"Juan" <jvaleromt***@gmail.com> wrote in message
news:f7626b92-bc13-43c8-a41b-bd829794f6c0@s36g2000vbp.googlegroups.com...
> Hi,
>
> I'm developing a vbscript. The vbscript needs to access every file, or
> folder, in the local hard disks. I only need to access the name of the
> file. I'm using Windows XP and a NTFS partition, so it's possible to
> restrict access to a folder so only for the owner is able to access
> the folder.
>
> To avoid this situation, It's suppose that the NT AUTHORITY/system
> account is able to access every file in the system. To execute the
> vbscript I'm using the Scheduled Tasks, using the system account. But,
> when the script tries to access a protected folder a "Permission
> denied" error is returned.
>
> Does anybody have any idea what can be happening?.
>
> Thank you very much.
>
> Regards.
>
> Juan.

On Mar 11, 4:17 pm, "Pegasus" <n***@microsoft.com> wrote:
> "Juan" <jvaleromt***@gmail.com> wrote in message
>
> news:f7626b92-bc13-43c8-a41b-bd829794f6c0@s36g2000vbp.googlegroups.com...
>
>
>
>
>
> > Hi,
>
> > I'm developing a vbscript. The vbscript needs to access every file, or
> > folder, in the local hard disks. I only need to access the name of the
> > file. I'm using Windows XP and a NTFS partition, so it's possible to
> > restrict access to a folder so only for the owner is able to access
> > the folder.
>
> > To avoid this situation, It's suppose that the NT AUTHORITY/system
> > account is able to access every file in the system. To execute the
> > vbscript I'm using the Scheduled Tasks, using the system account. But,
> > when the script tries to access a protected folder a "Permission
> > denied" error is returned.
>
> > Does anybody have any idea what can be happening?.
>
> > Thank you very much.
>
> > Regards.
>
> > Juan.
>
> Run the batch file c:\Juan.bat (see below) in three modes:
> a) When logged on as Administrator
> b) As a scheduled task in the same way as you do with your script.
> c) As a scheduled task, invoked like so:
>     at 16:45 c:\Juan.bat
>     (Make sure the time is 5 minutes in the future)
>
> @echo off
> set folder=d:\Some Folder
> echo %date% %time% %UserName% >> c:\test.txt
> cacls "%folder%" 1>>c:\test.txt 2>>&1
> dir  "%folder%" 1>>c:\test.txt 2>>&1
> echo. 1>>c:\test.txt 2>>&1
>
> When finished, post the contents of c:\test.txt.- Hide quoted text -
>
> - Show quoted text -

"Juan" <jvaleromt***@gmail.com> wrote in message
news:43c76394-5c51-4cef-8bf1-e89e7d2f9a39@e18g2000yqo.googlegroups.com...
On Mar 11, 4:17 pm, "Pegasus" <n***@microsoft.com> wrote:
> "Juan" <jvaleromt***@gmail.com> wrote in message
>
> news:f7626b92-bc13-43c8-a41b-bd829794f6c0@s36g2000vbp.googlegroups.com...
>
>
>
>
>
> > Hi,
>
> > I'm developing a vbscript. The vbscript needs to access every file, or
> > folder, in the local hard disks. I only need to access the name of the
> > file. I'm using Windows XP and a NTFS partition, so it's possible to
> > restrict access to a folder so only for the owner is able to access
> > the folder.
>
> > To avoid this situation, It's suppose that the NT AUTHORITY/system
> > account is able to access every file in the system. To execute the
> > vbscript I'm using the Scheduled Tasks, using the system account. But,
> > when the script tries to access a protected folder a "Permission
> > denied" error is returned.
>
> > Does anybody have any idea what can be happening?.
>
> > Thank you very much.
>
> > Regards.
>
> > Juan.
>
> Run the batch file c:\Juan.bat (see below) in three modes:
> a) When logged on as Administrator
> b) As a scheduled task in the same way as you do with your script.
> c) As a scheduled task, invoked like so:
> at 16:45 c:\Juan.bat
> (Make sure the time is 5 minutes in the future)
>
> @echo off
> set folder=d:\Some Folder
> echo %date% %time% %UserName% >> c:\test.txt
> cacls "%folder%" 1>>c:\test.txt 2>>&1
> dir "%folder%" 1>>c:\test.txt 2>>&1
> echo. 1>>c:\test.txt 2>>&1
>
> When finished, post the contents of c:\test.txt.- Hide quoted text -
>
> - Show quoted text -

