Guest Tom Posted January 23, 2009 Posted January 23, 2009 Hope this is the right place for a UAC question I have a Vista64 Ultimate system. A few weeks after the initial build, I determined that the hard disk was bad as it would hang until it had run and warmed up for quite a while. Purchased a new hard disk and reinstalled windows. As part of the "new" install, I used an 8Gig USB drive to transfer personal files (including Favorites) from the old system/hard disk to the new one. Process was to boot up windows on the old hard disk, transfer files to the USB drive, boot up windows on the new hard disk and transfer the files from the USB drive to the new C: drive. The new hard disk/system is working fine except I cannot add new bookmarks/favorites to favorite folders I transferred when surfing the net. With UAC ON, I get the following error: Unable to Create "internet site" Unspecified Error when trying to save or paste a new internet site/url to folders I transferred from the old hard disk. Files CAN be saved directly to the Favorites directory. With UAC OFF, all favorite saves work as expected. I have tried "taking ownership" of each and every folder in the Favorites directory, but the problem remains. I would really like to use UAC for what its worth, but the problem of not being able to save URLs without turning UAC off and rebooting makes it REALLY hard. Quote
Guest Tom Posted January 30, 2009 Posted January 30, 2009 Guess nobody here knows how to manipulate UAC without turning it off??? Tom "Tom" <DontSpamMr_tsquare@hotmail.com> wrote in message news:1725F8F6-4233-4AA0-A73E-A79A5418868E@microsoft.com...<span style="color:blue"> > Hope this is the right place for a UAC question > > I have a Vista64 Ultimate system. A few weeks after the initial build, I > determined that the hard disk was bad as it would hang until it had run > and warmed up for quite a while. Purchased a new hard disk and > reinstalled windows. As part of the "new" install, I used an 8Gig USB > drive to transfer personal files (including Favorites) from the old > system/hard disk to the new one. Process was to boot up windows on the > old hard disk, transfer files to the USB drive, boot up windows on the > new hard disk and transfer the files from the USB drive to the new C: > drive. > > The new hard disk/system is working fine except I cannot add new > bookmarks/favorites to favorite folders I transferred when surfing the > net. With UAC ON, I get the following error: > > Unable to Create "internet site" > Unspecified Error > > when trying to save or paste a new internet site/url to folders I > transferred from the old hard disk. Files CAN be saved directly to the > Favorites directory. With UAC OFF, all favorite saves work as expected. > > I have tried "taking ownership" of each and every folder in the Favorites > directory, but the problem remains. I would really like to use UAC for > what its worth, but the problem of not being able to save URLs without > turning UAC off and rebooting makes it REALLY hard. </span> Quote
Guest FromTheRafters Posted January 30, 2009 Posted January 30, 2009 Perhaps you could try turning MIC off temporarily to see if that affects your issue? HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableMIC. I believe turning this off will defeat 'protected mode' IE, but not all of UAC. Have you tried support yet? "Tom" <DontSpamMr_tsquare@hotmail.com> wrote in message news:73BC4102-A95B-438F-A30B-45CCC57D7F5F@microsoft.com...<span style="color:blue"> > Guess nobody here knows how to manipulate UAC without turning it off??? > > Tom > > > "Tom" <DontSpamMr_tsquare@hotmail.com> wrote in message > news:1725F8F6-4233-4AA0-A73E-A79A5418868E@microsoft.com...<span style="color:green"> >> Hope this is the right place for a UAC question >> >> I have a Vista64 Ultimate system. A few weeks after the initial build, I >> determined that the hard disk was bad as it would hang until it had run >> and warmed up for quite a while. Purchased a new hard disk and >> reinstalled windows. As part of the "new" install, I used an 8Gig USB >> drive to transfer personal files (including Favorites) from the old >> system/hard disk to the new one. Process was to boot up windows on the >> old hard disk, transfer files to the USB drive, boot up windows on the >> new hard disk and transfer the files from the USB drive to the new C: >> drive. >> >> The new hard disk/system is working fine except I cannot add new >> bookmarks/favorites to favorite folders I transferred when surfing the >> net. With UAC ON, I get the following error: >> >> Unable to Create "internet site" >> Unspecified Error >> >> when trying to save or paste a new internet site/url to folders I >> transferred from the old hard disk. Files CAN be saved directly to the >> Favorites directory. With UAC OFF, all favorite saves work as expected. >> >> I have tried "taking ownership" of each and every folder in the Favorites >> directory, but the problem remains. I would really like to use UAC for >> what its worth, but the problem of not being able to save URLs without >> turning UAC off and rebooting makes it REALLY hard.</span> > </span> Quote
Guest Dave Posted January 30, 2009 Posted January 30, 2009 http://www.tweak-uac.com/home/ -- Windows 7 beta http://get.live.com/wlmail/overview http://download.live.com/wlmail "Tom" <DontSpamMr_tsquare@hotmail.com> wrote in message news:73BC4102-A95B-438F-A30B-45CCC57D7F5F@microsoft.com...<span style="color:blue"> > Guess nobody here knows how to manipulate UAC without turning it off??? > > Tom > > > "Tom" <DontSpamMr_tsquare@hotmail.com> wrote in message > news:1725F8F6-4233-4AA0-A73E-A79A5418868E@microsoft.com...<span style="color:green"> >> Hope this is the right place for a UAC question >> >> I have a Vista64 Ultimate system. A few weeks after the initial build, I >> determined that the hard disk was bad as it would hang until it had run >> and warmed up for quite a while. Purchased a new hard disk and >> reinstalled windows. As part of the "new" install, I used an 8Gig USB >> drive to transfer personal files (including Favorites) from the old >> system/hard disk to the new one. Process was to boot up windows on the >> old hard disk, transfer files to the USB drive, boot up windows on the >> new hard disk and transfer the files from the USB drive to the new C: >> drive. >> >> The new hard disk/system is working fine except I cannot add new >> bookmarks/favorites to favorite folders I transferred when surfing the >> net. With UAC ON, I get the following error: >> >> Unable to Create "internet site" >> Unspecified Error >> >> when trying to save or paste a new internet site/url to folders I >> transferred from the old hard disk. Files CAN be saved directly to the >> Favorites directory. With UAC OFF, all favorite saves work as expected. >> >> I have tried "taking ownership" of each and every folder in the Favorites >> directory, but the problem remains. I would really like to use UAC for >> what its worth, but the problem of not being able to save URLs without >> turning UAC off and rebooting makes it REALLY hard.</span> > </span> Quote
Guest Tom Posted February 1, 2009 Posted February 1, 2009 The darkening screen of "do you really want to do this" is not the issue. With UAC on, I get {Unable to Create "internet site" Unspecified Error}. With UAC off, I am allowed to save new favorites to anywhere in my favorites chain. Any other ideas? T2 "Dave" <Dave@beepbeepbeepbeep.com> wrote in message news:eCrVF0ugJHA.3716@TK2MSFTNGP06.phx.gbl...<span style="color:blue"> > http://www.tweak-uac.com/home/ > > > -- > Windows 7 beta > http://get.live.com/wlmail/overview > http://download.live.com/wlmail > > > "Tom" <DontSpamMr_tsquare@hotmail.com> wrote in message > news:73BC4102-A95B-438F-A30B-45CCC57D7F5F@microsoft.com...<span style="color:green"> >> Guess nobody here knows how to manipulate UAC without turning it off??? >> >> Tom >> >> >> "Tom" <DontSpamMr_tsquare@hotmail.com> wrote in message >> news:1725F8F6-4233-4AA0-A73E-A79A5418868E@microsoft.com...<span style="color:darkred"> >>> Hope this is the right place for a UAC question >>> >>> I have a Vista64 Ultimate system. A few weeks after the initial build, >>> I determined that the hard disk was bad as it would hang until it had >>> run and warmed up for quite a while. Purchased a new hard disk and >>> reinstalled windows. As part of the "new" install, I used an 8Gig USB >>> drive to transfer personal files (including Favorites) from the old >>> system/hard disk to the new one. Process was to boot up windows on the >>> old hard disk, transfer files to the USB drive, boot up windows on the >>> new hard disk and transfer the files from the USB drive to the new C: >>> drive. >>> >>> The new hard disk/system is working fine except I cannot add new >>> bookmarks/favorites to favorite folders I transferred when surfing the >>> net. With UAC ON, I get the following error: >>> >>> Unable to Create "internet site" >>> Unspecified Error >>> >>> when trying to save or paste a new internet site/url to folders I >>> transferred from the old hard disk. Files CAN be saved directly to the >>> Favorites directory. With UAC OFF, all favorite saves work as expected. >>> >>> I have tried "taking ownership" of each and every folder in the >>> Favorites directory, but the problem remains. I would really like to >>> use UAC for what its worth, but the problem of not being able to save >>> URLs without turning UAC off and rebooting makes it REALLY hard.</span> >> </span></span> Quote
