|
|
|
|||||||
|
|
||||||||
|
|
|
|
|
|||||
|
||||||||
|
Setting PermissionsIt is necessary for both SYSTEM and ADMINISTRATOR to have full controlover a file (or the directory folder it is in) in order for Diskeeper to have access to move the file. This isbecause the Diskeeper service runs under the Administrator account, and System access is necessary to safely defragmentfiles. This is a security feature that is governed by the Windows NT C2 security requirements. Therefore, you should confirm that the permissions in the registryand in the root directory of each NTFS partition have "Type of Access" set to "Full Control"for both Administrator and System. These settings should not conflict with any security plan you have in place,since membership in the Administrator group should be very restricted, and System access applies only to the operatingsystem, not users. The account you are logged into must be a member of the Administratorsgroup (and Domain Admin, if applicable), but no other groups. Setting permissions on the root of the drive:
Note: On an existing partition, if you have modified securitysettings on any subdirectories, then the "Replace permissions ..." options will overwrite the old settings.If you've modified the settings, for user directories for example, you will not want to overwrite them. Use themethod below to add the needed settings to the existing ones. However if this is a new partition or you are certainthat you can overwrite existing settings go ahead and use these options and skip the 'cacls' step below.
Adding System and Administrator to Sub Directories.This procedure uses a utility called CACLS.exe which is on the NTdistribution CD. You can find more information about this utility in Windows help. Type cacls in the index tab. Open a command line window and go to the root of the drive you wantto change the permissions on. Type the command: cacls * /e /t /g "YOUR_DOMAIN\Domain Admins":F Administrators:FSYSTEM:F SPECIAL NOTE: If you see this message: "Unable to perform a securityoperation on an object which has no associated security" you are executing this from a FAT partition, youmust set default to the NTFS partition. This command would EDIT (/e) the ACLs rather than REPLACE them andrecursively apply them (/t) to subdirectories. Any number of ACCOUNT:PERM may follow the GRANT (/g) switch. Thereis additional flexibility built into the cacls command - it's only limitation is the dirth of selections for PERMvalues.
Setting Permissions in the registry NT4.0Caution: Editing the registry can be extremely dangerous and candisrupt your system to the point where your only option is to re-install Windows NT. Even if you know exactly what you are doing and are completely certainwhat the results will be, it is good policy always to back up your registry before making any changes. If you observeall precautions and dont "experiment" the registry may become one of your favorite tuning tools.
If you have any comments about this article orany requests for new technical articles e-mail
|
||||||||
|
|
Executive Software Europe |
|
||||||