Defect in Windows File Protection?

Toggle sidebar Toggle sidebar
T

Tony

Distinguished
Aug 5, 2001
1,944
0
19,780
Archived from groups: microsoft.public.windowsxp.configuration_manage (More info?)

I have evidence to suggest that the file notepad.exe is not protected by
Windows File Protection (WFP) in the system32 directory on Windows XP. If
you move notepad.exe out of the system32 directory into a temporary
directory, WFP does not restore it from dllcache. It is protected in the
WINDOWS directory, however. On Windows 2000, notepad.exe is protected in
both the system32 and the WINNT directories. Does anyone know whether this
is a known defect in WFP on Windows XP, or was it intentional that
notepad.exe should not be protected in the system32 directory?
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.configuration_manage (More info?)

Tony wrote:
> I have evidence to suggest that the file notepad.exe is not protected by
> Windows File Protection (WFP) in the system32 directory on Windows XP. If
> you move notepad.exe out of the system32 directory into a temporary
> directory, WFP does not restore it from dllcache. It is protected in the
> WINDOWS directory, however. On Windows 2000, notepad.exe is protected in
> both the system32 and the WINNT directories. Does anyone know whether this
> is a known defect in WFP on Windows XP, or was it intentional that
> notepad.exe should not be protected in the system32 directory?
>
>
Start with http://support.microsoft.com/?kbid=222193 for more
information about WFP. I briefly rescanned this article but didn't find
anything specific about notepad.exe, but I wouldn't be surprised if you
are right. There are a number of notepad.exe replacements from the
shareware community that wouldn't work if notepad.exe was protected.

--
Kent W. England, Microsoft MVP for Windows Security
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.configuration_manage (More info?)

Windows is the one file protection protects.


--
----------------------------------------------------------
'Not happy John! Defending our democracy',
http://www.smh.com.au/articles/2004/06/29/1088392635123.html

"Tony" <anonymous@discussions.microsoft.com> wrote in message news:%23OlIXV0YEHA.996@TK2MSFTNGP12.phx.gbl...
> I have evidence to suggest that the file notepad.exe is not protected by
> Windows File Protection (WFP) in the system32 directory on Windows XP. If
> you move notepad.exe out of the system32 directory into a temporary
> directory, WFP does not restore it from dllcache. It is protected in the
> WINDOWS directory, however. On Windows 2000, notepad.exe is protected in
> both the system32 and the WINNT directories. Does anyone know whether this
> is a known defect in WFP on Windows XP, or was it intentional that
> notepad.exe should not be protected in the system32 directory?
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.configuration_manage (More info?)

??????

David...just what was is you *meant* to say...'cause your post makes
absolutely no sense!!!

Bobby

"David Candy" <david@mvps.org> wrote in message
news:OnRrVI2YEHA.2500@TK2MSFTNGP09.phx.gbl...
Windows is the one file protection protects.


--
----------------------------------------------------------
'Not happy John! Defending our democracy',
http://www.smh.com.au/articles/2004/06/29/1088392635123.html

"Tony" <anonymous@discussions.microsoft.com> wrote in message
news:%23OlIXV0YEHA.996@TK2MSFTNGP12.phx.gbl...
> I have evidence to suggest that the file notepad.exe is not protected by
> Windows File Protection (WFP) in the system32 directory on Windows XP. If
> you move notepad.exe out of the system32 directory into a temporary
> directory, WFP does not restore it from dllcache. It is protected in the
> WINDOWS directory, however. On Windows 2000, notepad.exe is protected in
> both the system32 and the WINNT directories. Does anyone know whether
> this
> is a known defect in WFP on Windows XP, or was it intentional that
> notepad.exe should not be protected in the system32 directory?
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.configuration_manage (More info?)

My program that I've posted here before asks windows what is it protecting. I'm just confirming Windows is protected and system32 isn't. The poster suspects this by experimentally testing it. I'm just giving an official answer from Windows itself.

--
----------------------------------------------------------
'Not happy John! Defending our democracy',
http://www.smh.com.au/articles/2004/06/29/1088392635123.html

"NoNoBadDog!" <mysocks_bjsledge_AT_pixi.com> wrote in message news:OKYytx5YEHA.2520@TK2MSFTNGP12.phx.gbl...
> ??????
>
> David...just what was is you *meant* to say...'cause your post makes
> absolutely no sense!!!
>
> Bobby
>
> "David Candy" <david@mvps.org> wrote in message
> news:OnRrVI2YEHA.2500@TK2MSFTNGP09.phx.gbl...
> Windows is the one file protection protects.
>
>
> --
> ----------------------------------------------------------
> 'Not happy John! Defending our democracy',
> http://www.smh.com.au/articles/2004/06/29/1088392635123.html
>
> "Tony" <anonymous@discussions.microsoft.com> wrote in message
> news:%23OlIXV0YEHA.996@TK2MSFTNGP12.phx.gbl...
> > I have evidence to suggest that the file notepad.exe is not protected by
> > Windows File Protection (WFP) in the system32 directory on Windows XP. If
> > you move notepad.exe out of the system32 directory into a temporary
> > directory, WFP does not restore it from dllcache. It is protected in the
> > WINDOWS directory, however. On Windows 2000, notepad.exe is protected in
> > both the system32 and the WINNT directories. Does anyone know whether
> > this
> > is a known defect in WFP on Windows XP, or was it intentional that
> > notepad.exe should not be protected in the system32 directory?
> >
> >
>
>
 
T

Tony

Distinguished
Aug 5, 2001
1,944
0
19,780
Archived from groups: microsoft.public.windowsxp.configuration_manage (More info?)

