Windows Temp folder default NTFS security

Question

What are the default NTFS security settings of the C:\Windows\Temp folder in Windows 7?

score 7 · Accepted Answer · answered Aug 11 '12 at 21:29

SetACL is capable of listing the permissions of C:\Windows\Temp without first changing them. I retrieved the default permissions with the command setacl -on c:\Windows\Temp -ot file -actn list on a freshly installed system and verified on my system:

DACL(protected+auto_inherited):
Users           FILE_ADD_FILE+FILE_ADD_SUBDIRECTORY+FILE_TRAVERSE   allow   container_inherit
Administrators  full   allow   no_inheritance
Administrators  full   allow   container_inherit+object_inherit+inherit_only
SYSTEM          full   allow   no_inheritance
SYSTEM          full   allow   container_inherit+object_inherit+inherit_only
CREATOR-OWNER   full   allow   container_inherit+object_inherit+inherit_only

If you prefer a GUI application, SetACL Studio can list permissions from every part of the system without first changing them like Explorer. This is what C:\Windows\Temp looks like in SetACL Studio:

$SetACL Studio - Permissions on C:\Windows\Temp$

score 0 · Answer 2 · answered Aug 11 '12 at 07:10

0

The following URL shows the Default NTFS Permissions in Windows 2000. It looks like google has not found an update for Windows 7. It is nevertheless a good starting point to see the NTFS Security settings for many standard directories like %Systemroot%\Temp.

answered Aug 11 '12 at 07:10

mox

6,084
2
23
35

1

I fear this is indeed outdated however. I need the Windows 7 version of this article. Here it shows for example that the maker and administrators have full control but they don't have this anymore in Windows 7... – IvanL Aug 11 '12 at 09:18
I know! If you find a new version of this article, please post it here, thanks. – mox Aug 11 '12 at 10:02

score -2 · Answer 3 · answered Aug 11 '12 at 07:11

Does it really matter? You aren't supposed to be hardcoding paths in your code anyway. What if that's not where I keep my temp folder, or that's not the name of my Windows directory, or I didn't install Windows on drive C? Does your application still work? Uh-oh.

Instead, call the GetTempPath function, which will return the path of the directory designed for storage of temporary files in the current environment. You can assume that you'll have all of the necessary read/write privileges in the directory that is returned.

If, as one might judge from some of your previous questions, you're writing code for the .NET Framework, this is all nicely wrapped up in the System.IO.Path.GetTempPath function.

It matters because by default I noticed that a user doesn't have access to this path. And while I was trying to figure the settings out to see what's special about them I got a prompt that overred the settings to give me access... Go try and open the Temp path on your machine. I'd like to restore these settings back to the way they were since I assume this was done for certain security reasons. — IvanL, Aug 11 '12 at 09:15

Windows Temp folder default NTFS security

3 Answers3