????
Your IP : 3.133.59.209

Current Path : C:/Windows/INF/
Current File : C:/Windows/INF/dcup5.inf
��; Copyright (c) Microsoft Corporation.  All rights reserved.

;

; Security Configuration Template for Security Configuration Editor

;

; Template Name:        DCUp5.INF

; Template Version:     05.10.DU.0000

;

; Default Security for NT5 to NT5 DC Upgrade

;

; Revision History

; 0000  - Win2k to Win2k DC upgrades (straight setup - no DCPromo)





; Please DO NOT EDIT version section.

;

[version]

signature="$CHICAGO$"

revision=1

DriverVer = 06/21/2006,10.0.20348.2849



[System Access]

;----------------------------------------------------------------

;Local Policies - Security Options

;----------------------------------------------------------------

LSAAnonymousNameLookup = 0



;----------------------------------------------------------------

;Event Log - Log Settings

;----------------------------------------------------------------



[System Log]

RestrictGuestAccess = 1



[Security Log]

RestrictGuestAccess = 1



[Application Log]

RestrictGuestAccess = 1



[Privilege Rights]

;

;World                          S-1-1-0

;

;NT Authority                   S-1-5

;ENTERPRISE_CONTROLLERS         9

;AUTHENTICATED_USER             11

;LOCAL_SERVICE                  19

;NETWORK_SERVICE                20

;

;Built-In Domain SubAuthority = S-1-5-32

;ADMINISTRATORS                 544

;USERS                          545

;GUESTS                         546

;POWER_USERS (DEPRECATED)

;ACCOUNT_OPS                    548

;SYSTEM_OPS                     549

;PRINT_OPS                      550

;BACKUP_OPS                     551

;REPLICATOR                     552

;RAS_SERVERS                    553

;PREW2KCOMPACCESS               554

;REMOTE_DESKTOP_USERS           555

;NETWORK_CONFIGURATION_OPS      556



SeAssignPrimaryTokenPrivilege = Add:, *S-1-5-19, *S-1-5-20

SeAuditPrivilege = Add:, *S-1-5-19, *S-1-5-20

SeBatchLogonRight = Add:, *S-1-5-32-544, *S-1-5-32-551

SeChangeNotifyPrivilege = Add:, *S-1-5-32-554, *S-1-5-19, *S-1-5-20

SeCreateGlobalPrivilege = Add:, *S-1-5-6, *S-1-5-32-544, *S-1-5-19, *S-1-5-20

SeCreateSymbolicLinkPrivilege = Add:, *S-1-5-32-544

SeImpersonatePrivilege = Add:, *S-1-5-6, *S-1-5-32-544, *S-1-5-19, *S-1-5-20

SeIncreaseBasePriorityPrivilege = Add:, *S-1-5-90-0

SeIncreaseQuotaPrivilege = Add:, *S-1-5-19, *S-1-5-20

SeIncreaseWorkingSetPrivilege = Add:, *S-1-5-32-545

SeLoadDriverPrivilege = Add:, *S-1-5-32-550

SeManageVolumePrivilege = Add:, *S-1-5-32-544

SeNetworkLogonRight = Add:, *S-1-5-9, *S-1-5-32-554

SeRemoteInteractiveLogonRight = Add:, *S-1-5-32-544, Remove:, *S-1-5-32-555

SeShutdownPrivilege = Remove:, *S-1-5-32-548

SeSystemTimePrivilege = Add:, *S-1-5-19, *S-1-5-32-549, Remove:, *S-1-5-20

SeTimeZonePrivilege = Add:, *S-1-5-32-544, *S-1-5-19, *S-1-5-32-549

SeInteractiveLogonRight = Remove:, TsInternetUser



;----------------------------------------------------------------

;Registry Values

;----------------------------------------------------------------

[Registry Values]

;Define only those reg values that are new for Whistler so upgraded Win2k DC = Clean-install Whistler Server+DCpromo.

;Unlike DefltDC and DCUp, these registry values will never be added to the Default DC GPO.

;Note: Packet Signing defined in Default DC GPO (via Defltdc or DCUp) when Win2k Domain was created.



;We need to make sure Server-Side Packet Signing is on in the DC case.

MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableSecuritySignature=4,1

MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\RequireSecuritySignature=4,1



MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UndockWithoutLogon=4,1



MACHINE\System\CurrentControlSet\Control\Lsa\DisableDomainCreds=4,0

MACHINE\System\CurrentControlSet\Control\Lsa\EveryoneIncludesAnonymous=4,0

MACHINE\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy\Enabled=4,0



MACHINE\System\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedPaths\Machine=8,Add:,Software\Microsoft\Windows NT\CurrentVersion\Print,Software\Microsoft\Windows NT\CurrentVersion\Windows,Remove:,System\CurrentControlSet\Control\ProductOptions,System\CurrentControlSet\Control\Server Applications,Software\Microsoft\Windows NT\CurrentVersion

MACHINE\System\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedExactPaths\Machine=8,Add:,System\CurrentControlSet\Control\ProductOptions,System\CurrentControlSet\Control\Server Applications,Software\Microsoft\Windows NT\CurrentVersion



MACHINE\System\CurrentControlSet\Control\Session Manager\Kernel\ObCaseInsensitive=4,1



MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\RestrictNullSessAccess=4,1



MACHINE\System\CurrentControlSet\Services\LDAP\LDAPClientIntegrity=4,1



MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireSignOrSeal=4,1



[Service General Setting]

;Note: startup type should not be configured during setup\dcpromo.

;autostarted on workstations and servers, standalone or joined

Browser,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"

;TrkWks,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"

;Dnscache,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;NO)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"

;PolicyAgent,,"D:(A;;CCLCSWLORC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"

dmserver,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"

;PlugPlay,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"

;Spooler,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"

;ProtectedStorage,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"

;RpcSs,,"D:(A;;CCLCSWLORC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPLO;;;IU)(A;;CCLCSWRPLO;;;BU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"

NtmsSvc,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"

;seclogon,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"

SamSs,,"D:(A;;CCLCSWLORC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLO;;;IU)(A;;CCLCSWLO;;;BU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"

;lanmanserver,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"

;SENS,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"

;Schedule,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"

Sysmonlog,,"D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCLCRPLOCR;;;LU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"

;LmHosts,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"

;LanmanWorkstation,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"

;RemoteRegistry,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"



;Not autostarted, but non-default DACL - Remove PU ability to change template

ClipSrv,,"D:(A;;CCLCSWLORC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPLO;;;IU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"

NetDDE,,"D:(A;;CCLCSWLORC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPLO;;;IU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"

NetDDEdsdm,,"D:(A;;CCLCSWLORC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPLO;;;IU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"

;EventSystem,,"D:(A;;CCLCSWRPLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"



;Not autostarted if machine is standalone

;Netlogon,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"

;W32Time,,"D:(A;;CCLCSWLORC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPLO;;;IU)(A;;CCLCSWRPLO;;;BU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"



;Server Only Services

Dfs,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"

LicenseService,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"



;IIS Specific Services - Leave them alone

;IISADMIN,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"

;W3SVC,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"

;MSFTPSVC,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"

;SMTPSVC,,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"





;

; set default startup for the following services - do not touch permissions

;

upnphost,4,""

ssdpsrv,4,""





[Registry Keys]



;Same as parent, but this is the target of a symlink - set explicitly.





"MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GR;;;S-1-15-2-1)(A;CI;GR;;;S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681)"

"MACHINE\SOFTWARE\Microsoft\NTDS",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GR;;;S-1-15-2-1)(A;CI;GR;;;S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681)"

"MACHINE\SOFTWARE\Microsoft\OLAP Server\CurrentVersion\SECURITY",1,"D:AR"

"MACHINE\SOFTWARE\Microsoft\SystemCertificates",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GR;;;S-1-15-2-1)(A;CI;GR;;;S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681)"

"MACHINE\SOFTWARE\Microsoft\SystemCertificates\Authroot",2,"D:AI(A;CIOI;GA;;;S-1-5-80-242729624-280608522-2219052887-3187409060-2225943459)"



"MACHINE\SOFTWARE\Microsoft\Windows",0,"D:AR"



"MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GR;;;S-1-15-2-1)(A;CI;GR;;;S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681)"

"MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GR;;;S-1-15-2-1)(A;CI;GR;;;S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681)"



;Don't overwrite the following keys which are protected and secured by the component

"MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy",1,"D:AR"

"MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies",1,"D:AR"

"MACHINE\SOFTWARE\Microsoft\SMS",1,"D:AR"



"MACHINE\SOFTWARE\Microsoft\Windows NT",0,"D:AR"



"MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EFS",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GR;;;S-1-15-2-1)(A;CI;GR;;;S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681)"

"MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PerHwIdStorage",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GR;;;S-1-15-2-1)(A;CI;GR;;;S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681)"

"MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing",2,"D:P(A;CI;GRGWSD;;;LS)(A;CI;GRGWSD;;;NS)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"



"MACHINE\SYSTEM",0,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GR;;;S-1-15-2-1)(A;CI;GR;;;S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681)"



"MACHINE\SYSTEM\Clone",1,"D:AR"



"MACHINE\SYSTEM\ControlSet001",1,"D:AR"

"MACHINE\SYSTEM\ControlSet002",1,"D:AR"

"MACHINE\SYSTEM\ControlSet003",1,"D:AR"

"MACHINE\SYSTEM\ControlSet004",1,"D:AR"

"MACHINE\SYSTEM\ControlSet005",1,"D:AR"

"MACHINE\SYSTEM\ControlSet006",1,"D:AR"

"MACHINE\SYSTEM\ControlSet007",1,"D:AR"

"MACHINE\SYSTEM\ControlSet008",1,"D:AR"

"MACHINE\SYSTEM\ControlSet009",1,"D:AR"

"MACHINE\SYSTEM\ControlSet010",1,"D:AR"



"MACHINE\SYSTEM\CurrentControlSet\Control",0,"D:P(A;CI;GR;;;AU)(A;CI;GRGWSD;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GR;;;S-1-15-2-1)(A;CI;GR;;;S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681)"



"MACHINE\SYSTEM\CurrentControlSet\Control\Class",0,"D:AR"

"MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts",2,"D:(A;CI;GR;;;WD)"

"MACHINE\SYSTEM\CurrentControlSet\Control\GraphicsDrivers",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"

"MACHINE\SYSTEM\CurrentControlSet\Control\LSA",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"

"MACHINE\SYSTEM\CurrentControlSet\Control\LSA\JD",2,"D:P(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"

"MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Skew1",2,"D:P(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"

"MACHINE\SYSTEM\CurrentControlSet\Control\LSA\GBG",2,"D:P(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"

"MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Data",2,"D:P(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"

"MACHINE\SYSTEM\CurrentControlSet\Control\Nsi",2,"D:P(A;CI;KR;;;BU)(A;CI;KA;;;BA)(A;CI;KA;;;SY)(A;CI;CCDCLCSWRPWPSDRC;;;NS)(A;CI;CCDCLCSWRPWPSDRC;;;LS)(A;CI;CCDCLCSWRPSDRC;;;NO)(A;CI;CCDCLCSWRPWPSDRC;;;S-1-5-80-2940520708-3855866260-481812779-327648279-1710889582)(A;CIIO;RC;;;S-1-3-4)(A;CI;KR;;;S-1-15-2-1)(A;CI;KR;;;S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681)"

"MACHINE\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a00-9b1a-11d4-9123-0050047759bc}\4",2,"D:P(A;CI;CCDCLCSWRPRC;;;AU)(A;CI;CCDCLCSWRPWPSDRC;;;LS)(A;CI;CCDCLCSWRPWPSDRC;;;NS)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CIIO;RC;;;S-1-3-4)(A;CI;KR;;;S-1-15-2-1)(A;CI;KR;;;S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681)"

"MACHINE\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a01-9b1a-11d4-9123-0050047759bc}\4",2,"D:P(A;CI;CCDCLCSWRPRC;;;AU)(A;CI;CCDCLCSWRPWPSDRC;;;LS)(A;CI;CCDCLCSWRPWPSDRC;;;NS)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CIIO;RC;;;S-1-3-4)(A;CI;KR;;;S-1-15-2-1)(A;CI;KR;;;S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681)"

"MACHINE\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a1C-9b1a-11d4-9123-0050047759bc}\0",2,"D:P(A;CI;CCDCLCSWRPRC;;;AU)(A;CI;CCDCLCSWRPWPSDRC;;;LS)(A;CI;CCDCLCSWRPWPSDRC;;;NS)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CIIO;RC;;;S-1-3-4)(A;CI;KR;;;S-1-15-2-1)(A;CI;KR;;;S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681)"

"MACHINE\SYSTEM\CurrentControlSet\Control\PriorityControl",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"

"MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)"



"MACHINE\SYSTEM\CurrentControlSet\Enum",1,"D:AR"

"MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles",1,"D:AR"