Are you implying that all files in system32 are not protected, or only
notepad.exe in system32 is not protected? Because, on my Windows XP system,
some files in system32 are certainly protected - actres.dll, for example.

"David Candy" <david@mvps.org> wrote in message
news:O%23WU835YEHA.3844@TK2MSFTNGP10.phx.gbl...
My program that I've posted here before asks windows what is it protecting.
I'm just confirming Windows is protected and system32 isn't. The poster
suspects this by experimentally testing it. I'm just giving an official
answer from Windows itself.

--
----------------------------------------------------------
'Not happy John! Defending our democracy',
http://www.smh.com.au/articles/2004/06/29/1088392635123.html

"NoNoBadDog!" <mysocks_bjsledge_AT_pixi.com> wrote in message
news:OKYytx5YEHA.2520@TK2MSFTNGP12.phx.gbl...
> ??????
>
> David...just what was is you *meant* to say...'cause your post makes
> absolutely no sense!!!
>
> Bobby
>
> "David Candy" <david@mvps.org> wrote in message
> news:OnRrVI2YEHA.2500@TK2MSFTNGP09.phx.gbl...
> Windows is the one file protection protects.
>
>
> --
> ----------------------------------------------------------
> 'Not happy John! Defending our democracy',
> http://www.smh.com.au/articles/2004/06/29/1088392635123.html
>
> "Tony" <anonymous@discussions.microsoft.com> wrote in message
> news:%23OlIXV0YEHA.996@TK2MSFTNGP12.phx.gbl...
> > I have evidence to suggest that the file notepad.exe is not protected by
> > Windows File Protection (WFP) in the system32 directory on Windows XP.
If
> > you move notepad.exe out of the system32 directory into a temporary
> > directory, WFP does not restore it from dllcache. It is protected in
the
> > WINDOWS directory, however. On Windows 2000, notepad.exe is protected
in
> > both the system32 and the WINNT directories. Does anyone know whether
> > this
> > is a known defect in WFP on Windows XP, or was it intentional that
> > notepad.exe should not be protected in the system32 directory?
> >
> >
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.configuration_manage (More info?)

Hello,
Tony is correct. Notepad is missing from the list of protected files under
system32.
If a file is protected it is protected at it's installed location, since
notepad is installed to two locations it should be protected at both
locations, currently it is only protected at the \windows folder not the
\windows\system32 folder.
This will be addressed in service pack two for Windows XP.
Thanks,
Darrell Gorter[MSFT]