Guest Tom Posted February 1, 2009 Posted February 1, 2009 Not sure what that is so I think I'll leave it alone. Did a Google on that registry line and the best I could get was that it has something to do with Protected Mode. Turned Protected Mode off and back on again in the Internet Options with no change in my ability to save new "internet sites" to anywhere in my Favorites chain. I'm pretty sure that the issue has to do with how I imported the Favorites from my old hard disk, ie by copying them on to a thumb drive from the old HD and then copying them onto the new HD that had already been installed with Vista64. Tom "FromTheRafters" <erratic@nomail.afraid.org> wrote in message news:%23GJGIctgJHA.4932@TK2MSFTNGP02.phx.gbl...<span style="color:blue"> > Perhaps you could try turning MIC off temporarily to see if > that affects your issue? > > HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystemEnableMIC. > > I believe turning this off will defeat 'protected mode' IE, but not all of > UAC. > > Have you tried support yet? > > > "Tom" <DontSpamMr_tsquare@hotmail.com> wrote in message > news:73BC4102-A95B-438F-A30B-45CCC57D7F5F@microsoft.com...<span style="color:green"> >> Guess nobody here knows how to manipulate UAC without turning it off??? >> >> Tom >> >> >> "Tom" <DontSpamMr_tsquare@hotmail.com> wrote in message >> news:1725F8F6-4233-4AA0-A73E-A79A5418868E@microsoft.com...<span style="color:darkred"> >>> Hope this is the right place for a UAC question >>> >>> I have a Vista64 Ultimate system. A few weeks after the initial build, >>> I determined that the hard disk was bad as it would hang until it had >>> run and warmed up for quite a while. Purchased a new hard disk and >>> reinstalled windows. As part of the "new" install, I used an 8Gig USB >>> drive to transfer personal files (including Favorites) from the old >>> system/hard disk to the new one. Process was to boot up windows on the >>> old hard disk, transfer files to the USB drive, boot up windows on the >>> new hard disk and transfer the files from the USB drive to the new C: >>> drive. >>> >>> The new hard disk/system is working fine except I cannot add new >>> bookmarks/favorites to favorite folders I transferred when surfing the >>> net. With UAC ON, I get the following error: >>> >>> Unable to Create "internet site" >>> Unspecified Error >>> >>> when trying to save or paste a new internet site/url to folders I >>> transferred from the old hard disk. Files CAN be saved directly to the >>> Favorites directory. With UAC OFF, all favorite saves work as expected. >>> >>> I have tried "taking ownership" of each and every folder in the >>> Favorites directory, but the problem remains. I would really like to >>> use UAC for what its worth, but the problem of not being able to save >>> URLs without turning UAC off and rebooting makes it REALLY hard.</span> >></span> > > </span> Quote
Guest FromTheRafters Posted February 2, 2009 Posted February 2, 2009 http://blogs.technet.com/steriley/archive/.../21/442870.aspx Not the answer, but you might like to read it. I still suggest calling support. "Tom" <DontSpamMr_tsquare@hotmail.com> wrote in message news:15A1B8AD-B9EF-46EA-9D00-2CC348AABFC1@microsoft.com...<span style="color:blue"> > Not sure what that is so I think I'll leave it alone. Did a Google on > that registry line and the best I could get was that it has something to > do with Protected Mode. Turned Protected Mode off and back on again in > the Internet Options with no change in my ability to save new "internet > sites" to anywhere in my Favorites chain. I'm pretty sure that the issue > has to do with how I imported the Favorites from my old hard disk, ie by > copying them on to a thumb drive from the old HD and then copying them > onto the new HD that had already been installed with Vista64. > > Tom > > > "FromTheRafters" <erratic@nomail.afraid.org> wrote in message > news:%23GJGIctgJHA.4932@TK2MSFTNGP02.phx.gbl...<span style="color:green"> >> Perhaps you could try turning MIC off temporarily to see if >> that affects your issue? >> >> HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystemEnableMIC. >> >> I believe turning this off will defeat 'protected mode' IE, but not all >> of UAC. >> >> Have you tried support yet? >> >> >> "Tom" <DontSpamMr_tsquare@hotmail.com> wrote in message >> news:73BC4102-A95B-438F-A30B-45CCC57D7F5F@microsoft.com...<span style="color:darkred"> >>> Guess nobody here knows how to manipulate UAC without turning it off??? >>> >>> Tom >>> >>> >>> "Tom" <DontSpamMr_tsquare@hotmail.com> wrote in message >>> news:1725F8F6-4233-4AA0-A73E-A79A5418868E@microsoft.com... >>>> Hope this is the right place for a UAC question >>>> >>>> I have a Vista64 Ultimate system. A few weeks after the initial build, >>>> I determined that the hard disk was bad as it would hang until it had >>>> run and warmed up for quite a while. Purchased a new hard disk and >>>> reinstalled windows. As part of the "new" install, I used an 8Gig USB >>>> drive to transfer personal files (including Favorites) from the old >>>> system/hard disk to the new one. Process was to boot up windows on the >>>> old hard disk, transfer files to the USB drive, boot up windows on the >>>> new hard disk and transfer the files from the USB drive to the new C: >>>> drive. >>>> >>>> The new hard disk/system is working fine except I cannot add new >>>> bookmarks/favorites to favorite folders I transferred when surfing the >>>> net. With UAC ON, I get the following error: >>>> >>>> Unable to Create "internet site" >>>> Unspecified Error >>>> >>>> when trying to save or paste a new internet site/url to folders I >>>> transferred from the old hard disk. Files CAN be saved directly to the >>>> Favorites directory. With UAC OFF, all favorite saves work as >>>> expected. >>>> >>>> I have tried "taking ownership" of each and every folder in the >>>> Favorites directory, but the problem remains. I would really like to >>>> use UAC for what its worth, but the problem of not being able to save >>>> URLs without turning UAC off and rebooting makes it REALLY hard. >>></span> >> >></span> > </span> Quote
Guest Tom Posted February 3, 2009 Posted February 3, 2009 Interesting read. As I understand it, there are characteristics to each object that the casual observer/administrator can't see, let alone modify/control. As I said above, I tried taking ownership, turning off/on protected mode etc, but was only finally able (2 hours this afternoon) to get control of my Favorites chain by dragging each folder in my favorites off onto the desk top, creating a new folder in the Favorites chain of a similar name and then dragging the shortcut contents of the moved folders back into the new folders. If you right-click on any folder and choose properties and security, you see the Group/user names (accounts?) and each of their "Permissions". The FOLDERS that I had problems with had a check mark under the allow/Special Permissions for Administrators(that's me as there are no other users). The folders that I had not problems with did NOT have a check mark under the Allow/Special Permissions. Now, whatever that means - MIC? Magic stuff. Will Windows 7 fix this? Tom "FromTheRafters" <erratic@nomail.afraid.org> wrote in message news:%23hz88lMhJHA.2516@TK2MSFTNGP05.phx.gbl...<span style="color:blue"> > http://blogs.technet.com/steriley/archive/.../21/442870.aspx > > Not the answer, but you might like to read it. > > I still suggest calling support. > > "Tom" <DontSpamMr_tsquare@hotmail.com> wrote in message > news:15A1B8AD-B9EF-46EA-9D00-2CC348AABFC1@microsoft.com...