Protecting Files and Directories
First apply the following using the ACL editor:
| Directory | Permissions |
| \WINNT and all subdirectories under it. | Administrators:
Full Control CREATOR OWNER: Full Control Everyone: Read SYSTEM: Full Control |
Now, apply the rest of the ACLS:
| Directory | Permissions |
| \%systemroot%\SYSTEM32\CONFIG | Administrators:
Full Control CREATOR OWNER: Full Control Everyone: List SYSTEM: Full Control |
| \%systemroot%\SYSTEM32\SPOOL | Administrators:
Full Control CREATOR OWNER: Full Control Everyone: Read Power Users: Change SYSTEM: Full Control |
| \%systemroot%\HOTFIX \%systemroot%\REPAIR |
Administrators:Full Control SYSTEM: Full Control |
| \%systemroot%\COOKIES \%systemroot%\FORMS \%systemroot%\HISTORY \%systemroot%\OCCACHE \%systemroot%\PROFILES \%systemroot%\SENDTO \%systemroot%\Temporary Internet Files |
Administrators:Full Control CREATOR OWNER:Full Control Everyone:Add SYSTEM:Full Control |
Several critical operating system files exist in the root directory of the system partition.
| File | Permissions |
| \Boot.ini, \Ntdetect.com, \Ntldr | Administrators:
Full Control SYSTEM: Full Control |
| \Autoexec.bat, \Config.sys | Everyone:
Read Administrators: Full Control SYSTEM: Full Control |
| \TEMP directory | Administrators:
Full Control SYSTEM: Full Control CREATOR OWNER: Full Control Everyone: Add |
Protecting Page File space (Pagefiles themselves are only managable by the system)
| Page File Partition | Permission |
| {root} | Administrators:
Full Control SYSTEM: Full Control |