This posting is provided "AS IS" with no warranties, and confers no rights
--------------------
>From: "David Candy" <david@mvps.org>
>References: <#OlIXV0YEHA.996@TK2MSFTNGP12.phx.gbl>
<OnRrVI2YEHA.2500@TK2MSFTNGP09.phx.gbl>
<OKYytx5YEHA.2520@TK2MSFTNGP12.phx.gbl>
<O#WU835YEHA.3844@TK2MSFTNGP10.phx.gbl>
<u9wMO6AZEHA.4092@TK2MSFTNGP11.phx.gbl>
>Subject: Re: Defect in Windows File Protection?
>Date: Wed, 7 Jul 2004 21:01:43 +1000
>Lines: 484
>MIME-Version: 1.0
>Content-Type: multipart/mixed;
> boundary="----=_NextPart_000_0032_01C46465.9BAB0F10"
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
>X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
>Message-ID: <O9leNHBZEHA.2388@TK2MSFTNGP11.phx.gbl>
>Newsgroups: microsoft.public.windowsxp.configuration_manage
>NNTP-Posting-Host: 203.57.45.188.tnt02.syd.pyr.oktiv.net 203.57.45.188
>Path:
cpmsftngxa06.phx.gbl!TK2MSFTNGXS01.phx.gbl!TK2MSFTNGXA05.phx.gbl!TK2MSFTNGP0
8.phx.gbl!TK2MSFTNGP11.phx.gbl
>Xref: cpmsftngxa06.phx.gbl
microsoft.public.windowsxp.configuration_manage:25897
>X-Tomcat-NG: microsoft.public.windowsxp.configuration_manage
>
>Here's the program. You'll need to use a newsreader to see it.
>Public Const MAX_PATH = 260
>Type PROTECTED_FILE_DATA
> FileName((MAX_PATH - 1) * 2) As Byte
> FileNumber As Long
>End Type
>Declare Function SfcGetNextProtectedFile Lib "sfc" (ByVal RpcHandle As
Long, ProtFileData As PROTECTED_FILE_DATA) As Long
>Public Declare Function GetLastError Lib "kernel32" () As Long
>Sub Main()
>Dim udtProtectedFileData As PROTECTED_FILE_DATA
>udtProtectedFileData.FileNumber = 0
>Count = 1
>With Form1.List1
> Do Until SfcGetNextProtectedFile(0, udtProtectedFileData) = 0
> .AddItem udtProtectedFileData.FileName
> Count = Count + 1
> Loop
> n = Err.LastD1llError()
> If n = 18 Then
> .AddItem "All files listed without error"
> Else
> .AddItem "Error Code is " & n
> End If
> .AddItem Count & " Total Files"
>End With
>End Sub
>--
>----------------------------------------------------------
>'Not happy John! Defending our democracy',
>http://www.smh.com.au/articles/2004/06/29/1088392635123.html
>"Tony" <anonymous@discussions.microsoft.com> wrote in message
news:u9wMO6AZEHA.4092@TK2MSFTNGP11.phx.gbl...
>> Are you implying that all files in system32 are not protected, or only
>> notepad.exe in system32 is not protected? Because, on my Windows XP
system,
>> some files in system32 are certainly protected - actres.dll, for example.
>>
>> "David Candy" <david@mvps.org> wrote in message
>> news:O%23WU835YEHA.3844@TK2MSFTNGP10.phx.gbl...
>> My program that I've posted here before asks windows what is it
protecting.
>> I'm just confirming Windows is protected and system32 isn't. The poster
>> suspects this by experimentally testing it. I'm just giving an official
>> answer from Windows itself.
>>
>> --
>> ----------------------------------------------------------
>> 'Not happy John! Defending our democracy',
>> http://www.smh.com.au/articles/2004/06/29/1088392635123.html
>>
>> "NoNoBadDog!" <mysocks_bjsledge_AT_pixi.com> wrote in message
>> news:OKYytx5YEHA.2520@TK2MSFTNGP12.phx.gbl...
>> > ??????
>> >
>> > David...just what was is you *meant* to say...'cause your post makes
>> > absolutely no sense!!!
>> >
>> > Bobby
>> >
>> > "David Candy" <david@mvps.org> wrote in message
>> > news:OnRrVI2YEHA.2500@TK2MSFTNGP09.phx.gbl...
>> > Windows is the one file protection protects.
>> >
>> >
>> > --
>> > ----------------------------------------------------------
>> > 'Not happy John! Defending our democracy',
>> > http://www.smh.com.au/articles/2004/06/29/1088392635123.html
>> >
>> > "Tony" <anonymous@discussions.microsoft.com> wrote in message
>> > news:%23OlIXV0YEHA.996@TK2MSFTNGP12.phx.gbl...
>> > > I have evidence to suggest that the file notepad.exe is not
protected by
>> > > Windows File Protection (WFP) in the system32 directory on Windows
XP.
>> If
>> > > you move notepad.exe out of the system32 directory into a temporary
>> > > directory, WFP does not restore it from dllcache. It is protected in
>> the
>> > > WINDOWS directory, however. On Windows 2000, notepad.exe is
protected
>> in
>> > > both the system32 and the WINNT directories. Does anyone know
whether
>> > > this
>> > > is a known defect in WFP on Windows XP, or was it intentional that
>> > > notepad.exe should not be protected in the system32 directory?
>> > >
>> > >
>> >
>> >
>>
>>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.configuration_manage (More info?)

Hello David,
Wow what did I do to provoke this response.
I did read the entire thread a couple of times.
I confirmed Tony's post and stated that it would be addressed in Service
Pack 2.
So yes the file should have been protected in both places but it wasn't.
The fact that it is being addressed in service pack 2 answers Tony's
question:
> Does anyone know whether thisis a known defect in WFP on Windows XP, or
was it intentional that
> notepad.exe should not be protected in the system32 directory?
Thanks,
Darrell Gorter[MSFT]