<span style="color:green"> >> Not sure what that is so I think I'll leave it alone. Did a Google on >> that registry line and the best I could get was that it has something to >> do with Protected Mode. Turned Protected Mode off and back on again in >> the Internet Options with no change in my ability to save new "internet >> sites" to anywhere in my Favorites chain. I'm pretty sure that the issue >> has to do with how I imported the Favorites from my old hard disk, ie by >> copying them on to a thumb drive from the old HD and then copying them >> onto the new HD that had already been installed with Vista64. >> >> Tom >> >> >> "FromTheRafters" <erratic@nomail.afraid.org> wrote in message >> news:%23GJGIctgJHA.4932@TK2MSFTNGP02.phx.gbl...<span style="color:darkred"> >>> Perhaps you could try turning MIC off temporarily to see if >>> that affects your issue? >>> >>> HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystemEnableMIC. >>> >>> I believe turning this off will defeat 'protected mode' IE, but not all >>> of UAC. >>> >>> Have you tried support yet? >>> >>> >>> "Tom" <DontSpamMr_tsquare@hotmail.com> wrote in message >>> news:73BC4102-A95B-438F-A30B-45CCC57D7F5F@microsoft.com... >>>> Guess nobody here knows how to manipulate UAC without turning it off??? >>>> >>>> Tom >>>> >>>> >>>> "Tom" <DontSpamMr_tsquare@hotmail.com> wrote in message >>>> news:1725F8F6-4233-4AA0-A73E-A79A5418868E@microsoft.com... >>>>> Hope this is the right place for a UAC question >>>>> >>>>> I have a Vista64 Ultimate system. A few weeks after the initial >>>>> build, I determined that the hard disk was bad as it would hang until >>>>> it had run and warmed up for quite a while. Purchased a new hard disk >>>>> and reinstalled windows. As part of the "new" install, I used an 8Gig >>>>> USB drive to transfer personal files (including Favorites) from the >>>>> old system/hard disk to the new one. Process was to boot up windows >>>>> on the old hard disk, transfer files to the USB drive, boot up windows >>>>> on the new hard disk and transfer the files from the USB drive to the >>>>> new C: drive. >>>>> >>>>> The new hard disk/system is working fine except I cannot add new >>>>> bookmarks/favorites to favorite folders I transferred when surfing the >>>>> net. With UAC ON, I get the following error: >>>>> >>>>> Unable to Create "internet site" >>>>> Unspecified Error >>>>> >>>>> when trying to save or paste a new internet site/url to folders I >>>>> transferred from the old hard disk. Files CAN be saved directly to >>>>> the Favorites directory. With UAC OFF, all favorite saves work as >>>>> expected. >>>>> >>>>> I have tried "taking ownership" of each and every folder in the >>>>> Favorites directory, but the problem remains. I would really like to >>>>> use UAC for what its worth, but the problem of not being able to save >>>>> URLs without turning UAC off and rebooting makes it REALLY hard. >>>> >>> >>></span> >></span> > > </span> Quote
Guest FromTheRafters Posted February 3, 2009 Posted February 3, 2009 "Tom" <DontSpamMr_tsquare@hotmail.com> wrote in message news:C1EBA448-8A14-4020-9E7D-EEF8E6F78122@microsoft.com...<span style="color:blue"> > Interesting read. As I understand it, there are characteristics to each > object that the casual observer/administrator can't see, let alone > modify/control.</span> Yes, and access can be denied before any "permissions" are checked. <span style="color:blue"> > As I said above, I tried taking ownership, turning off/on protected mode > etc,</span> I'm not sure turning off protected mode actually removes MIC from other aspects of the system. It may just run IE elevated - I haven't looked into it. Protected mode uses MIC not the other way 'round. <span style="color:blue"> > but was only finally able (2 hours this afternoon) to get control of my > Favorites chain by dragging each folder in my favorites off onto the desk > top, creating a new folder in the Favorites chain of a similar name and > then dragging the shortcut contents of the moved folders back into the new > folders.</span> Sounds like an 'end run' around MIC to me. Glad you got it sorted. I'm thinking your favorites data became untrusted due to the way you tried to migrate it. It regained trust when you manipulated it on the desktop. Just guessing though. <span style="color:blue"> > If you right-click on any folder and choose properties and security, you > see the Group/user names (accounts?) and each of their "Permissions". The > FOLDERS that I had problems with had a check mark under the allow/Special > Permissions for Administrators(that's me as there are no other users). > The folders that I had not problems with did NOT have a check mark under > the Allow/Special Permissions. > > Now, whatever that means - MIC?</span> Nope, permissions again. Regular permissions are like ordering a #22 Chinese take-out order. Special permissions sort of lets you pick from columns A, B, C, etc...for a better custom fit. http://support.microsoft.com/kb/308419 <span style="color:blue"> > Magic stuff. Will Windows 7 fix this?</span> I don't think so as it is not broken. I assume most people won't be migrating their data this way. [...] Quote
Guest Tom Posted February 4, 2009 Posted February 4, 2009 "FromTheRafters" <erratic@nomail.afraid.org> wrote in message news:uB%23tnAihJHA.4408@TK2MSFTNGP06.phx.gbl...<span style="color:blue"> > > "Tom" <DontSpamMr_tsquare@hotmail.com> wrote in message > news:C1EBA448-8A14-4020-9E7D-EEF8E6F78122@microsoft.com...<span style="color:green"> >> Interesting read. As I understand it, there are characteristics to each >> object that the casual observer/administrator can't see, let alone >> modify/control.</span> > > Yes, and access can be denied before any "permissions" are checked. ><span style="color:green"> >> As I said above, I tried taking ownership, turning off/on protected mode >> etc,</span> > > I'm not sure turning off protected mode actually removes MIC from > other aspects of the system. It may just run IE elevated - I haven't > looked into it. Protected mode uses MIC not the other way 'round.</span> Don't think that IE ran elevated with Protected Mode turned off as IE was still unable to write new shortcuts to the "moved" folders. Recall that I as Administrator was able to write/copy files to those folders, but IE was not. Interestingly, turning off UAC "fixes" the problem, allowing IE to once again write to those "moved" folders. <span style="color:blue"> ><span style="color:green"> >> but was only finally able (2 hours this afternoon) to get control of my >> Favorites chain by dragging each folder in my favorites off onto the desk >> top, creating a new folder in the Favorites chain of a similar name and >> then dragging the shortcut contents of the moved folders back into the >> new folders.</span></span> I'm guessing that my "user" account in creating new folders made it so that IE had sufficient "Integrety" (medium) to then write to them as well. <span style="color:blue"> > > Sounds like an 'end run' around MIC to me. Glad you got it sorted. I'm > thinking your favorites data became untrusted</span> Only certain folders - What I did was copy/move files and folders off of the thumb drive to the new Favorites folder. I trusted the folders I moved and my problem was to somehow convince Vista to trust them too. Not sure how Vista would react to dumping a bunch of folder/file data into a new Vista system. I guess IE or (I haven't tried this) notepad wouldn't be able write to/modify that data. due to the way you tried<span style="color:blue"> > to migrate it. It regained trust when you manipulated it on the desktop.</span> Interesting that the folders were a problem and not the shortcuts/executables. <span style="color:blue"> > > Just guessing though. ><span style="color:green"> >> If you right-click on any folder and choose properties and security, you >> see the Group/user names (accounts?) and each of their "Permissions". >> The FOLDERS that I had problems with had a check mark under the >> allow/Special Permissions for Administrators(that's me as there are no >> other users). The folders that I had not problems with did NOT have a >> check mark under the Allow/Special Permissions. >> >> Now, whatever that means - MIC?</span> > > Nope, permissions again. Regular permissions are like ordering a #22 > Chinese > take-out order. Special permissions sort of lets you pick from columns A, > B, C, > etc...for a better custom fit. > > http://support.microsoft.com/kb/308419</span> XP stuff. Is Vista 64 the same? <span style="color:blue"> ><span style="color:green"> >> Magic stuff. Will Windows 7 fix this?</span> > > I don't think so as it is not broken. I assume most people won't be > migrating their data this way.</span> But I think it its broken. Certainly not from the perspective of computer science or secure business software, but from the perspective of the "power user" who got used to doing things in a reasonable way and gets a little upset when there seems to be no good reason for it to change on MY computer. The thread above started by Kathy resonates a little for me. The link you provided above references Windows XP where none of this was an issue, (at least in my experience) but now with Vista, we are suddenly not so much masters of our own hardware system.<span style="color:blue"> > > [...] ></span> BTW FromTheRafters, I really appreciate the discussion and attempts to educate - hard as it is ;<) Quote
