Archives for November 2013

UAC modified groups

So I was searching for which groups that User Access Control (UAC) removes from the default kerberos ticket. After alot of googling, and even reading the old UAC blog. So I decided to make the list myself. And not finding it I decided to build the list.

But first what is UAC?

UAC helps secure a system by removing some groups from the kerberos ticket used by Explorer.exe. When you run a program as Administrator it will run with the full kerberos ticket.

Which windows groups are removed from the default kerberos ticket? [Read more…]

Add a Private folder to all homedirectories with ACLs

So I found a user on Microsoft Social that needed some help creating a Privet folder in all users home directories and applying special permissions on that folder.

So I reused some old blog entries about Using powershell and SIDs to change ACLs and Remove NTFS rights inheritance using Powershell and wrote together a small script.

This script will take all users with a homedirectory, create a Private folder, and then set the required rights.

Remove NTFS rights inheritance using Powershell

So I needed to remove the inheritance of a folder. Yes its easy to do with icacls, just icacls /inheritance:e|d|r. Where E is enable, D is copy all ACEs and R removes all inherited rights.
But this is about doing it with powershell. [Read more…]