This posting is provided "AS IS" with no warranties, and confers no rights
--------------------
>From: "David Candy" <david@mvps.org>
>References: <#OlIXV0YEHA.996@TK2MSFTNGP12.phx.gbl>
<OnRrVI2YEHA.2500@TK2MSFTNGP09.phx.gbl>
<OKYytx5YEHA.2520@TK2MSFTNGP12.phx.gbl>
<O#WU835YEHA.3844@TK2MSFTNGP10.phx.gbl>
<u9wMO6AZEHA.4092@TK2MSFTNGP11.phx.gbl>
<O9leNHBZEHA.2388@TK2MSFTNGP11.phx.gbl>
<khKlOPRZEHA.600@cpmsftngxa06.phx.gbl>
>Subject: Re: Defect in Windows File Protection?
>Date: Fri, 9 Jul 2004 04:03:07 +1000
>Lines: 419
>MIME-Version: 1.0
>Content-Type: multipart/alternative;
> boundary="----=_NextPart_000_053E_01C46569.A4829810"
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
>Message-ID: <O6UVXXRZEHA.2944@TK2MSFTNGP11.phx.gbl>
>Newsgroups: microsoft.public.windowsxp.configuration_manage
>NNTP-Posting-Host: 203.57.44.193.tnt01.syd.pyr.oktiv.net 203.57.44.193
>Path:
cpmsftngxa06.phx.gbl!TK2MSFTNGXS01.phx.gbl!TK2MSFTNGXA05.phx.gbl!TK2MSFTNGP0
8.phx.gbl!TK2MSFTNGP11.phx.gbl
>Xref: cpmsftngxa06.phx.gbl
microsoft.public.windowsxp.configuration_manage:25954
>X-Tomcat-NG: microsoft.public.windowsxp.configuration_manage
>
>Correct about what dickhead? Should try reading.
> My program that I've posted here before asks windows what is it
protecting. I'm just confirming Windows is protected and system32 isn't.
The poster suspects this by experimentally testing it. I'm just giving an
official answer from Windows itself.
>So perhaps you shouldn't post here in future as you are too stupid.
>--
>----------------------------------------------------------
>'Not happy John! Defending our democracy',
>http://www.smh.com.au/articles/2004/06/29/1088392635123.html
>""Darrell Gorter[MSFT]"" <Darrellg@online.microsoft.com> wrote in message
news:khKlOPRZEHA.600@cpmsftngxa06.phx.gbl...
>> Hello,
>> Tony is correct. Notepad is missing from the list of protected files
under
>> system32.
>> If a file is protected it is protected at it's installed location, since
>> notepad is installed to two locations it should be protected at both
>> locations, currently it is only protected at the \windows folder not the
>> \windows\system32 folder.
>> This will be addressed in service pack two for Windows XP.
>> Thanks,
>> Darrell Gorter[MSFT]
>>
>> This posting is provided "AS IS" with no warranties, and confers no
rights
>> --------------------
>> >From: "David Candy" <david@mvps.org>
>> >References: <#OlIXV0YEHA.996@TK2MSFTNGP12.phx.gbl>
>> <OnRrVI2YEHA.2500@TK2MSFTNGP09.phx.gbl>
>> <OKYytx5YEHA.2520@TK2MSFTNGP12.phx.gbl>
>> <O#WU835YEHA.3844@TK2MSFTNGP10.phx.gbl>
>> <u9wMO6AZEHA.4092@TK2MSFTNGP11.phx.gbl>
>> >Subject: Re: Defect in Windows File Protection?
>> >Date: Wed, 7 Jul 2004 21:01:43 +1000
>> >Lines: 484
>> >MIME-Version: 1.0
>> >Content-Type: multipart/mixed;
>> > boundary="----=_NextPart_000_0032_01C46465.9BAB0F10"
>> >X-Priority: 3
>> >X-MSMail-Priority: Normal
>> >X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
>> >X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
>> >Message-ID: <O9leNHBZEHA.2388@TK2MSFTNGP11.phx.gbl>
>> >Newsgroups: microsoft.public.windowsxp.configuration_manage
>> >NNTP-Posting-Host: 203.57.45.188.tnt02.syd.pyr.oktiv.net 203.57.45.188
>> >Path:
>>
cpmsftngxa06.phx.gbl!TK2MSFTNGXS01.phx.gbl!TK2MSFTNGXA05.phx.gbl!TK2MSFTNGP0
>> 8.phx.gbl!TK2MSFTNGP11.phx.gbl
>> >Xref: cpmsftngxa06.phx.gbl
>> microsoft.public.windowsxp.configuration_manage:25897
>> >X-Tomcat-NG: microsoft.public.windowsxp.configuration_manage
>> >
>> >Here's the program. You'll need to use a newsreader to see it.
>> >Public Const MAX_PATH = 260
>> >Type PROTECTED_FILE_DATA
>> > FileName((MAX_PATH - 1) * 2) As Byte
>> > FileNumber As Long
>> >End Type
>> >Declare Function SfcGetNextProtectedFile Lib "sfc" (ByVal RpcHandle As
>> Long, ProtFileData As PROTECTED_FILE_DATA) As Long
>> >Public Declare Function GetLastError Lib "kernel32" () As Long
>> >Sub Main()
>> >Dim udtProtectedFileData As PROTECTED_FILE_DATA
>> >udtProtectedFileData.FileNumber = 0
>> >Count = 1
>> >With Form1.List1
>> > Do Until SfcGetNextProtectedFile(0, udtProtectedFileData) = 0
>> > .AddItem udtProtectedFileData.FileName
>> > Count = Count + 1
>> > Loop
>> > n = Err.LastD1llError()
>> > If n = 18 Then
>> > .AddItem "All files listed without error"
>> > Else
>> > .AddItem "Error Code is " & n
>> > End If
>> > .AddItem Count & " Total Files"
>> >End With
>> >End Sub
>> >--
>> >----------------------------------------------------------
>> >'Not happy John! Defending our democracy',
>> >http://www.smh.com.au/articles/2004/06/29/1088392635123.html
>> >"Tony" <anonymous@discussions.microsoft.com> wrote in message
>> news:u9wMO6AZEHA.4092@TK2MSFTNGP11.phx.gbl...
>> >> Are you implying that all files in system32 are not protected, or only
>> >> notepad.exe in system32 is not protected? Because, on my Windows XP
>> system,
>> >> some files in system32 are certainly protected - actres.dll, for
example.
>> >>
>> >> "David Candy" <david@mvps.org> wrote in message
>> >> news:O%23WU835YEHA.3844@TK2MSFTNGP10.phx.gbl...
>> >> My program that I've posted here before asks windows what is it
>> protecting.
>> >> I'm just confirming Windows is protected and system32 isn't. The
poster
>> >> suspects this by experimentally testing it. I'm just giving an
official
>> >> answer from Windows itself.
>> >>
>> >> --
>> >> ----------------------------------------------------------
>> >> 'Not happy John! Defending our democracy',
>> >> http://www.smh.com.au/articles/2004/06/29/1088392635123.html
>> >>
>> >> "NoNoBadDog!" <mysocks_bjsledge_AT_pixi.com> wrote in message
>> >> news:OKYytx5YEHA.2520@TK2MSFTNGP12.phx.gbl...
>> >> > ??????
>> >> >
>> >> > David...just what was is you *meant* to say...'cause your post makes
>> >> > absolutely no sense!!!
>> >> >
>> >> > Bobby
>> >> >
>> >> > "David Candy" <david@mvps.org> wrote in message
>> >> > news:OnRrVI2YEHA.2500@TK2MSFTNGP09.phx.gbl...
>> >> > Windows is the one file protection protects.
>> >> >
>> >> >
>> >> > --
>> >> > ----------------------------------------------------------
>> >> > 'Not happy John! Defending our democracy',
>> >> > http://www.smh.com.au/articles/2004/06/29/1088392635123.html
>> >> >
>> >> > "Tony" <anonymous@discussions.microsoft.com> wrote in message
>> >> > news:%23OlIXV0YEHA.996@TK2MSFTNGP12.phx.gbl...
>> >> > > I have evidence to suggest that the file notepad.exe is not
>> protected by
>> >> > > Windows File Protection (WFP) in the system32 directory on
Windows
>> XP.
>> >> If
>> >> > > you move notepad.exe out of the system32 directory into a
temporary
>> >> > > directory, WFP does not restore it from dllcache. It is
protected in
>> >> the
>> >> > > WINDOWS directory, however. On Windows 2000, notepad.exe is
>> protected
>> >> in
>> >> > > both the system32 and the WINNT directories. Does anyone know
>> whether
>> >> > > this
>> >> > > is a known defect in WFP on Windows XP, or was it intentional that
>> >> > > notepad.exe should not be protected in the system32 directory?
>> >> > >
>> >> > >
>> >> >
>> >> >
>> >>
>> >>
>> >
>>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.configuration_manage (More info?)