Guest FromTheRafters Posted February 4, 2009 Posted February 4, 2009 "Tom" <DontSpamMr_tsquare@hotmail.com> wrote in message news:29DCDCD3-5FDA-4FE8-80EF-6EC8253E87A0@microsoft.com...<span style="color:blue"> > > "FromTheRafters" <erratic@nomail.afraid.org> wrote in message > news:uB%23tnAihJHA.4408@TK2MSFTNGP06.phx.gbl...</span> <span style="color:blue"><span style="color:green"> >> http://support.microsoft.com/kb/308419</span> > > XP stuff. Is Vista 64 the same?</span> NTFS stuff. I posted it because it is not MIC related as your inquiry regarding special permissions and MIC indicated was your guess. <span style="color:blue"><span style="color:green"><span style="color:darkred"> >>> Magic stuff. Will Windows 7 fix this?</span> >> >> I don't think so as it is not broken. I assume most people won't be >> migrating their data this way.</span> > > But I think it its broken. Certainly not from the perspective of computer > science or secure business software, but from the perspective of the > "power user" who got used to doing things in a reasonable way and gets a > little upset when there seems to be no good reason for it to change on MY > computer.</span> Not much has really changed, it is just that now the "power user" has to tweak Vista's security down to his or her liking. The "average user" is more or less stuck with Vista's better security - and don't have a problem working within that security paradigm. By all means, if you are a safe "power user", strip Vista of its security and run as admin. Vista just didn't make bad security the default OOBE condition like previous versions did. All the groaning is because of the new experience being how to try to fight your way to being really the real administrator. Kinda keeps the "average users" from peeing in the pool so to speak. Now only those worthy of actually finding their own way to the real admin account are allowed to pee in the pool, and hopefully they're not as likely to do so. <span style="color:blue"> > The thread above started by Kathy resonates a little for me. The link you > provided above references Windows XP where none of this was an issue, (at > least in my experience) but now with Vista, we are suddenly not so much > masters of our own hardware system.</span> The wave of the future I'm afraid. Next you won't be running application software, but renting web based applications and be master of nothing on your computer. They're becoming less like General Purpose Computers and more like Special Purpose Computer communications devices. <span style="color:blue"> > BTW FromTheRafters, I really appreciate the discussion and attempts to > educate - hard as it is ;<)</span> Thanks, and no problem. Quote
Guest Kerry Brown Posted February 4, 2009 Posted February 4, 2009 Can you post the results of icacls for your favorites folder? At a command prompt type: icacls c:\username\favorites or whatever the path to your favorites folder is. -- Kerry Brown MS-MVP - Windows Desktop Experience: Systems Administration http://www.vistahelp.ca/phpBB2/ "Tom" <DontSpamMr_tsquare@hotmail.com> wrote in message news:29DCDCD3-5FDA-4FE8-80EF-6EC8253E87A0@microsoft.com...<span style="color:blue"> > > "FromTheRafters" <erratic@nomail.afraid.org> wrote in message > news:uB%23tnAihJHA.4408@TK2MSFTNGP06.phx.gbl...<span style="color:green"> >> >> "Tom" <DontSpamMr_tsquare@hotmail.com> wrote in message >> news:C1EBA448-8A14-4020-9E7D-EEF8E6F78122@microsoft.com...<span style="color:darkred"> >>> Interesting read. As I understand it, there are characteristics to each >>> object that the casual observer/administrator can't see, let alone >>> modify/control.</span> >> >> Yes, and access can be denied before any "permissions" are checked. >><span style="color:darkred"> >>> As I said above, I tried taking ownership, turning off/on protected mode >>> etc,</span> >> >> I'm not sure turning off protected mode actually removes MIC from >> other aspects of the system. It may just run IE elevated - I haven't >> looked into it. Protected mode uses MIC not the other way 'round.</span> > > > > Don't think that IE ran elevated with Protected Mode turned off as IE was > still unable to write new shortcuts to the "moved" folders. Recall that I > as Administrator was able to write/copy files to those folders, but IE was > not. Interestingly, turning off UAC "fixes" the problem, allowing IE to > once again write to those "moved" folders. > > > ><span style="color:green"> >><span style="color:darkred"> >>> but was only finally able (2 hours this afternoon) to get control of my >>> Favorites chain by dragging each folder in my favorites off onto the >>> desk top, creating a new folder in the Favorites chain of a similar name >>> and then dragging the shortcut contents of the moved folders back into >>> the new folders.</span></span> > > I'm guessing that my "user" account in creating new folders made it so > that IE had sufficient "Integrety" (medium) to then write to them as well. > ><span style="color:green"> >> >> Sounds like an 'end run' around MIC to me. Glad you got it sorted. I'm >> thinking your favorites data became untrusted</span> > > Only certain folders - What I did was copy/move files and folders off of > the thumb drive to the new Favorites folder. I trusted the folders I > moved and my problem was to somehow convince Vista to trust them too. Not > sure how Vista would react to dumping a bunch of folder/file data into a > new Vista system. I guess IE or (I haven't tried this) notepad wouldn't > be able write to/modify that data. > > due to the way you tried<span style="color:green"> >> to migrate it. It regained trust when you manipulated it on the desktop.</span> > > Interesting that the folders were a problem and not the > shortcuts/executables. ><span style="color:green"> >> >> Just guessing though. >><span style="color:darkred"> >>> If you right-click on any folder and choose properties and security, you >>> see the Group/user names (accounts?) and each of their "Permissions". >>> The FOLDERS that I had problems with had a check mark under the >>> allow/Special Permissions for Administrators(that's me as there are no >>> other users). The folders that I had not problems with did NOT have a >>> check mark under the Allow/Special Permissions. >>> >>> Now, whatever that means - MIC?</span> >> >> Nope, permissions again. Regular permissions are like ordering a #22 >> Chinese >> take-out order. Special permissions sort of lets you pick from columns A, >> B, C, >> etc...for a better custom fit. >> >> http://support.microsoft.com/kb/308419</span> > > XP stuff. Is Vista 64 the same? > ><span style="color:green"> >><span style="color:darkred"> >>> Magic stuff. Will Windows 7 fix this?</span> >> >> I don't think so as it is not broken. I assume most people won't be >> migrating their data this way.</span> > > But I think it its broken. Certainly not from the perspective of computer > science or secure business software, but from the perspective of the > "power user" who got used to doing things in a reasonable way and gets a > little upset when there seems to be no good reason for it to change on MY > computer. The thread above started by Kathy resonates a little for me. > The link you provided above references Windows XP where none of this was > an issue, (at least in my experience) but now with Vista, we are suddenly > not so much masters of our own hardware system.<span style="color:green"> >> >> [...] >></span> > > BTW FromTheRafters, I really appreciate the discussion and attempts to > educate - hard as it is ;<) > > </span> Quote