On Mar 12, 11:08 am, "Pegasus [MVP]" <n***@microsoft.com> wrote:
> "Juan" <jvaleromt***@gmail.com> wrote in message
>
> news:43c76394-5c51-4cef-8bf1-e89e7d2f9a39@e18g2000yqo.googlegroups.com...
> On Mar 11, 4:17 pm, "Pegasus" <n***@microsoft.com> wrote:
>
>
>
>
>
> > "Juan" <jvaleromt***@gmail.com> wrote in message
>
> >news:f7626b92-bc13-43c8-a41b-bd829794f6c0@s36g2000vbp.googlegroups.com....
>
> > > Hi,
>
> > > I'm developing a vbscript. The vbscript needs to access every file, or
> > > folder, in the local hard disks. I only need to access the name of the
> > > file. I'm using Windows XP and a NTFS partition, so it's possible to
> > > restrict access to a folder so only for the owner is able to access
> > > the folder.
>
> > > To avoid this situation, It's suppose that the NT AUTHORITY/system
> > > account is able to access every file in the system. To execute the
> > > vbscript I'm using the Scheduled Tasks, using the system account. But,
> > > when the script tries to access a protected folder a "Permission
> > > denied" error is returned.
>
> > > Does anybody have any idea what can be happening?.
>
> > > Thank you very much.
>
> > > Regards.
>
> > > Juan.
>
> > Run the batch file c:\Juan.bat (see below) in three modes:
> > a) When logged on as Administrator
> > b) As a scheduled task in the same way as you do with your script.
> > c) As a scheduled task, invoked like so:
> > at 16:45 c:\Juan.bat
> > (Make sure the time is 5 minutes in the future)
>
> > @echo off
> > set folder=d:\Some Folder
> > echo %date% %time% %UserName% >> c:\test.txt
> > cacls "%folder%" 1>>c:\test.txt 2>>&1
> > dir "%folder%" 1>>c:\test.txt 2>>&1
> > echo. 1>>c:\test.txt 2>>&1
>
> > When finished, post the contents of c:\test.txt.- Hide quoted text -
>
> > - Show quoted text -
>
> Hi Pegasus,
>
> First of all, thank you very much for your help.
>
> I send the results of the batch file in the tree modes. It's extrange
> that the user name in the cases b and c does not appear.
>
> Test_administrator.txt
> ------------------------------------------------------------------
> 12/03/2009 10:38:04,35 Administrator
> e:\HPAdmin
> Access is denied.
>  Volume in drive E is Datos
>  Volume Serial Number is 4E37-C425
>
>  Directory of e:\HPAdmin
>
> File Not Found
>
> Test_sch.txt
> ------------------------------------------------------------------
> 12/03/2009 10:40:21,01
> e:\HPAdmin
> Access is denied.
>  Volume in drive E is Datos
>  Volume Serial Number is 4E37-C425
>
>  Directory of e:\HPAdmin
>
> File Not Found
>
> Test_at.txt
> ------------------------------------------------------------------
> 12/03/2009 10:39:00,07
> e:\HPAdmin
> Access is denied.
>  Volume in drive E is Datos
>  Volume Serial Number is 4E37-C425
>
>  Directory of e:\HPAdmin
>
> File Not Found
>
> I tried something similar, in my script I added a function to show the
> username. And when the script was executed with Scheduled Task or at
> command, the SYSTEM user was showed.
>
> The function, that I used, was:
>
> Function WhoAmI
>
>     Dim objNetwork
>     Dim strCurrentUserName, strCurrentDomainName, strFullUserName
>     Dim strComputerName
>
>     Set objNetwork = WScript.CreateObject("WScript.Network")
>
>     strCurrentUserName = objNetwork.UserName
>     strCurrentDomainName = objNetwork.UserDomain
>     strComputerName = objNetwork.ComputerName
>
>     strFullUserName = strCurrentUserName
>
>     WhoAmI = strFullUserName
>     ' WScript.Echo "Current logged in user: " & strFullUserName & " on
> " & strComputerName & VbCrLf
>
> End Function
>
> Again, thank you very much.
>
> Regards.
>
> ================
>
> I had forgotten that the System account does not show up when you run a
> session under this account.
>
> Toget back to your main issue: I would do this -
> 1. Seize ownership of the folder.
> 2. Set the permissions so that only the System and the user's account can
> access the folder.
> 3. Use at.exe to run my batch file to recheck the permission structure.- Hide quoted text -
>
> - Show quoted text -

On Mar 13, 10:53 am, "Pegasus [MVP]" <n***@microsoft.com> wrote:
> "Juan" <jvaleromt***@gmail.com> wrote in message
>
> news:2e435b2e-8c77-4864-83a2-b7d43513b500@y13g2000yqn.googlegroups.com...
>
> <snip>
>
> Hi Pegasus,
>
> I've made the steps you told me.
>
> As you can see, It's possible to access the folder. But, the question
> is. Would it be possible to access the folder, using a script executed
> by the SYSTEM account, if I remove the permissions for the SYSTEM
> user?.
>
> ==============
>
> No, it isn't.