You replied to me saying Toby is correct implying I'm not. But I've said the same as toby.

--
----------------------------------------------------------
'Not happy John! Defending our democracy',
http://www.smh.com.au/articles/2004/06/29/1088392635123.html

""Darrell Gorter[MSFT]"" <Darrellg@online.microsoft.com> wrote in message news:w7qLaHgZEHA.228@cpmsftngxa06.phx.gbl...
> Hello David,
> Wow what did I do to provoke this response.
> I did read the entire thread a couple of times.
> I confirmed Tony's post and stated that it would be addressed in Service
> Pack 2.
> So yes the file should have been protected in both places but it wasn't.
> The fact that it is being addressed in service pack 2 answers Tony's
> question:
> > Does anyone know whether thisis a known defect in WFP on Windows XP, or
> was it intentional that
> > notepad.exe should not be protected in the system32 directory?
> Thanks,
> Darrell Gorter[MSFT]
>
> This posting is provided "AS IS" with no warranties, and confers no rights
> --------------------
> >From: "David Candy" <david@mvps.org>
> >References: <#OlIXV0YEHA.996@TK2MSFTNGP12.phx.gbl>
> <OnRrVI2YEHA.2500@TK2MSFTNGP09.phx.gbl>
> <OKYytx5YEHA.2520@TK2MSFTNGP12.phx.gbl>
> <O#WU835YEHA.3844@TK2MSFTNGP10.phx.gbl>
> <u9wMO6AZEHA.4092@TK2MSFTNGP11.phx.gbl>
> <O9leNHBZEHA.2388@TK2MSFTNGP11.phx.gbl>
> <khKlOPRZEHA.600@cpmsftngxa06.phx.gbl>
> >Subject: Re: Defect in Windows File Protection?
> >Date: Fri, 9 Jul 2004 04:03:07 +1000
> >Lines: 419
> >MIME-Version: 1.0
> >Content-Type: multipart/alternative;
> > boundary="----=_NextPart_000_053E_01C46569.A4829810"
> >X-Priority: 3
> >X-MSMail-Priority: Normal
> >X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
> >Message-ID: <O6UVXXRZEHA.2944@TK2MSFTNGP11.phx.gbl>
> >Newsgroups: microsoft.public.windowsxp.configuration_manage
> >NNTP-Posting-Host: 203.57.44.193.tnt01.syd.pyr.oktiv.net 203.57.44.193
> >Path:
> cpmsftngxa06.phx.gbl!TK2MSFTNGXS01.phx.gbl!TK2MSFTNGXA05.phx.gbl!TK2MSFTNGP0
> 8.phx.gbl!TK2MSFTNGP11.phx.gbl
> >Xref: cpmsftngxa06.phx.gbl
> microsoft.public.windowsxp.configuration_manage:25954
> >X-Tomcat-NG: microsoft.public.windowsxp.configuration_manage
> >
> >Correct about what dickhead? Should try reading.
> > My program that I've posted here before asks windows what is it
> protecting. I'm just confirming Windows is protected and system32 isn't.
> The poster suspects this by experimentally testing it. I'm just giving an
> official answer from Windows itself.
> >So perhaps you shouldn't post here in future as you are too stupid.
> >--
> >----------------------------------------------------------
> >'Not happy John! Defending our democracy',
> >http://www.smh.com.au/articles/2004/06/29/1088392635123.html
> >""Darrell Gorter[MSFT]"" <Darrellg@online.microsoft.com> wrote in message
> news:khKlOPRZEHA.600@cpmsftngxa06.phx.gbl...
> >> Hello,
> >> Tony is correct. Notepad is missing from the list of protected files
> under
> >> system32.
> >> If a file is protected it is protected at it's installed location, since
> >> notepad is installed to two locations it should be protected at both
> >> locations, currently it is only protected at the \windows folder not the
> >> \windows\system32 folder.
> >> This will be addressed in service pack two for Windows XP.
> >> Thanks,
> >> Darrell Gorter[MSFT]
> >>
> >> This posting is provided "AS IS" with no warranties, and confers no
> rights
> >> --------------------
> >> >From: "David Candy" <david@mvps.org>
> >> >References: <#OlIXV0YEHA.996@TK2MSFTNGP12.phx.gbl>
> >> <OnRrVI2YEHA.2500@TK2MSFTNGP09.phx.gbl>
> >> <OKYytx5YEHA.2520@TK2MSFTNGP12.phx.gbl>
> >> <O#WU835YEHA.3844@TK2MSFTNGP10.phx.gbl>
> >> <u9wMO6AZEHA.4092@TK2MSFTNGP11.phx.gbl>
> >> >Subject: Re: Defect in Windows File Protection?
> >> >Date: Wed, 7 Jul 2004 21:01:43 +1000
> >> >Lines: 484
> >> >MIME-Version: 1.0
> >> >Content-Type: multipart/mixed;
> >> > boundary="----=_NextPart_000_0032_01C46465.9BAB0F10"
> >> >X-Priority: 3
> >> >X-MSMail-Priority: Normal
> >> >X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
> >> >X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
> >> >Message-ID: <O9leNHBZEHA.2388@TK2MSFTNGP11.phx.gbl>
> >> >Newsgroups: microsoft.public.windowsxp.configuration_manage