Guest Tom Posted February 4, 2009 Posted February 4, 2009 c:\Users\Tom\Favorites BUILTIN\Administrators:(F) Tom-PC\Tom:(I)(OI)(CI)(F) NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F) Mandatory Label\Low Mandatory Level:(OI)(CI)(NW) OK, now, what does it mean and how does it relate to my problem? Recall, also, that I have removed the problem folders end entered new folders of the same name so that I can once again save new URLs to subfolders of Favorites. Tom "Kerry Brown" <kerry@kdbNOSPAMsys-tems.c a m> wrote in message news:e5TEONphJHA.1172@TK2MSFTNGP04.phx.gbl...<span style="color:blue"> > Can you post the results of icacls for your favorites folder? At a command > prompt type: > > icacls c:usernamefavorites > > or whatever the path to your favorites folder is. > > -- > Kerry Brown > MS-MVP - Windows Desktop Experience: Systems Administration > http://www.vistahelp.ca/phpBB2/ > > > > > "Tom" <DontSpamMr_tsquare@hotmail.com> wrote in message > news:29DCDCD3-5FDA-4FE8-80EF-6EC8253E87A0@microsoft.com...<span style="color:green"> >> >> "FromTheRafters" <erratic@nomail.afraid.org> wrote in message >> news:uB%23tnAihJHA.4408@TK2MSFTNGP06.phx.gbl...<span style="color:darkred"> >>> >>> "Tom" <DontSpamMr_tsquare@hotmail.com> wrote in message >>> news:C1EBA448-8A14-4020-9E7D-EEF8E6F78122@microsoft.com... >>>> Interesting read. As I understand it, there are characteristics to >>>> each object that the casual observer/administrator can't see, let alone >>>> modify/control. >>> >>> Yes, and access can be denied before any "permissions" are checked. >>> >>>> As I said above, I tried taking ownership, turning off/on protected >>>> mode etc, >>> >>> I'm not sure turning off protected mode actually removes MIC from >>> other aspects of the system. It may just run IE elevated - I haven't >>> looked into it. Protected mode uses MIC not the other way 'round.</span> >> >> >> >> Don't think that IE ran elevated with Protected Mode turned off as IE was >> still unable to write new shortcuts to the "moved" folders. Recall that >> I as Administrator was able to write/copy files to those folders, but IE >> was not. Interestingly, turning off UAC "fixes" the problem, allowing IE >> to once again write to those "moved" folders. >> >> >> >><span style="color:darkred"> >>> >>>> but was only finally able (2 hours this afternoon) to get control of my >>>> Favorites chain by dragging each folder in my favorites off onto the >>>> desk top, creating a new folder in the Favorites chain of a similar >>>> name and then dragging the shortcut contents of the moved folders back >>>> into the new folders.</span> >> >> I'm guessing that my "user" account in creating new folders made it so >> that IE had sufficient "Integrety" (medium) to then write to them as >> well. >> >><span style="color:darkred"> >>> >>> Sounds like an 'end run' around MIC to me. Glad you got it sorted. I'm >>> thinking your favorites data became untrusted</span> >> >> Only certain folders - What I did was copy/move files and folders off of >> the thumb drive to the new Favorites folder. I trusted the folders I >> moved and my problem was to somehow convince Vista to trust them too. >> Not sure how Vista would react to dumping a bunch of folder/file data >> into a new Vista system. I guess IE or (I haven't tried this) notepad >> wouldn't be able write to/modify that data. >> >> due to the way you tried<span style="color:darkred"> >>> to migrate it. It regained trust when you manipulated it on the desktop.</span> >> >> Interesting that the folders were a problem and not the >> shortcuts/executables. >><span style="color:darkred"> >>> >>> Just guessing though. >>> >>>> If you right-click on any folder and choose properties and security, >>>> you see the Group/user names (accounts?) and each of their >>>> "Permissions". The FOLDERS that I had problems with had a check mark >>>> under the allow/Special Permissions for Administrators(that's me as >>>> there are no other users). The folders that I had not problems with did >>>> NOT have a check mark under the Allow/Special Permissions. >>>> >>>> Now, whatever that means - MIC? >>> >>> Nope, permissions again. Regular permissions are like ordering a #22 >>> Chinese >>> take-out order. Special permissions sort of lets you pick from columns >>> A, B, C, >>> etc...for a better custom fit. >>> >>> http://support.microsoft.com/kb/308419</span> >> >> XP stuff. Is Vista 64 the same? >> >><span style="color:darkred"> >>> >>>> Magic stuff. Will Windows 7 fix this? >>> >>> I don't think so as it is not broken. I assume most people won't be >>> migrating their data this way.</span> >> >> But I think it its broken. Certainly not from the perspective of >> computer science or secure business software, but from the perspective of >> the "power user" who got used to doing things in a reasonable way and >> gets a little upset when there seems to be no good reason for it to >> change on MY computer. The thread above started by Kathy resonates a >> little for me. The link you provided above references Windows XP where >> none of this was an issue, (at least in my experience) but now with >> Vista, we are suddenly not so much masters of our own hardware system.<span style="color:darkred"> >>> >>> [...] >>></span> >> >> BTW FromTheRafters, I really appreciate the discussion and attempts to >> educate - hard as it is ;<) >> >> </span></span> Quote
Guest Kerry Brown Posted February 6, 2009 Posted February 6, 2009 I've seen the Integrity level get messed up. That looks correct. Just to be sure try this command in an elevated command prompt. icacls C:\Users\Tom\Favorites /setintegritylevel (OI)(CI)low -- Kerry Brown MS-MVP - Windows Desktop Experience: Systems Administration http://www.vistahelp.ca/phpBB2/ "Tom" <DontSpamMr_tsquare@hotmail.com> wrote in message news:717927D9-0F62-416F-8A4B-3819A6B66A67@microsoft.com...<span style="color:blue"> > c:UsersTomFavorites BUILTINAdministrators:(F) > Tom-PCTom:(I)(OI)(CI)(F) > NT AUTHORITYSYSTEM:(I)(OI)(CI)(F) > Mandatory LabelLow Mandatory > Level:(OI)(CI)(NW) > > OK, now, what does it mean and how does it relate to my problem? Recall, > also, that I have removed the problem folders end entered new folders of > the same name so that I can once again save new URLs to subfolders of > Favorites. > > Tom > > "Kerry Brown" <kerry@kdbNOSPAMsys-tems.c a m> wrote in message > news:e5TEONphJHA.1172@TK2MSFTNGP04.phx.gbl...<span style="color:green"> >> Can you post the results of icacls for your favorites folder? At a >> command prompt type: >> >> icacls c:usernamefavorites >> >> or whatever the path to your favorites folder is. >> >> -- >> Kerry Brown >> MS-MVP - Windows Desktop Experience: Systems Administration >> http://www.vistahelp.ca/phpBB2/ >> >> >> >> >> "Tom" <DontSpamMr_tsquare@hotmail.com> wrote in message >> news:29DCDCD3-5FDA-4FE8-80EF-6EC8253E87A0@microsoft.com...<span style="color:darkred"> >>> >>> "FromTheRafters" <erratic@nomail.afraid.org> wrote in message >>> news:uB%23tnAihJHA.4408@TK2MSFTNGP06.phx.gbl... >>>> >>>> "Tom" <DontSpamMr_tsquare@hotmail.com> wrote in message >>>> news:C1EBA448-8A14-4020-9E7D-EEF8E6F78122@microsoft.com... >>>>> Interesting read. As I understand it, there are characteristics to >>>>> each object that the casual observer/administrator can't see, let >>>>> alone modify/control. >>>> >>>> Yes, and access can be denied before any "permissions" are checked. >>>> >>>>> As I said above, I tried taking ownership, turning off/on protected >>>>> mode etc, >>>> >>>> I'm not sure turning off protected mode actually removes MIC from >>>> other aspects of the system. It may just run IE elevated - I haven't >>>> looked into it. Protected mode uses MIC not the other way 'round. >>> >>> >>> >>> Don't think that IE ran elevated with Protected Mode turned off as IE >>> was still unable to write new shortcuts to the "moved" folders. Recall >>> that I as Administrator was able to write/copy files to those folders, >>> but IE was not. Interestingly, turning off UAC "fixes" the problem, >>> allowing IE to once again write to those "moved" folders. >>> >>> >>> >>> >>>> >>>>> but was only finally able (2 hours this afternoon) to get control of >>>>> my Favorites chain by dragging each folder in my favorites off onto >>>>> the desk top, creating a new folder in the Favorites chain of a >>>>> similar name and then dragging the shortcut contents of the moved >>>>> folders back into the new folders. >>> >>> I'm guessing that my "user" account in creating new folders made it so >>> that IE had sufficient "Integrety" (medium) to then write to them as >>> well. >>> >>> >>>> >>>> Sounds like an 'end run' around MIC to me. Glad you got it sorted. I'm >>>> thinking your favorites data became untrusted >>> >>> Only certain folders - What I did was copy/move files and folders off of >>> the thumb drive to the new Favorites folder. I trusted the folders I >>> moved and my problem was to somehow convince Vista to trust them too. >>> Not sure how Vista would react to dumping a bunch of folder/file data >>> into a new Vista system. I guess IE or (I haven't tried this) notepad >>> wouldn't be able write to/modify that data. >>> >>> due to the way you tried >>>> to migrate it. It regained trust when you manipulated it on the >>>> desktop. >>> >>> Interesting that the folders were a problem and not the >>> shortcuts/executables. >>> >>>> >>>> Just guessing though. >>>> >>>>> If you right-click on any folder and choose properties and security, >>>>> you