't want to reinstall Windows if it isn't necessary.

Thanx...
Intel Core i7 Q 740 @ 1.73 GHz, 6 GB RAM, Windows 7 Ultimate x64 SP1, Avast! Free Antivirus, Malwarebytes Anti-Malware (free version) and Sandboxie (paid version).

doktornotor

  • Guest
Re: A security problem?
« Reply #4 on: April 04, 2011, 12:53:15 AM »
The templates are called defltbase.inf or defltwk.inf - located in %systemroot%\inf\ (these are identical on my system) and can be applied via secedit tool. Using those you might get some basic sanity back. Not a complete fix anyway.

Run the following in an elevated command prompt:

Code: [Select]
secedit /configure /db %temp%\temp.sdb /cfg %systemroot%\inf\defltwk.inf /areas filestore

(Note: At your own risk, of course. Cannot be much worse anyway.) :P
« Last Edit: April 04, 2011, 12:56:45 AM by doktornotor »

Hermite15

  • Guest
Re: A security problem?
« Reply #5 on: April 04, 2011, 01:00:27 AM »
http://support.microsoft.com/kb/313222

I think I've tried that once ages ago and I didn't get the expected results...

anyway, a must read:

Quote
Limitations of importing default security templates:

The previous version of this article states a method to use the “secedit /configure” command with the caveat that the procedure does not restore all security settings that are applied when you install Windows and may result in unforeseen consequences.



The use of “secedit /configure” to import the default security template, dfltbase.inf, is unsupported nor is it a viable method to restore default security permissions on Windows Vista, Windows 7, Windows Server 2008 and Windows Server 2008 R2 computers.

Beginning with Windows Vista, the method to apply the security during operating system setup changed. Specifically, security settings consisted of settings defined in deftbase.inf augmented by settings applied by the operating installation process and server role installation. Because there is no supported process to replay the permissions made by the operating system setup, the use of the “secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose” command line is no longer capable of resetting all security defaults and may even result in the operating system becoming unstable.

doktornotor

  • Guest
Re: A security problem?
« Reply #6 on: April 04, 2011, 01:02:24 AM »
As I said, this is the only way to restore at least basic sanity. There is nothing better available and the only real alternative is image restore or reinstall. Sorry.
« Last Edit: April 04, 2011, 01:03:55 AM by doktornotor »

Hermite15

  • Guest
Re: A security problem?
« Reply #7 on: April 04, 2011, 01:03:58 AM »
As I said, this is the only way to restore at least basic sanity. There is nothing better available and the only real alternative is reinstall. Sorry.


so unless he's got a backup to restore from, he should re-run a full Windows setup. Well that's what I would do.

Offline Bellzemos

  • Avast Evangelist
  • Poster
  • ***
  • Posts: 621
Re: A security problem?
« Reply #8 on: April 04, 2011, 01:08:43 AM »
Can someone explain to me why what I did is so bad? What exactly have I changed? I (administrator and only user of my PC) have access to (read, modify, delete...) all the files and folders on my HDD. What else has changed when I did what I did? What kind of problems should I expect? Anyone knows for sure about this stuff?
Intel Core i7 Q 740 @ 1.73 GHz, 6 GB RAM, Windows 7 Ultimate x64 SP1, Avast! Free Antivirus, Malwarebytes Anti-Malware (free version) and Sandboxie (paid version).

doktornotor

  • Guest
Re: A security problem?
« Reply #9 on: April 04, 2011, 01:30:38 AM »
Yeah, it is a real security issue. E.g. for files owned by TrustedInstaller, the members of Administrators group have read-only access user rights. Basically, what you have done completely messes up UAC (among others).

Hermite15

  • Guest
Re: A security problem?
« Reply #10 on: April 04, 2011, 01:34:12 AM »
@theOP: It's not just about security risks, but possible malfunction of the system. For instance Windows folder is owned by "trusted installer"... Once you've changed this you cannot restore the default, as trusted installer is not offered. There are built in accounts you're just not supposed to interfere with.

Read this if you want: http://social.technet.microsoft.com/Forums/en-US/w7itproinstall/thread/7ccf572d-9246-4ac4-b8b9-1e6947e9cda6/
« Last Edit: April 04, 2011, 01:36:36 AM by Logos »

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48524
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: A security problem?
« Reply #11 on: April 04, 2011, 02:05:58 AM »
Maybe the next time you'll ask first before making such a global change and see what advice you get.  ;)
At this point hopefully you have an image that you can restore if not,
Save your data and re-install windows.
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline Bellzemos

  • Avast Evangelist
  • Poster
  • ***
  • Posts: 621
Re: A security problem?
« Reply #12 on: April 07, 2011, 08:38:59 PM »
Yes, I made a stupid decision without asking first. I formatted my HDD and installed Windows again. I will leave those permissions as they are (but I still don't like the feeling of not being able to look into all the folders on my HDD). I have another question: is it OK/safe to have UAC settings set to Never notify (I don't like the constant popups) or not?
Intel Core i7 Q 740 @ 1.73 GHz, 6 GB RAM, Windows 7 Ultimate x64 SP1, Avast! Free Antivirus, Malwarebytes Anti-Malware (free version) and Sandboxie (paid version).

YoKenny

  • Guest
Re: A security problem?
« Reply #13 on: April 07, 2011, 09:04:18 PM »
Set it to Default (Without Dimming) - As above, but won't dim your desktop when displaying the alert.
http://www.w7forums.com/configure-windows-7-uac-t1553.html

Offline Bellzemos

  • Avast Evangelist
  • Poster
  • ***
  • Posts: 621
Re: A security problem?
« Reply #14 on: April 07, 2011, 11:15:13 PM »
Thanx for the suggestion. Windows XP had no UAC system, right? Only a possibility to login as an admin or a normal user (without admin rights). So, if I completly turn off UAC in Windows 7 it's the same as if I would be still using Windows XP (secure-wise)?
Intel Core i7 Q 740 @ 1.73 GHz, 6 GB RAM, Windows 7 Ultimate x64 SP1, Avast! Free Antivirus, Malwarebytes Anti-Malware (free version) and Sandboxie (paid version).