> >> >NNTP-Posting-Host: 203.57.45.188.tnt02.syd.pyr.oktiv.net 203.57.45.188
> >> >Path:
> >>
> cpmsftngxa06.phx.gbl!TK2MSFTNGXS01.phx.gbl!TK2MSFTNGXA05.phx.gbl!TK2MSFTNGP0
> >> 8.phx.gbl!TK2MSFTNGP11.phx.gbl
> >> >Xref: cpmsftngxa06.phx.gbl
> >> microsoft.public.windowsxp.configuration_manage:25897
> >> >X-Tomcat-NG: microsoft.public.windowsxp.configuration_manage
> >> >
> >> >Here's the program. You'll need to use a newsreader to see it.
> >> >Public Const MAX_PATH = 260
> >> >Type PROTECTED_FILE_DATA
> >> > FileName((MAX_PATH - 1) * 2) As Byte
> >> > FileNumber As Long
> >> >End Type
> >> >Declare Function SfcGetNextProtectedFile Lib "sfc" (ByVal RpcHandle As
> >> Long, ProtFileData As PROTECTED_FILE_DATA) As Long
> >> >Public Declare Function GetLastError Lib "kernel32" () As Long
> >> >Sub Main()
> >> >Dim udtProtectedFileData As PROTECTED_FILE_DATA
> >> >udtProtectedFileData.FileNumber = 0
> >> >Count = 1
> >> >With Form1.List1
> >> > Do Until SfcGetNextProtectedFile(0, udtProtectedFileData) = 0
> >> > .AddItem udtProtectedFileData.FileName
> >> > Count = Count + 1
> >> > Loop
> >> > n = Err.LastD1llError()
> >> > If n = 18 Then
> >> > .AddItem "All files listed without error"
> >> > Else
> >> > .AddItem "Error Code is " & n
> >> > End If
> >> > .AddItem Count & " Total Files"
> >> >End With
> >> >End Sub
> >> >--
> >> >----------------------------------------------------------
> >> >'Not happy John! Defending our democracy',
> >> >http://www.smh.com.au/articles/2004/06/29/1088392635123.html
> >> >"Tony" <anonymous@discussions.microsoft.com> wrote in message
> >> news:u9wMO6AZEHA.4092@TK2MSFTNGP11.phx.gbl...
> >> >> Are you implying that all files in system32 are not protected, or only
> >> >> notepad.exe in system32 is not protected? Because, on my Windows XP
> >> system,
> >> >> some files in system32 are certainly protected - actres.dll, for
> example.
> >> >>
> >> >> "David Candy" <david@mvps.org> wrote in message
> >> >> news:O%23WU835YEHA.3844@TK2MSFTNGP10.phx.gbl...
> >> >> My program that I've posted here before asks windows what is it
> >> protecting.
> >> >> I'm just confirming Windows is protected and system32 isn't. The
> poster
> >> >> suspects this by experimentally testing it. I'm just giving an
> official
> >> >> answer from Windows itself.
> >> >>
> >> >> --
> >> >> ----------------------------------------------------------
> >> >> 'Not happy John! Defending our democracy',
> >> >> http://www.smh.com.au/articles/2004/06/29/1088392635123.html
> >> >>
> >> >> "NoNoBadDog!" <mysocks_bjsledge_AT_pixi.com> wrote in message
> >> >> news:OKYytx5YEHA.2520@TK2MSFTNGP12.phx.gbl...
> >> >> > ??????
> >> >> >
> >> >> > David...just what was is you *meant* to say...'cause your post makes
> >> >> > absolutely no sense!!!
> >> >> >
> >> >> > Bobby
> >> >> >
> >> >> > "David Candy" <david@mvps.org> wrote in message
> >> >> > news:OnRrVI2YEHA.2500@TK2MSFTNGP09.phx.gbl...
> >> >> > Windows is the one file protection protects.
> >> >> >
> >> >> >
> >> >> > --
> >> >> > ----------------------------------------------------------
> >> >> > 'Not happy John! Defending our democracy',
> >> >> > http://www.smh.com.au/articles/2004/06/29/1088392635123.html
> >> >> >
> >> >> > "Tony" <anonymous@discussions.microsoft.com> wrote in message
> >> >> > news:%23OlIXV0YEHA.996@TK2MSFTNGP12.phx.gbl...
> >> >> > > I have evidence to suggest that the file notepad.exe is not
> >> protected by
> >> >> > > Windows File Protection (WFP) in the system32 directory on
> Windows
> >> XP.
> >> >> If
> >> >> > > you move notepad.exe out of the system32 directory into a
> temporary
> >> >> > > directory, WFP does not restore it from dllcache. It is
> protected in
> >> >> the
> >> >> > > WINDOWS directory, however. On Windows 2000, notepad.exe is
> >> protected
> >> >> in
> >> >> > > both the system32 and the WINNT directories. Does anyone know
> >> whether
> >> >> > > this
> >> >> > > is a known defect in WFP on Windows XP, or was it intentional that
> >> >> > > notepad.exe should not be protected in the system32 directory?
> >> >> > >
> >> >> > >
> >> >> >
> >> >> >
> >> >>
> >> >>
> >> >
> >>
> >
>
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.configuration_manage (More info?)