see the Group/user names (accounts?) and each of their >>>>> "Permissions". The FOLDERS that I had problems with had a check mark >>>>> under the allow/Special Permissions for Administrators(that's me as >>>>> there are no other users). The folders that I had not problems with >>>>> did NOT have a check mark under the Allow/Special Permissions. >>>>> >>>>> Now, whatever that means - MIC? >>>> >>>> Nope, permissions again. Regular permissions are like ordering a #22 >>>> Chinese >>>> take-out order. Special permissions sort of lets you pick from columns >>>> A, B, C, >>>> etc...for a better custom fit. >>>> >>>> http://support.microsoft.com/kb/308419 >>> >>> XP stuff. Is Vista 64 the same? >>> >>> >>>> >>>>> Magic stuff. Will Windows 7 fix this? >>>> >>>> I don't think so as it is not broken. I assume most people won't be >>>> migrating their data this way. >>> >>> But I think it its broken. Certainly not from the perspective of >>> computer science or secure business software, but from the perspective >>> of the "power user" who got used to doing things in a reasonable way and >>> gets a little upset when there seems to be no good reason for it to >>> change on MY computer. The thread above started by Kathy resonates a >>> little for me. The link you provided above references Windows XP where >>> none of this was an issue, (at least in my experience) but now with >>> Vista, we are suddenly not so much masters of our own hardware system. >>>> >>>> [...] >>>> >>> >>> BTW FromTheRafters, I really appreciate the discussion and attempts to >>> educate - hard as it is ;<) >>> >>></span></span> > </span> Quote
Guest Tom Posted February 6, 2009 Posted February 6, 2009 Hi Kerry; Recall that the problem was with subfolders of Favorites - folders and URL shortcuts that had been brought over from a previous Vista64 install via thumbdrive. A look at the definition of icacls http://technet.microsoft.com/en-us/library/cc753525.aspx indicates that the command will change the integrity levels all the way down a folder chain. (The question I asked you below). Unclear from the definition what the "I" means in Tom-PC\Tom:(I)(OI)(CI)(F) NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F) The command you requested I do looks as though it is appropriate as long as L=Low=Low Mandatory. but I'm reluctant to run it as the command looks as though it could really cause some subtle problems. Recall that my issue resulted in: Unable to Create "internet site" Unspecified Error not "access denied". The system was the one that had the problem ie Internet Explorer as it couldn't write to those directories unless UAC was turned off and while I as Administrator could delete them and "repair" problem by deleting and recreating those directories and the dragging the old contents into the new folders. So - mixed bag of issues? Tom "Kerry Brown" <kerry@kdbNOSPAMsys-tems.c a m> wrote in message news:%239JI4cBiJHA.4572@TK2MSFTNGP04.phx.gbl...<span style="color:blue"> > I've seen the Integrity level get messed up. That looks correct. Just to > be sure try this command in an elevated command prompt. > > icacls C:UsersTomFavorites /setintegritylevel (OI)(CI)low > > -- > Kerry Brown > MS-MVP - Windows Desktop Experience: Systems Administration > http://www.vistahelp.ca/phpBB2/ > > > "Tom" <DontSpamMr_tsquare@hotmail.com> wrote in message > news:717927D9-0F62-416F-8A4B-3819A6B66A67@microsoft.com...<span style="color:green"> >> c:UsersTomFavorites BUILTINAdministrators:(F) >> Tom-PCTom:(I)(OI)(CI)(F) >> NT AUTHORITYSYSTEM:(I)(OI)(CI)(F) >> Mandatory LabelLow Mandatory >> Level:(OI)(CI)(NW) >> >> OK, now, what does it mean and how does it relate to my problem? Recall, >> also, that I have removed the problem folders end entered new folders of >> the same name so that I can once again save new URLs to subfolders of >> Favorites. >> >> Tom >> >> "Kerry Brown" <kerry@kdbNOSPAMsys-tems.c a m> wrote in message >> news:e5TEONphJHA.1172@TK2MSFTNGP04.phx.gbl...<span style="color:darkred"> >>> Can you post the results of icacls for your favorites folder? At a >>> command prompt type: >>> >>> icacls c:usernamefavorites >>> >>> or whatever the path to your favorites folder is. >>> >>> -- >>> Kerry Brown >>> MS-MVP - Windows Desktop Experience: Systems Administration >>> http://www.vistahelp.ca/phpBB2/ >>> >>> >>> >>> >>> "Tom" <DontSpamMr_tsquare@hotmail.com> wrote in message >>> news:29DCDCD3-5FDA-4FE8-80EF-6EC8253E87A0@microsoft.com... >>>> >>>> "FromTheRafters" <erratic@nomail.afraid.org> wrote in message >>>> news:uB%23tnAihJHA.4408@TK2MSFTNGP06.phx.gbl... >>>>> >>>>> "Tom" <DontSpamMr_tsquare@hotmail.com> wrote in message >>>>> news:C1EBA448-8A14-4020-9E7D-EEF8E6F78122@microsoft.com... >>>>>> Interesting read. As I understand it, there are characteristics to >>>>>> each object that the casual observer/administrator can't see, let >>>>>> alone modify/control. >>>>> >>>>> Yes, and access can be denied before any "permissions" are checked. >>>>> >>>>>> As I said above, I tried taking ownership, turning off/on protected >>>>>> mode etc, >>>>> >>>>> I'm not sure turning off protected mode actually removes MIC from >>>>> other aspects of the system. It may just run IE elevated - I haven't >>>>> looked into it. Protected mode uses MIC not the other way 'round. >>>> >>>> >>>> >>>> Don't think that IE ran elevated with Protected Mode turned off as IE >>>> was still unable to write new shortcuts to the "moved" folders. Recall >>>> that I as Administrator was able to write/copy files to those folders, >>>> but IE was not. Interestingly, turning off UAC "fixes" the problem, >>>> allowing IE to once again write to those "moved" folders. >>>> >>>> >>>> >>>> >>>>> >>>>>> but was only finally able (2 hours this afternoon) to get control of >>>>>> my Favorites chain by dragging each folder in my favorites off onto >>>>>> the desk top, creating a new folder in the Favorites chain of a >>>>>> similar name and then dragging the shortcut contents of the moved >>>>>> folders back into the new folders. >>>> >>>> I'm guessing that my "user" account in creating new folders made it so >>>> that IE had sufficient "Integrety" (medium) to then write to them as >>>> well. >>>> >>>> >>>>> >>>>> Sounds like an 'end run' around MIC to me. Glad you got it sorted. I'm >>>>> thinking your favorites data became untrusted >>>> >>>> Only certain folders - What I did was copy/move files and folders off >>>> of the thumb drive to the new Favorites folder. I trusted the folders >>>> I moved and my problem was to somehow convince Vista to trust them too. >>>> Not sure how Vista would react to dumping a bunch of folder/file data >>>> into a new Vista system. I guess IE or (I haven't tried this) notepad >>>> wouldn't be able write to/modify that data. >>>> >>>> due to the way you tried >>>>> to migrate it. It regained trust when you manipulated it on the >>>>> desktop. >>>> >>>> Interesting that the folders were a problem and not the >>>> shortcuts/executables. >>>> >>>>> >>>>> Just guessing though. >>>>> >>>>>> If you right-click on any folder and choose properties and security, >>>>>> you see the Group/user names (accounts?) and each of their >>>>>> "Permissions". The FOLDERS that I had problems with had a check mark >>>>>> under the allow/Special Permissions for Administrators(that's me as >>>>>> there are no other users). The folders that I had not problems with >>>>>> did NOT have a check mark under the Allow/Special Permissions. >>>>>> >>>>>> Now, whatever that means - MIC? >>>>> >>>>> Nope, permissions again. Regular permissions are like ordering a #22 >>>>> Chinese >>>>> take-out order. Special permissions sort of lets you pick from columns >>>>> A, B, C, >>>>> etc...for a better custom fit. >>>>> >>>>> http://support.microsoft.com/kb/308419 >>>> >>>> XP stuff. Is Vista 64 the same? >>>> >>>> >>>>> >>>>>> Magic stuff. Will Windows 7 fix this? >>>>> >>>>> I don't think so as it is not broken. I assume most people won't be >>>>> migrating their data this way. >>>> >>>> But I think it its broken. Certainly not from the perspective of >>>> computer science or secure business software, but from the perspective >>>> of the "power user" who got used to doing things in a reasonable way >>>> and gets a little upset when there seems to be no good reason for it to >>>> change on MY computer. The thread above started by Kathy resonates a >>>> little for me. The link you provided above references Windows XP where >>>> none of this was an issue, (at least in my experience) but now with >>>> Vista, we are suddenly not so much masters of our own hardware system. >>>>> >>>>> [...] >>>>> >>>> >>>> BTW FromTheRafters, I really appreciate the discussion and attempts to >>>> educate - hard as it is ;<) >>>> >>>></span> >> </span></span> Quote