;Don't whack more restrictive security subkeys

"MACHINE\SYSTEM\CurrentControlSet\Services",0,"D:P(A;CI;GR;;;AU)(A;CI;GRGWSD;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)(A;CI;GR;;;S-1-15-2-1)(A;CI;GR;;;S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681)"

"MACHINE\SYSTEM\CurrentControlSet\Services\KDC",0,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"

"MACHINE\SYSTEM\CurrentControlSet\Services\LicenseInfo",2,"D:AR(A;CI;CCLCSWRPRC;;;NS)(A;CIIO;CCDCLCSWRPRC;;;NS)"

"MACHINE\SYSTEM\CurrentControlSet\Services\NTDS",0,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"

"MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters",0,"D:P(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"

"MACHINE\SYSTEM\CurrentControlSet\Services\NTFRS",0,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"

"MACHINE\SYSTEM\CurrentControlSet\Services\SysmonLog\Log Queries",2,"D:(A;CI;GA;;;NS)(A;CI;CCDCLCSWSDRC;;;LU)"





"MACHINE\SYSTEM\CurrentControlSet\Services\WinTrust",2,"D:P(A;CI;GR;;;AU)(A;CI;GR;;;SO)(A;CI;GA;;;BA)(A;CI;GA;;;SY)(A;CI;GA;;;CO)"



"USERS\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\ProtectedRoots",1,"D:AR"



[File Security]





;---------------------------------------------------------------------------------------------

;ProgramFiles

;---------------------------------------------------------------------------------------------

"%SceInfCommonProgramFiles%\Microsoft Shared\Speech",2,"D:P(A;CIOI;GRGX;;;AU)(A;CIOI;GRGX;;;SO)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"

"%SceInfCommonProgramFiles%\SpeechEngines\Microsoft\TTS",2,"D:P(A;CIOI;GRGX;;;AU)(A;CIOI;GRGX;;;SO)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"



;---------------------------------------------------------------------------------------------

;Win64 ProgramFiles Directory

;---------------------------------------------------------------------------------------------



;---------------------------------------------------------------------------------------------

; ProgramData Folder (Typically \ProgramData)

;---------------------------------------------------------------------------------------------





;---------------------------------------------------------------------------------------------

;System Root (Typically \WINDOWS)

;---------------------------------------------------------------------------------------------



;Different from parent

"%SystemRoot%\Debug",2,"D:P(A;;GX;;;AU)(A;;GX;;;SO)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"

"%SystemRoot%\Driver Cache",2,"D:P(A;CIOI;GRGX;;;AU)(A;CIOI;GRGX;;;SO)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"

"%SystemRoot%\mui",2,"D:P(A;CIOI;GRGX;;;AU)(A;CIOI;GRGX;;;SO)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"



;Directories that did not exist when security applied during clean-install Server - Creator specifies directory security.

;We explicitly ignore so as not to whack the component-specified DIRECTORY security during DCPromo.

;Previous directory security should be compatible with DC's or component should reset during DCPromo.

"%Systemroot%\repair\default",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"

"%Systemroot%\repair\ntuser.dat",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"

"%Systemroot%\repair\sam",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"

"%Systemroot%\repair\security",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"

"%Systemroot%\repair\software",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"

"%Systemroot%\repair\system",2,"D:P(A;;GA;;;BA)(A;;GA;;;SY)"



; Directories that might not exist when security is applied; but are listed here

; so that they get secured correctly on converting the file system to NTFS

"%SystemRoot%\PCHEALTH\HELPCTR",2,"D:P(A;CIOI;GRGX;;;WD)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"



;Profile for LocalService and NetworkService, moved from Users in Longhorn, creator specifies security

"%SystemRoot%\ServiceProfiles\LocalService",1,"D:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;LS)"

"%SystemRoot%\ServiceProfiles\NetworkService",1,"D:P(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;NS)"



;---------------------------------------------------------------------------------------------

;System Directory (Typically \Windows\System32)

;---------------------------------------------------------------------------------------------

;Differences from parent

"%SystemDirectory%\config",2,"D:P(A;CI;GRGX;;;AU)(A;CI;GRGX;;;SO)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"

;Profile for system account - moved from Docs and Settings in Whistler. Creator specifies security.