Hello David,
I only replied to last thread in the message, I was in no way meaning to
imply that you were not correct.
Toby was the person asking the questions which is why the response was
directed back at him.
Thanks,
Darrell Gorter[MSFT]

This posting is provided "AS IS" with no warranties, and confers no rights
--------------------
>From: "David Candy" <david@mvps.org>
>References: <#OlIXV0YEHA.996@TK2MSFTNGP12.phx.gbl>
<OnRrVI2YEHA.2500@TK2MSFTNGP09.phx.gbl>
<OKYytx5YEHA.2520@TK2MSFTNGP12.phx.gbl>
<O#WU835YEHA.3844@TK2MSFTNGP10.phx.gbl>
<u9wMO6AZEHA.4092@TK2MSFTNGP11.phx.gbl>
<O9leNHBZEHA.2388@TK2MSFTNGP11.phx.gbl>
<khKlOPRZEHA.600@cpmsftngxa06.phx.gbl>
<O6UVXXRZEHA.2944@TK2MSFTNGP11.phx.gbl>
<w7qLaHgZEHA.228@cpmsftngxa06.phx.gbl>
>Subject: Re: Defect in Windows File Protection?
>Date: Sat, 10 Jul 2004 12:52:57 +1000
>Lines: 241
>MIME-Version: 1.0
>Content-Type: text/plain;
> charset="Windows-1252"
>Content-Transfer-Encoding: quoted-printable
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
>Message-ID: <O7uwGkiZEHA.3564@TK2MSFTNGP11.phx.gbl>
>Newsgroups: microsoft.public.windowsxp.configuration_manage
>NNTP-Posting-Host: 203.57.45.211.tnt02.syd.pyr.oktiv.net 203.57.45.211
>Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP11.phx.gbl
>Xref: cpmsftngxa06.phx.gbl
microsoft.public.windowsxp.configuration_manage:26004
>X-Tomcat-NG: microsoft.public.windowsxp.configuration_manage
>
>You replied to me saying Toby is correct implying I'm not. But I've said
the same as toby.
>--
>----------------------------------------------------------
>'Not happy John! Defending our democracy',
>http://www.smh.com.au/articles/2004/06/29/1088392635123.html
>""Darrell Gorter[MSFT]"" <Darrellg@online.microsoft.com> wrote in message
news:w7qLaHgZEHA.228@cpmsftngxa06.phx.gbl...
>> Hello David,
>> Wow what did I do to provoke this response.
>> I did read the entire thread a couple of times.
>> I confirmed Tony's post and stated that it would be addressed in Service
>> Pack 2.
>> So yes the file should have been protected in both places but it wasn't.
>> The fact that it is being addressed in service pack 2 answers Tony's
>> question:
>> > Does anyone know whether thisis a known defect in WFP on Windows XP,
or
>> was it intentional that
>> > notepad.exe should not be protected in the system32 directory?
>> Thanks,
>> Darrell Gorter[MSFT]
>>
>> This posting is provided "AS IS" with no warranties, and confers no
rights
>> --------------------
>> >From: "David Candy" <david@mvps.org>
>> >References: <#OlIXV0YEHA.996@TK2MSFTNGP12.phx.gbl>
>> <OnRrVI2YEHA.2500@TK2MSFTNGP09.phx.gbl>
>> <OKYytx5YEHA.2520@TK2MSFTNGP12.phx.gbl>
>> <O#WU835YEHA.3844@TK2MSFTNGP10.phx.gbl>
>> <u9wMO6AZEHA.4092@TK2MSFTNGP11.phx.gbl>
>> <O9leNHBZEHA.2388@TK2MSFTNGP11.phx.gbl>
>> <khKlOPRZEHA.600@cpmsftngxa06.phx.gbl>
>> >Subject: Re: Defect in Windows File Protection?
>> >Date: Fri, 9 Jul 2004 04:03:07 +1000
>> >Lines: 419
>> >MIME-Version: 1.0
>> >Content-Type: multipart/alternative;
>> > boundary="----=_NextPart_000_053E_01C46569.A4829810"
>> >X-Priority: 3
>> >X-MSMail-Priority: Normal
>> >X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
>> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
>> >Message-ID: <O6UVXXRZEHA.2944@TK2MSFTNGP11.phx.gbl>
>> >Newsgroups: microsoft.public.windowsxp.configuration_manage
>> >NNTP-Posting-Host: 203.57.44.193.tnt01.syd.pyr.oktiv.net 203.57.44.193
>> >Path:
>>
cpmsftngxa06.phx.gbl!TK2MSFTNGXS01.phx.gbl!TK2MSFTNGXA05.phx.gbl!TK2MSFTNGP0
>> 8.phx.gbl!TK2MSFTNGP11.phx.gbl
>> >Xref: cpmsftngxa06.phx.gbl
>> microsoft.public.windowsxp.configuration_manage:25954
