none
SteadyState Overwriting NTFS Permissions RRS feed

  • Question

  • Hi.

    I am creating a new image for a Lab/Public computer environment. I am running into an issue with getting the permission to change on the KioskUser account to restrict the desktop folder. I set it to Read & Execute and when I log off as the admin and login as the user the permissions reset to Full control.

    WDP is currently turned-off and I have no other settings in place. When I uninstall SteadyState 2.5 this issue doesn't occur.

    Any suggestions as to why this is happening?
    Wednesday, June 24, 2009 10:20 PM

Answers

  • Hi, thanks for the post. I can repro the issue on my test machine. However, if you want to restrict users especially on desktop folder, you can try the following restriction in Windows SteadyState:

     

    User Settings – Windows Restrictions – General Restrictions – Prevent users from saving files to the desktop

     

    Hope this helps!


    Sean Zhu - MSFT
    Friday, June 26, 2009 3:51 AM
    Moderator
  • Sean thanks for taking the time to try and duplicate the problem - glad I am not going nuts...

    I have been spending a fair amount of time looking into this issue. It appears that when SteadyState is installed it resets the default permissions on the NTFS file structure for the user profiles only. The only reasoning I can come up with for this action is to ensure that SteadyState (WSS) works properly after it is installed.

    FYI - even if you disable inheritance permissions will always roll back to Full Control for the user regardless.

    Because the Desktop items (specifically shortcuts & icons) are restored when you logoff & logon again - it will work for what my company intends to use it for.

    On a side note, SteadyState does not affect all permission - just the user profiles. Changes to permission on Folders outside the documents and settings folders hold true. (If you were interested...) For example, I can still make changes to the registry permissions for users, system folders, program folders, etc.

    The real downer was Microsoft not mentioning that side effect in the product notes... but we will adapt and overcome.


    Thanks again!
    Friday, June 26, 2009 8:04 PM

All replies

  • Hi, thanks for the post. I can repro the issue on my test machine. However, if you want to restrict users especially on desktop folder, you can try the following restriction in Windows SteadyState:

     

    User Settings – Windows Restrictions – General Restrictions – Prevent users from saving files to the desktop

     

    Hope this helps!


    Sean Zhu - MSFT
    Friday, June 26, 2009 3:51 AM
    Moderator
  • Sean thanks for taking the time to try and duplicate the problem - glad I am not going nuts...

    I have been spending a fair amount of time looking into this issue. It appears that when SteadyState is installed it resets the default permissions on the NTFS file structure for the user profiles only. The only reasoning I can come up with for this action is to ensure that SteadyState (WSS) works properly after it is installed.

    FYI - even if you disable inheritance permissions will always roll back to Full Control for the user regardless.

    Because the Desktop items (specifically shortcuts & icons) are restored when you logoff & logon again - it will work for what my company intends to use it for.

    On a side note, SteadyState does not affect all permission - just the user profiles. Changes to permission on Folders outside the documents and settings folders hold true. (If you were interested...) For example, I can still make changes to the registry permissions for users, system folders, program folders, etc.

    The real downer was Microsoft not mentioning that side effect in the product notes... but we will adapt and overcome.


    Thanks again!
    Friday, June 26, 2009 8:04 PM