"%SystemDirectory%\LogFiles",2,"D:P(A;CIOI;GRGX;;;AU)(A;CIOI;GRGX;;;SO)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"

"%SystemDirectory%\mui",2,"D:P(A;CIOI;GRGX;;;AU)(A;CIOI;GRGX;;;SO)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"





"%SystemDirectory%\Autoexec.nt",2,"D:P(A;;GRGX;;;AU)(A;;GRGWGXSD;;;SO)(A;;GA;;;BA)(A;;GA;;;SY)"

"%SystemDirectory%\CMOS.RAM",2,"D:P(A;;GRGX;;;AU)(A;;GRGWGXSD;;;SO)(A;;GA;;;BA)(A;;GA;;;SY)"

"%SystemDirectory%\Config.nt",2,"D:P(A;;GRGX;;;AU)(A;;GRGWGXSD;;;SO)(A;;GA;;;BA)(A;;GA;;;SY)"

"%SystemDirectory%\Midimap.cfg",2,"D:P(A;;GRGX;;;AU)(A;;GRGWGXSD;;;SO)(A;;GA;;;BA)(A;;GA;;;SY)"



;Directories that did not exist when security applied during clean-install Server - Creator specifies directory security.

;We explicitly ignore so as not to whack the component-specified DIRECTORY security during DCPromo.

;Previous directory security should be compatible with DC's or component should reset during DCPromo.

"%SystemDirectory%\appmgmt",1,"D:AR"





; Directories that might not exist when security is applied; but are listed here

; so that they get secured correctly on converting the file system to NTFS

"%SystemDirectory%\Windows media\Server\ASFArchiver.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"

"%SystemDirectory%\Windows media\Server\Namespace.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"

"%SystemDirectory%\Windows media\Server\WMIBridge.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"

"%SystemDirectory%\Windows media\Server\wmsactscrpt.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"

"%SystemDirectory%\Windows media\Server\WMServer.exe",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"

"%SystemDirectory%\Windows media\Server\WMSIpHlp.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"

"%SystemDirectory%\Windows media\Server\WMSLF.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"

"%SystemDirectory%\Windows media\Server\WMSServer.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"

"%SystemDirectory%\Windows media\Server\WMSServerConfig.exe",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"

"%SystemDirectory%\Windows media\Server\WMSServerResource.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"

"%SystemDirectory%\Windows media\Server\WMSServerResourceRES.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"

"%SystemDirectory%\Windows media\Server\WMSServerUpgrade.exe",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"

"%SystemDirectory%\Windows media\Server\wmssnmp.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"

"%SystemDirectory%\Windows media\Server\WMSSrvMk.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"

"%SystemDirectory%\Windows media\Server\Microsoft.WindowsMediaServices.DLL",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"

"%SystemDirectory%\Windows media\Server\interop_msxml.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"

"%SystemDirectory%\Windows media\Server\nsneterr.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"

"%SystemDirectory%\Windows Media\Server\Admin\mmc\PlaylistTransformPropPage.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"

"%SystemDirectory%\Windows Media\Server\Admin\mmc\strmtest.exe",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"

"%SystemDirectory%\Windows Media\Server\Admin\mmc\WMIListener.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"

"%SystemDirectory%\Windows Media\Server\Admin\mmc\WMSACLCheckPropPage.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"

"%SystemDirectory%\Windows Media\Server\Admin\mmc\WMSAdmin.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"

"%SystemDirectory%\Windows Media\Server\Admin\mmc\WMSAdminRES.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"

"%SystemDirectory%\Windows Media\Server\Admin\mmc\WMSAnonAuthenPropPage.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"

"%SystemDirectory%\Windows Media\Server\Admin\mmc\WMSArchiveSinkV1PropPage.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"

"%SystemDirectory%\Windows Media\Server\Admin\mmc\WMSBROWSE.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"

"%SystemDirectory%\Windows Media\Server\Admin\mmc\WMSBrowseRES.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"

"%SystemDirectory%\Windows Media\Server\Admin\mmc\WMSDigestAuthenPropPage.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"

"%SystemDirectory%\Windows Media\Server\Admin\mmc\wmseditor.exe",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"

"%SystemDirectory%\Windows Media\Server\Admin\mmc\WMSHTTPAuthenPropPage.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"

"%SystemDirectory%\Windows Media\Server\Admin\mmc\WMSHTTPControlPropPage.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"

"%SystemDirectory%\Windows Media\Server\Admin\mmc\WMSIPAccessPropPage.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"

"%SystemDirectory%\Windows Media\Server\Admin\mmc\WMSLogPropPages.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"

"%SystemDirectory%\Windows Media\Server\Admin\mmc\WMSMONITOR.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"

