Re: TIP: Add Folder Security tab to XP Home

Author	All Replies
redxii too big to fail Premium,Mod join:2001-02-26 Texas	reply to psloss Re: TIP: Add Folder Security tab to XP Home Does this compromise security by using 5 year old code? I just want to be able to use the Security tab, and it wasn't very nice of MS to leave it out.. I guess I could use Server 2003 Standard's files..
	to forum · permalink · · 2003-10-19 23:11:03 ·
psloss Premium join:2002-02-24 Alpharetta, GA	said by redxii : Does this compromise security by using 5 year old code? I just want to be able to use the Security tab, and it wasn't very nice of MS to leave it out.. I guess I could use Server 2003 Standard's files.. I hear you -- it would have been nice if they had at least provided a way to enable the functionality for power users. My concern isn't about a security compromise so much as data corruption -- and it's still unsubstantiated. I just found it odd that this package would "work" given that it predates XP. There has to be a reason why it works and short of that (or several reasons), it may only partially work (or worse). I just tried breaking the Security tab or making it go away and I found that two of the DLLs I referred to earlier -- the wsecedit.dll file and the scedll.dll file both do NOT work on the system. They fail to load, even manually, so that can't be providing the functionality. What I found is that the rshx32_5.dll file seems to be providing it. If I move that file to the Recycle Bin and bring up a Properties dialog, the tab isn't there. And it doesn't make sense anyway, since the tab is available without this package in Safe Mode. There has to be something like a dynamic Registry setting or something like that, so I'm looking for references there. So far, what I've found is that there's a file named rshx32.dll in XP Pro that is registered similarly to what I found in XP Home. Philip Sloss -- Feedback? e-mail: stuff@lupwa.org
	to forum · permalink · · 2003-10-19 23:32:27 ·
psloss Premium join:2002-02-24 Alpharetta, GA	Security tab Registry entries OK, I believe this boils down to a series of Registry keys and entries. I need to take a break so for now, I'll just post the details and come back later. Thanks to the restore point functionality, I was able to restore the config back to the "fresh" XP Home and then install InCtrl5 to do a before and after snapshot; here are the Registry changes that I believe to be relevant: Keys added... HKEY_CLASSES_ROOT\\shellex\PropertySheetHandlers\{1F2E5C40-9550-11CE-99D2-00AA006E086 C} "(Default)"* `Type: REG_SZ` `Data:` HKEY_CLASSES_ROOT\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}\shellex\PropertySheetHa ndlers\{1F2E5C40-9550-11CE-99D2-00AA006E086C} "(Default)" `Type: REG_SZ` `Data:` HKEY_CLASSES_ROOT\Directory\shellex\PropertySheetHandlers\{1F2E5C40-9550-11CE-99D2-00A A006E086C} "(Default)" `Type: REG_SZ` `Data:` HKEY_CLASSES_ROOT\Drive\shellex\PropertySheetHandlers\{1F2E5C40-9550-11CE-99D2-00AA006 E086C} "(Default)" `Type: REG_SZ` `Data:` Values changed... HKEY_CLASSES_ROOT\CLSID\{1F2E5C40-9550-11CE-99D2-00AA006E086C}\InProcServer32 "(Default)" `Old type: REG_SZ` `New type: REG_SZ` `Old data: rshx32.dll` `New data: rshx32_5.dll` This last entry -- the change -- could be bad, since it substitutes the XP version of the functionality (rshx32.dll) with the 1998 version of the functionality (rshx32_5.dll). Anyway, the common link is the GUID "{1F2E5C40-9550-11CE-99D2-00AA006E086C}" and scanning through the setup files from the SCESP4I.EXE package, I found this in the [Strings] section of the setup.inf file: CLSID_RSHX_NTFS={1f2e5c40-9550-11ce-99d2-00aa006e086c} Then looking for "CLSID_RSHX_NTFS" in the file, I found this in the [MMCPostSetupCmdSection] section (with a couple of entries snipped): [MMCreg] HKCR,Clsid\%CLSID_RSHX_NTFS%,,,%DESCRIPTION% HKCR,Clsid\%CLSID_RSHX_NTFS%\InProcServer32,,,%MODULENAME% HKCR,Clsid\%CLSID_RSHX_NTFS%\InProcServer32,"ThreadingModel",,Apartment HKCR,\%SHEXPS%\%CLSID_RSHX_NTFS%,,, HKCR,Drive\%SHEXPS%\%CLSID_RSHX_NTFS%,,, HKCR,Directory\%SHEXPS%\%CLSID_RSHX_NTFS%,,, HKCR,Clsid\%CLSID_BRIEFCASE%\%SHEXPS%\%CLSID_RSHX_NTFS%,,, The first three entries here cover the "Values changed" part of the InCtrl5 report and could probably be skipped, which leaves these entries (I'm repeating them): HKCR,\%SHEXPS%\%CLSID_RSHX_NTFS%,,, HKCR,Drive\%SHEXPS%\%CLSID_RSHX_NTFS%,,, HKCR,Directory\%SHEXPS%\%CLSID_RSHX_NTFS%,,, HKCR,Clsid\%CLSID_BRIEFCASE%\%SHEXPS%\%CLSID_RSHX_NTFS%,,, SHEXPS is from the Strings section: SHEXPS=shellex\PropertySheetHandlers So the Security tab is registered in Property Sheets for three areas: * or all, Drive, and Directory. All very interesting, but now my brain hurts (my brain in my head). So I'm not dead sure, but right now I think the bottom line is that people who install this should fix their Registry so that Explorer uses the XP version of the rshx32.dll. People who want to add the functionality may be able to cobble together a Registry script instead of running this install package. At some point, I'll try to test that. I still have to do an InCtrl5 compare of the Registry between "normal" mode and Safe Mode, but that's where I am right now. Hope that helps somebody, Philip Sloss -- Feedback? e-mail: stuff@lupwa.org
	to forum · permalink · · 2003-10-20 01:03:46 ·
Kramer Premium,Mod join:2000-08-03 Richmond, VA clubs: ·Verizon FIOS ·GoDaddy Hosting Host: Microsoft Help Wireless Security	Nice work Philip! I just hope everyone understands that this GUI will allow one to set permissions for local access, but because XP Home authenticates all network users as guests, things could get very confusing for network access. For instance lets say I give Bill, Mary and Spot full control to folder x and all it's subfolders. That's fine as long as they are working on that computer, but regardless of what the share permissions are set for, those people are not going to access those files unless the guest account or everyone is also included in the permissions (Share permissions too!). With XP Home, all network users either have access to a file or don't have access to a file, there is no in-between. You can't be selective among users. Now, I'm ready for Dave to pounce upon me with a silver hammer.
	to forum · permalink · · 2003-10-20 01:31:00 ·
psloss Premium join:2002-02-24 Alpharetta, GA	said by Kramer : Now, I'm ready for Dave to pounce upon me with a silver hammer. Me, too. Hopefully he can straighten us out. Actually, I'm still looking at this and it's looking like I've got something wrong and am about to come full circle on this. More in a bit, Philip Sloss -- Feedback? e-mail: stuff@lupwa.org
	to forum · permalink · · 2003-10-20 01:46:45 ·
Hall Premium,MVM join:2000-04-28 Dayton, OH ·EarthLink ·AT&T Midwest ·Earthlink Cable Mo..	reply to redxii Re: TIP: Add Folder Security tab to XP Home said by redxii : Does this compromise security by using 5 year old code? Any more so than using "new" code ?? This should be safe, I think. The kernel in XP is simply an updated Win2K kernel, which is supposedly a complete re-write from the NT4 days. This is called a "back port" from Win2K, meaning they took this good feature from Win2K and applied it back to NT4. -- -= Mindspring MaxDSL via Covad 1536/384 TeleSurfer Pro =-
	to forum · permalink · · 2003-10-20 08:56:47 ·


Tuesday, 01-Dec 04:17:07	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com.republican-creole page compression OFF