Files saved in 'public' (Vista) or 'Shared' (XP) are not accessible to other users. This is extremely annoying when the files relate to pictures uploaded from a digital camera, or backups of files in the same shared (or public) area produced by a backup application. You can tell the affected pictures because a preview is not presented.
Now the bad thing about this problem is that even Administrators cannot access the file, but fortunately they CAN change the permissions.
Investigation:
There must be some commands that will let me examine the permissions. The GUI is one of those 'way too small - non-re-sizable mini-windows'.
This is for one I can see | This is for one I can't see |
 |  |
Now to the command line:
The command is icalcs.exe, which I found from here. Directory entries (via dir) and attributes (via attrib) are the same.
Starting a command prompt with 'Run as Administrator' and running the command:
icacls 100_066*.* /T /C
100_0664.jpg NT SERVICE\WMPNetworkSvc:(I)(R)
BUILTIN\Administrators:(I)(F)
I530S\AUser:(I)(F)
NT AUTHORITY\SYSTEM:(I)(F)
NT AUTHORITY\INTERACTIVE:(I)(M,DC)
NT AUTHORITY\SERVICE:(I)(M,DC)
NT AUTHORITY\BATCH:(I)(M,DC)
Everyone:(I)(F)
100_0665.jpg NT SERVICE\WMPNetworkSvc:(I)(R)
BUILTIN\Administrators:(I)(F)
I530S\AUser:(I)(F)
NT AUTHORITY\SYSTEM:(I)(F)
NT AUTHORITY\INTERACTIVE:(I)(M,DC)
NT AUTHORITY\SERVICE:(I)(M,DC)
NT AUTHORITY\BATCH:(I)(M,DC)
Everyone:(I)(F)
100_0666.jpg I530S\AUser:(I)(F)
NT AUTHORITY\SYSTEM:(I)(F)
BUILTIN\Administrators:(I)(F)
I530S\AdminAcc:(I)(RX)
100_0667.jpg I530S\AUser:(I)(F)
NT AUTHORITY\SYSTEM:(I)(F)
BUILTIN\Administrators:(I)(F)
I530S\AdminAcc:(I)(RX)
100_0668.jpg I530S\AUser:(I)(F)
NT AUTHORITY\SYSTEM:(I)(F)
BUILTIN\Administrators:(I)(F)
I530S\AdminAcc:(I)(RX)
100_0669.jpg I530S\AUser:(I)(F)
NT AUTHORITY\SYSTEM:(I)(F)
BUILTIN\Administrators:(I)(F)
I530S\AdminAcc:(I)(RX)
Solution:
So, now I've a Command file "Acl_ForPics.cmd" which contains:
icacls *.jpg /grant "NT SERVICE\WMPNetworkSvc:(R)"
icacls *.jpg /grant "BUILTIN\Administrators:(F)"
icacls *.jpg /grant "NT AUTHORITY\SYSTEM:(F)"
icacls *.jpg /grant "NT AUTHORITY\INTERACTIVE:(M,DC)"
icacls *.jpg /grant "NT AUTHORITY\SERVICE:(M,DC)"
icacls *.jpg /grant "NT AUTHORITY\BATCH:(M,DC)"
icacls *.jpg /grant "Everyone:(F)"
Run from a directory prompt it will add all the access I require. Shouldn't have to do it, but something somewhere is not setting permissions correctly, so this is a fix.
The original permissions are left in place, they could of course be deleted (replaced).
I know of similar problems in other machines with executing from directories and installing into directories other than "program files" - I'll be looking at that over Christmas.
No comments:
Post a Comment