Guest Kerry Brown Posted February 6, 2009 Posted February 6, 2009 That's correct, the command should set the favorites folder and all of the folders below favorites to an Integrity level of Low. If you're nervous check the Integrity level of a folder where you can't add or change links. I'm guessing it's not low. IE in protected mode runs at low Integrity. This means it can't alter anything in a folder at an Integrity level above low. -- Kerry Brown MS-MVP - Windows Desktop Experience: Systems Administration http://www.vistahelp.ca/phpBB2/ "Tom" <DontSpamMr_tsquare@hotmail.com> wrote in message news:90DED108-EB5E-42F0-BA8E-0435FF757679@microsoft.com...<span style="color:blue"> > Hi Kerry; > Recall that the problem was with subfolders of Favorites - folders and > URL shortcuts that had been brought over from a previous Vista64 install > via thumbdrive. A look at the definition of icacls > http://technet.microsoft.com/en-us/library/cc753525.aspx indicates that > the command will change the integrity levels all the way down a folder > chain. (The question I asked you below). Unclear from the definition what > the "I" means in > > Tom-PCTom:(I)(OI)(CI)(F) > NT AUTHORITYSYSTEM:(I)(OI)(CI)(F) > > The command you requested I do looks as though it is appropriate as long > as L=Low=Low Mandatory. > > but I'm reluctant to run it as the command looks as though it could really > cause some subtle problems. Recall that my issue resulted in: > > Unable to Create "internet site" > Unspecified Error > > not "access denied". The system was the one that had the problem ie > Internet Explorer as it couldn't write to those directories unless UAC was > turned off and while I as Administrator could delete them and "repair" > problem by deleting and recreating those directories and the dragging the > old contents into the new folders. > > So - mixed bag of issues? > > Tom > > > > "Kerry Brown" <kerry@kdbNOSPAMsys-tems.c a m> wrote in message > news:%239JI4cBiJHA.4572@TK2MSFTNGP04.phx.gbl...<span style="color:green"> >> I've seen the Integrity level get messed up. That looks correct. Just to >> be sure try this command in an elevated command prompt. >> >> icacls C:UsersTomFavorites /setintegritylevel (OI)(CI)low >> >> -- >> Kerry Brown >> MS-MVP - Windows Desktop Experience: Systems Administration >> http://www.vistahelp.ca/phpBB2/ >> >> >> "Tom" <DontSpamMr_tsquare@hotmail.com> wrote in message >> news:717927D9-0F62-416F-8A4B-3819A6B66A67@microsoft.com...<span style="color:darkred"> >>> c:UsersTomFavorites BUILTINAdministrators:(F) >>> Tom-PCTom:(I)(OI)(CI)(F) >>> NT AUTHORITYSYSTEM:(I)(OI)(CI)(F) >>> Mandatory LabelLow Mandatory >>> Level:(OI)(CI)(NW) >>> >>> OK, now, what does it mean and how does it relate to my problem? >>> Recall, also, that I have removed the problem folders end entered new >>> folders of the same name so that I can once again save new URLs to >>> subfolders of Favorites. >>> >>> Tom >>> >>> "Kerry Brown" <kerry@kdbNOSPAMsys-tems.c a m> wrote in message >>> news:e5TEONphJHA.1172@TK2MSFTNGP04.phx.gbl... >>>> Can you post the results of icacls for your favorites folder? At a >>>> command prompt type: >>>> >>>> icacls c:usernamefavorites >>>> >>>> or whatever the path to your favorites folder is. >>>> >>>> -- >>>> Kerry Brown >>>> MS-MVP - Windows Desktop Experience: Systems Administration >>>> http://www.vistahelp.ca/phpBB2/ >>>> >>>> >>>> >>>> >>>> "Tom" <DontSpamMr_tsquare@hotmail.com> wrote in message >>>> news:29DCDCD3-5FDA-4FE8-80EF-6EC8253E87A0@microsoft.com... >>>>> >>>>> "FromTheRafters" <erratic@nomail.afraid.org> wrote in message >>>>> news:uB%23tnAihJHA.4408@TK2MSFTNGP06.phx.gbl... >>>>>> >>>>>> "Tom" <DontSpamMr_tsquare@hotmail.com> wrote in message >>>>>> news:C1EBA448-8A14-4020-9E7D-EEF8E6F78122@microsoft.com... >>>>>>> Interesting read. As I understand it, there are characteristics to >>>>>>> each object that the casual observer/administrator can't see, let >>>>>>> alone modify/control. >>>>>> >>>>>> Yes, and access can be denied before any "permissions" are checked. >>>>>> >>>>>>> As I said above, I tried taking ownership, turning off/on protected >>>>>>> mode etc, >>>>>> >>>>>> I'm not sure turning off protected mode actually removes MIC from >>>>>> other aspects of the system. It may just run IE elevated - I haven't >>>>>> looked into it. Protected mode uses MIC not the other way 'round. >>>>> >>>>> >>>>> >>>>> Don't think that IE ran elevated with Protected Mode turned off as IE >>>>> was still unable to write new shortcuts to the "moved" folders. >>>>> Recall that I as Administrator was able to write/copy files to those >>>>> folders, but IE was not. Interestingly, turning off UAC "fixes" the >>>>> problem, allowing IE to once again write to those "moved" folders. >>>>> >>>>> >>>>> >>>>> >>>>>> >>>>>>> but was only finally able (2 hours this afternoon) to get control of >>>>>>> my Favorites chain by dragging each folder in my favorites off onto >>>>>>> the desk top, creating a new folder in the Favorites chain of a >>>>>>> similar name and then dragging the shortcut contents of the moved >>>>>>> folders back into the new folders. >>>>> >>>>> I'm guessing that my "user" account in creating new folders made it so >>>>> that IE had sufficient "Integrety" (medium) to then write to them as >>>>> well. >>>>> >>>>> >>>>>> >>>>>> Sounds like an 'end run' around MIC to me. Glad you got it sorted. >>>>>> I'm >>>>>> thinking your favorites data became untrusted >>>>> >>>>> Only certain folders - What I did was copy/move files and folders off >>>>> of the thumb drive to the new Favorites folder. I trusted the folders >>>>> I moved and my problem was to somehow convince Vista to trust them >>>>> too. Not sure how Vista would react to dumping a bunch of folder/file >>>>> data into a new Vista system. I guess IE or (I haven't tried this) >>>>> notepad wouldn't be able write to/modify that data. >>>>> >>>>> due to the way you tried >>>>>> to migrate it. It regained trust when you manipulated it on the >>>>>> desktop. >>>>> >>>>> Interesting that the folders were a problem and not the >>>>> shortcuts/executables. >>>>> >>>>>> >>>>>> Just guessing though. >>>>>> >>>>>>> If you right-click on any folder and choose properties and security, >>>>>>> you see the Group/user names (accounts?) and each of their >>>>>>> "Permissions". The FOLDERS that I had problems with had a check mark >>>>>>> under the allow/Special Permissions for Administrators(that's me as >>>>>>> there are no other users). The folders that I had not problems with >>>>>>> did NOT have a check mark under the Allow/Special Permissions. >>>>>>> >>>>>>> Now, whatever that means - MIC? >>>>>> >>>>>> Nope, permissions again. Regular permissions are like ordering a #22 >>>>>> Chinese >>>>>> take-out order. Special permissions sort of lets you pick from >>>>>> columns A, B, C, >>>>>> etc...for a better custom fit. >>>>>> >>>>>> http://support.microsoft.com/kb/308419 >>>>> >>>>> XP stuff. Is Vista 64 the same? >>>>> >>>>> >>>>>> >>>>>>> Magic stuff. Will Windows 7 fix this? >>>>>> >>>>>> I don't think so as it is not broken. I assume most people won't be >>>>>> migrating their data this way. >>>>> >>>>> But I think it its broken. Certainly not from the perspective of >>>>> computer science or secure business software, but from the perspective >>>>> of the "power user" who got used to doing things in a reasonable way >>>>> and gets a little upset when there seems to be no good reason for it >>>>> to change on MY computer. The thread above started by Kathy resonates >>>>> a little for me. The link you provided above references Windows XP >>>>> where none of this was an issue, (at least in my experience) but now >>>>> with Vista, we are suddenly not so much masters of our own hardware >>>>> system. >>>>>> >>>>>> [...] >>>>>> >>>>> >>>>> BTW FromTheRafters, I really appreciate the discussion and attempts to >>>>> educate - hard as it is ;<) >>>>> >>>>> >>></span></span> > </span> Quote