"%SystemDirectory%\Windows Media\Server\Admin\mmc\WMSMonitorRES.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"

"%SystemDirectory%\Windows Media\Server\Admin\mmc\WMSMulticastSinkPropPage.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"

"%SystemDirectory%\Windows Media\Server\Admin\mmc\WMSNetworkDataSourcePropPage.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"

"%SystemDirectory%\Windows Media\Server\Admin\mmc\WMSPLAYLIST.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"

"%SystemDirectory%\Windows Media\Server\Admin\mmc\WMSPlaylistRES.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"

"%SystemDirectory%\Windows Media\Server\Admin\mmc\WMSPluginRES.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"

"%SystemDirectory%\Windows Media\Server\Admin\mmc\WMSScriptPropPage.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"

"%SystemDirectory%\Windows Media\Server\Admin\mmc\WMSUnicastSinkPropPage.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"

"%SystemDirectory%\Windows Media\Server\Admin\mmc\WMSWizard.exe",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"

"%SystemDirectory%\Windows Media\Server\Admin\mmc\WMSWizardRES.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"

"%SystemDirectory%\Windows Media\Server\Admin\mmc\WMSWMIPropPage.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"

"%SystemDirectory%\Windows Media\Server\Admin\mmc\wmsperfmon.exe",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"

"%SystemDirectory%\Windows Media\Server\Admin\mmc\WMSHttpSysCfg.exe",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"

"%SystemDirectory%\Windows Media\Server\Admin\web\WMSASPADMIN.dll",2,"D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GRGX;;;NS)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"



;-----------------------------------------------------------------------------------------

; SysWOW64 directories

;-----------------------------------------------------------------------------------------





"%Systemroot%\SysWOW64\Export",2,"D:P(A;CIOI;GRGX;;;AU)(A;CIOI;GRGX;;;SO)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"





;---------------------------------------------------------------------------------------------

;DS Data and Log Directories.  Engine resolves via registry.

;---------------------------------------------------------------------------------------------

;Relying on fact that engine lets last one win when DSLog and DSDit are the same.

"%DSDIT%",2,"D:P(A;CIOI;GA;;;SY)(A;CIOI;GA;;;BA)"

"%DSLOG%",2,"D:P(A;CIOI;GA;;;SY)(A;CIOI;GA;;;BA)(A;OICIIO;GA;;;CO)(A;CI;0x100004;;;LS)"



;---------------------------------------------------------------------------------------------

;Sysvol. Engine resolves via registry.

;---------------------------------------------------------------------------------------------

;Ignore on upgrade

"%Sysvol%",1,"D:P(A;CIOI;GRGX;;;AU)(A;CIOI;GRGX;;;SO)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"

"%Sysvol%\domain\policies",1,"D:P(A;CIOI;GRGX;;;AU)(A;CIOI;GRGX;;;SO)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)(A;CIOI;GRGWGXSD;;;PA)"







[Strings]

SceInfAdministrator = "Administrator"

SceInfAdmins = "Administrators"

SceInfAcountOp = "Account Operators"

SceInfAuthUsers = "Authenticated Users"

SceInfBackupOp = "Backup Operators"

SceInfDomainAdmins = "Domain Admins"

SceInfDomainGuests = "Domain Guests"

SceInfDomainUsers = "Domain Users"

SceInfEnterpriseDCs = "ENTERPRISE DOMAIN CONTROLLERS"

SceInfEveryone = "Everyone"

SceInfGuests = "Guests"

SceInfGuest = "Guest"

SceInfLocalService = "Local Service"

SceInfNetworkService = "Network Service"

SceInfPowerUsers = "Power Users"

SceInfPrintOp = "Print Operators"

SceInfProgramFiles = "%ProgramFiles%"

SceInfProgramFilesx86 = "%ProgramFiles(x86)%"

SceInfCommonProgramFiles = "%CommonProgramFiles%"

SceInfRemoteDesktopUsers = "Remote Desktop Users"

SceInfReplicator = "Replicator"

SceInfServerOp = "Server Operators"

SceInfUsers = "Users"

SceInfMTSAdmins = "MTS Administrators"

SceInfMTSImpersonators = "MTS Impersonators"

SceInfMTSAdmin = "MTS_Admin"

SCEInfSysdir1 = "edit.com"

SCEInfSysdir2 = "edit.hlp"

SCEInfHelp1 = "signin.hlp"