"Juan" <jvaleromt***@gmail.com> wrote in message
news:6f4f0b80-4d39-4abc-a0c1-bb66aada2877@y13g2000yqn.googlegroups.com...
On Mar 13, 10:53 am, "Pegasus [MVP]" <n***@microsoft.com> wrote:
> "Juan" <jvaleromt***@gmail.com> wrote in message
>
> news:2e435b2e-8c77-4864-83a2-b7d43513b500@y13g2000yqn.googlegroups.com...
>
> <snip>
>
> Hi Pegasus,
>
> I've made the steps you told me.
>
> As you can see, It's possible to access the folder. But, the question
> is. Would it be possible to access the folder, using a script executed
> by the SYSTEM account, if I remove the permissions for the SYSTEM
> user?.
>
> ==============
>
> No, it isn't.

On 13 mar, 18:12, "Pegasus" <n***@microsoft.com> wrote:
> "Juan" <jvaleromt***@gmail.com> wrote in message
>
> news:6f4f0b80-4d39-4abc-a0c1-bb66aada2877@y13g2000yqn.googlegroups.com...
> On Mar 13, 10:53 am, "Pegasus [MVP]" <n***@microsoft.com> wrote:
>
>
>
>
>
> > "Juan" <jvaleromt***@gmail.com> wrote in message
>
> >news:2e435b2e-8c77-4864-83a2-b7d43513b500@y13g2000yqn.googlegroups.com...
>
> > <snip>
>
> > Hi Pegasus,
>
> > I've made the steps you told me.
>
> > As you can see, It's possible to access the folder. But, the question
> > is. Would it be possible to access the folder, using a script executed
> > by the SYSTEM account, if I remove the permissions for the SYSTEM
> > user?.
>
> > ==============
>
> > No, it isn't.
>
> Pegasus,
>
> Thank you very much for your help.
>
> Only one thinking... I don't understand why some antivirus software (I
> have installed Symantec) is able to access folders with kind of
> permissions. I suppose, the antivirus software has a way to bypass
> NTFS security.
>
> Regards.
>
> ==================
>
> What makes you think that AV software can access folders that are beyond the
> reach of the System account?- Ocultar texto de la cita -
>
> - Mostrar texto de la cita -

"Juan" <jvaleromt***@gmail.com> wrote in message
news:97fbb24a-8bb7-41af-a0e1-9b6cb412f57c@w34g2000yqm.googlegroups.com...
> On 13 mar, 18:12, "Pegasus" <n***@microsoft.com> wrote:
>> "Juan" <jvaleromt***@gmail.com> wrote in message
>>
>> news:6f4f0b80-4d39-4abc-a0c1-bb66aada2877@y13g2000yqn.googlegroups.com...
>> On Mar 13, 10:53 am, "Pegasus [MVP]" <n***@microsoft.com> wrote:
>>
>>
>>
>>
>>
>> > "Juan" <jvaleromt***@gmail.com> wrote in message
>>
>> >news:2e435b2e-8c77-4864-83a2-b7d43513b500@y13g2000yqn.googlegroups.com...
>>
>> > <snip>
>>
>> > Hi Pegasus,
>>
>> > I've made the steps you told me.
>>
>> > As you can see, It's possible to access the folder. But, the question
>> > is. Would it be possible to access the folder, using a script executed
>> > by the SYSTEM account, if I remove the permissions for the SYSTEM
>> > user?.
>>
>> > ==============
>>
>> > No, it isn't.
>>
>> Pegasus,
>>
>> Thank you very much for your help.
>>
>> Only one thinking... I don't understand why some antivirus software (I
>> have installed Symantec) is able to access folders with kind of
>> permissions. I suppose, the antivirus software has a way to bypass
>> NTFS security.
>>
>> Regards.
>>
>> ==================
>>
>> What makes you think that AV software can access folders that are beyond
>> the
>> reach of the System account?- Ocultar texto de la cita -
>>
>> - Mostrar texto de la cita -
>
> Because, If I scan for viruses in the "problematic" folder, the AV
> software doesn't complain about "Access Denied" error and the AV
> software says that certain number of files has beed scanned.