Guest Tom Posted February 6, 2009 Posted February 6, 2009 Hi Kerry; I retrieved one of the problem folders (named Boat) from the trash. using the icacls command I get: c:Users\Tom\Desktop\Boat BUILTIN\Administrators:(F) Tom-PC\Tom:(I)(OI)(CI)(F) NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F) BUILTIN\Administrators:(I)(OI)(CI)(F) Mandatory Label\Low Mandatory Level:(I)(OI)(CI)(NW) Seems to be missing the (I) in the last line and has an extra BUILTIN line compared to the similar execution of icacls of the Favorites (repaired) below. Compared to the other Users Accounts, the Boat folder has the extra check mark in the Properties/Security/Group or User name = Administrators (Tom-PC\Administrators)/Permissions for Administrators = Special permissions. <span style="color:blue"><span style="color:green"><span style="color:darkred"> >>>> c:UsersTomFavorites BUILTINAdministrators:(F) >>>> Tom-PCTom:(I)(OI)(CI)(F) >>>> NT AUTHORITYSYSTEM:(I)(OI)(CI)(F) >>>> Mandatory LabelLow Mandatory >>>> Level:(OI)(CI)(NW)</span></span></span> So, what does that mean related to the inability of Internet Explorer to write to a folder like Boat? Tom "Kerry Brown" <kerry@kdbNOSPAMsys-tems.c a m> wrote in message news:eKJFFtCiJHA.5732@TK2MSFTNGP05.phx.gbl...<span style="color:blue"> > That's correct, the command should set the favorites folder and all of the > folders below favorites to an Integrity level of Low. If you're nervous > check the Integrity level of a folder where you can't add or change links. > I'm guessing it's not low. IE in protected mode runs at low Integrity. > This means it can't alter anything in a folder at an Integrity level above > low. > > -- > Kerry Brown > MS-MVP - Windows Desktop Experience: Systems Administration > http://www.vistahelp.ca/phpBB2/ > > > "Tom" <DontSpamMr_tsquare@hotmail.com> wrote in message > news:90DED108-EB5E-42F0-BA8E-0435FF757679@microsoft.com...<span style="color:green"> >> Hi Kerry; >> Recall that the problem was with subfolders of Favorites - folders and >> URL shortcuts that had been brought over from a previous Vista64 install >> via thumbdrive. A look at the definition of icacls >> http://technet.microsoft.com/en-us/library/cc753525.aspx indicates that >> the command will change the integrity levels all the way down a folder >> chain. (The question I asked you below). Unclear from the definition >> what the "I" means in >> >> Tom-PCTom:(I)(OI)(CI)(F) >> NT AUTHORITYSYSTEM:(I)(OI)(CI)(F) >> >> The command you requested I do looks as though it is appropriate as long >> as L=Low=Low Mandatory. >> >> but I'm reluctant to run it as the command looks as though it could >> really cause some subtle problems. Recall that my issue resulted in: >> >> Unable to Create "internet site" >> Unspecified Error >> >> not "access denied". The system was the one that had the problem ie >> Internet Explorer as it couldn't write to those directories unless UAC >> was turned off and while I as Administrator could delete them and >> "repair" problem by deleting and recreating those directories and the >> dragging the old contents into the new folders. >> >> So - mixed bag of issues? >> >> Tom >> >> >> >> "Kerry Brown" <kerry@kdbNOSPAMsys-tems.c a m> wrote in message >> news:%239JI4cBiJHA.4572@TK2MSFTNGP04.phx.gbl...<span style="color:darkred"> >>> I've seen the Integrity level get messed up. That looks correct. Just to >>> be sure try this command in an elevated command prompt. >>> >>> icacls C:UsersTomFavorites /setintegritylevel (OI)(CI)low >>> >>> -- >>> Kerry Brown >>> MS-MVP - Windows Desktop Experience: Systems Administration >>> http://www.vistahelp.ca/phpBB2/ >>> >>> >>> "Tom" <DontSpamMr_tsquare@hotmail.com> wrote in message >>> news:717927D9-0F62-416F-8A4B-3819A6B66A67@microsoft.com... >>>> c:UsersTomFavorites BUILTINAdministrators:(F) >>>> Tom-PCTom:(I)(OI)(CI)(F) >>>> NT AUTHORITYSYSTEM:(I)(OI)(CI)(F) >>>> Mandatory LabelLow Mandatory >>>> Level:(OI)(CI)(NW) >>>> >>>> OK, now, what does it mean and how does it relate to my problem? >>>> Recall, also, that I have removed the problem folders end entered new >>>> folders of the same name so that I can once again save new URLs to >>>> subfolders of Favorites. >>>> >>>> Tom >>>> >>>> "Kerry Brown" <kerry@kdbNOSPAMsys-tems.c a m> wrote in message >>>> news:e5TEONphJHA.1172@TK2MSFTNGP04.phx.gbl... >>>>> Can you post the results of icacls for your favorites folder? At a >>>>> command prompt type: >>>>> >>>>> icacls c:usernamefavorites >>>>> >>>>> or whatever the path to your favorites folder is. >>>>> >>>>> -- >>>>> Kerry Brown >>>>> MS-MVP - Windows Desktop Experience: Systems Administration >>>>> http://www.vistahelp.ca/phpBB2/ >>>>> >>>>> >>>>> >>>>> >>>>> "Tom" <DontSpamMr_tsquare@hotmail.com> wrote in message >>>>> news:29DCDCD3-5FDA-4FE8-80EF-6EC8253E87A0@microsoft.com... >>>>>> >>>>>> "FromTheRafters" <erratic@nomail.afraid.org> wrote in message >>>>>> news:uB%23tnAihJHA.4408@TK2MSFTNGP06.phx.gbl... >>>>>>> >>>>>>> "Tom" <DontSpamMr_tsquare@hotmail.com> wrote in message >>>>>>> news:C1EBA448-8A14-4020-9E7D-EEF8E6F78122@microsoft.com... >>>>>>>> Interesting read. As I understand it, there are characteristics to >>>>>>>> each object that the casual observer/administrator can't see, let >>>>>>>> alone modify/control. >>>>>>> >>>>>>> Yes, and access can be denied before any "permissions" are checked. >>>>>>> >>>>>>>> As I said above, I tried taking ownership, turning off/on protected >>>>>>>> mode etc, >>>>>>> >>>>>>> I'm not sure turning off protected mode actually removes MIC from >>>>>>> other aspects of the system. It may just run IE elevated - I haven't >>>>>>> looked into it. Protected mode uses MIC not the other way 'round. >>>>>> >>>>>> >>>>>> >>>>>> Don't think that IE ran elevated with Protected Mode turned off as IE >>>>>> was still unable to write new shortcuts to the "moved" folders. >>>>>> Recall that I as Administrator was able to write/copy files to those >>>>>> folders, but IE was not. Interestingly, turning off UAC "fixes" the >>>>>> problem, allowing IE to once again write to those "moved" folders. >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>> >>>>>>>> but was only finally able (2 hours this afternoon) to get control >>>>>>>> of my Favorites chain by dragging each folder in my favorites off >>>>>>>> onto the desk top, creating a new folder in the Favorites chain of >>>>>>>> a similar name and then dragging the shortcut contents of the moved >>>>>>>> folders back into the new folders. >>>>>> >>>>>> I'm guessing that my "user" account in creating new folders made it >>>>>> so that IE had sufficient "Integrety" (medium) to then write to them >>>>>> as well. >>>>>> >>>>>> >>>>>>> >>>>>>> Sounds like an 'end run' around MIC to me. Glad you got it sorted. >>>>>>> I'm >>>>>>> thinking your favorites data became untrusted >>>>>> >>>>>> Only certain folders - What I did was copy/move files and folders off >>>>>> of the thumb drive to the new Favorites folder. I trusted the >>>>>> folders I moved and my problem was to somehow convince Vista to trust >>>>>> them too. Not sure how Vista would react to dumping a bunch of >>>>>> folder/file data into a new Vista system. I guess IE or (I haven't >>>>>> tried this) notepad wouldn't be able write to/modify that data. >>>>>> >>>>>> due to the way you tried >>>>>>> to migrate it. It regained trust when you manipulated it on the >>>>>>> desktop. >>>>>> >>>>>> Interesting that the folders were a problem and not the >>>>>> shortcuts/executables. >>>>>> >>>>>>> >>>>>>> Just guessing though. >>>>>>> >>>>>>>> If you right-click on any folder and choose properties and >>>>>>>> security, you see the Group/user names (accounts?) and each of >>>>>>>> their "Permissions". The FOLDERS that I had problems with had a >>>>>>>> check mark under the allow/Special Permissions for >>>>>>>> Administrators(that's me as there are no other users). The folders >>>>>>>> that I had not problems with did NOT have a check mark under the >>>>>>>> Allow/Special Permissions. >>>>>>>> >>>>>>>> Now, whatever that means - MIC? >>>>>>> >>>>>>> Nope, permissions again. Regular permissions are like ordering a #22 >>>>>>> Chinese >>>>>>> take-out order. Special permissions sort of lets you pick from >>>>>>> columns A, B, C, >>>>>>> etc...for a better custom fit. >>>>>>> >>>>>>> http://support.microsoft.com/kb/308419 >>>>>> >>>>>> XP stuff. Is Vista 64 the same? >>>>>> >>>>>> >>>>>>> >>>>>>>> Magic stuff. Will Windows 7 fix this? >>>>>>> >>>>>>> I don't think so as it is not broken. I assume most people won't be >>>>>>> migrating their data this way. >>>>>> >>>>>> But I think it its broken. Certainly not from the perspective of >>>>>> computer science or secure business software, but from the >>>>>> perspective of the "power user" who got used to doing things in a >>>>>> reasonable way and gets a little upset when there seems to be no good >>>>>> reason for it to change on MY computer. The thread above started by >>>>>> Kathy resonates a little for me. The link you provided above >>>>>> references Windows XP where none of this was an issue, (at least in >>>>>> my experience) but now with Vista, we are suddenly not so much >>>>>> masters of our own hardware system. >>>>>>> >>>>>>> [...] >>>>>>> >>>>>> >>>>>> BTW FromTheRafters, I really appreciate the discussion and attempts >>>>>> to educate - hard as it is ;<) >>>>>> >>>>>> >>>></span> >> </span></span> Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.