DonationCoder.com Software > Post New Requests Here
Patch to Disable ACL access-control-lists
mraeryceos:
I am trying to figure out what you are trying to do is it so you can delete files or are you sick of the annoying popups.
depends on what you are trying to do you may not need to disable acl.
-dreamfuture
--- End quote ---
Ideally, the system efficiency would be improved because ACL does not exist in the registry or file system. However, I would be willing to accept something that automatically does takeown and grants permission anytime you are denied access. For the file system, Unlocker works most of the time... I keep it in the send-to context menu. Perhaps something for the registry as well?
dreamfuture:
well I have had no problems with ACL but sometimes I have not been able to erase files because programs call it important but that is rare. SO I have a solution that will allow you to get rid on specific files. I saw you on freelancer.com
what are trying to do is stop a big part of NTFS itself.
you can use programs to modify NTFS permissions.
I have one you can use if you want.
mraeryceos:
Yes, there are programs that do this. I could even do it myself by having SetACL in the right-click context menu for all files. I suppose I could even find some registry editing program that would have a command in the context menu to takeown+grant. However, disabling ACL lookups by the system would be better.
f0dder:
Ideally, the system efficiency would be improved because ACL does not exist in the registry or file system.-mraeryceos (May 23, 2013, 12:41 AM)
--- End quote ---
I doubt you'd br able to measure any performance difference, as a lot of care has gone into optimizing & caching the ACL checks. And you wouldn't be able to get rid of the structures without some very heavy system modifications; patching AccessCheck() should be doable, though.
mraeryceos:
I don't know if disabling ACL is possible. It may be, but I don't have a clue how to do it. I have thought of a work-around, that doesn't disable ACL, but makes everyone a ROOT user, sort of.
The best way I can think to do this, is to follow the path of WinPE, where the only account that is functional is SYSTEM. So in the installer for Windows (the DVD or the USB key), you would change all references of TrustedInstaller (and it's SID), to that of SYSTEM.
I don't know how you would keep the ability to have multiple users, since I think there can only be one SYSTEM account (unlike the Administrator's "group"). Maybe by changing all references to TrustedInstaller and SYSTEM to a unique member of the administrator's group? I don't know if this would work though... it would have to be very thorough.
I don't think you could change all users to TrustedInstaller, because I'm not sure that TrustedInstaller is an actual user. It is a "security principal", whatever that means, and I don't think it has a user profile (SYSTEM has registry hives in system32\config, and I don't know if TrustedInstaller does).
ps. IMO, FAT32 is a more elegant (because of it's simplicity), and faster file-system than ntfs for smaller partitions (8GB and less). I wish to state this, and not argue this with dictator mentalities, that are unwilling to look up info for themselves, and would likely refute hard data if put in their hands.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version