>> >X-Tomcat-NG: microsoft.public.windowsxp.configuration_manage
>> >
>> >Correct about what dickhead? Should try reading.
>> > My program that I've posted here before asks windows what is it
>> protecting. I'm just confirming Windows is protected and system32 isn't.
>> The poster suspects this by experimentally testing it. I'm just giving
an
>> official answer from Windows itself.
>> >So perhaps you shouldn't post here in future as you are too stupid.
>> >--
>> >----------------------------------------------------------
>> >'Not happy John! Defending our democracy',
>> >http://www.smh.com.au/articles/2004/06/29/1088392635123.html
>> >""Darrell Gorter[MSFT]"" <Darrellg@online.microsoft.com> wrote in
message
>> news:khKlOPRZEHA.600@cpmsftngxa06.phx.gbl...
>> >> Hello,
>> >> Tony is correct. Notepad is missing from the list of protected files
>> under
>> >> system32.
>> >> If a file is protected it is protected at it's installed location,
since
>> >> notepad is installed to two locations it should be protected at both
>> >> locations, currently it is only protected at the \windows folder not
the
>> >> \windows\system32 folder.
>> >> This will be addressed in service pack two for Windows XP.
>> >> Thanks,
>> >> Darrell Gorter[MSFT]
>> >>
>> >> This posting is provided "AS IS" with no warranties, and confers no >
rights
>> >> --------------------
>> >> >From: "David Candy" <david@mvps.org>
>> >> >References: <#OlIXV0YEHA.996@TK2MSFTNGP12.phx.gbl>
>> >> <OnRrVI2YEHA.2500@TK2MSFTNGP09.phx.gbl>
>> >> <OKYytx5YEHA.2520@TK2MSFTNGP12.phx.gbl>
>> >> <O#WU835YEHA.3844@TK2MSFTNGP10.phx.gbl>
>> >> <u9wMO6AZEHA.4092@TK2MSFTNGP11.phx.gbl>
>> >> >Subject: Re: Defect in Windows File Protection?
>> >> >Date: Wed, 7 Jul 2004 21:01:43 +1000
>> >> >Lines: 484
>> >> >MIME-Version: 1.0
>> >> >Content-Type: multipart/mixed;
>> >> > boundary="----=_NextPart_000_0032_01C46465.9BAB0F10"
>> >> >X-Priority: 3
>> >> >X-MSMail-Priority: Normal
>> >> >X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
>> >> >X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
>> >> >Message-ID: <O9leNHBZEHA.2388@TK2MSFTNGP11.phx.gbl>
>> >> >Newsgroups: microsoft.public.windowsxp.configuration_manage
>> >> >NNTP-Posting-Host: 203.57.45.188.tnt02.syd.pyr.oktiv.net
203.57.45.188
>> >> >Path:
>> >>
>>
cpmsftngxa06.phx.gbl!TK2MSFTNGXS01.phx.gbl!TK2MSFTNGXA05.phx.gbl!TK2MSFTNGP0
>> >> 8.phx.gbl!TK2MSFTNGP11.phx.gbl
>> >> >Xref: cpmsftngxa06.phx.gbl
>> >> microsoft.public.windowsxp.configuration_manage:25897
>> >> >X-Tomcat-NG: microsoft.public.windowsxp.configuration_manage
>> >> >
>> >> >Here's the program. You'll need to use a newsreader to see it.
>> >> >Public Const MAX_PATH = 260
>> >> >Type PROTECTED_FILE_DATA
>> >> > FileName((MAX_PATH - 1) * 2) As Byte
>> >> > FileNumber As Long
>> >> >End Type
>> >> >Declare Function SfcGetNextProtectedFile Lib "sfc" (ByVal RpcHandle
As
>> >> Long, ProtFileData As PROTECTED_FILE_DATA) As Long
>> >> >Public Declare Function GetLastError Lib "kernel32" () As Long
>> >> >Sub Main()
>> >> >Dim udtProtectedFileData As PROTECTED_FILE_DATA
>> >> >udtProtectedFileData.FileNumber = 0
>> >> >Count = 1
>> >> >With Form1.List1
>> >> > Do Until SfcGetNextProtectedFile(0, udtProtectedFileData) = 0
>> >> > .AddItem udtProtectedFileData.FileName
>> >> > Count = Count + 1
>> >> > Loop
>> >> > n = Err.LastD1llError()
>> >> > If n = 18 Then
>> >> > .AddItem "All files listed without error"
>> >> > Else
>> >> > .AddItem "Error Code is " & n
>> >> > End If
>> >> > .AddItem Count & " Total Files"
>> >> >End With
>> >> >End Sub
>> >> >--
>> >> >----------------------------------------------------------
>> >> >'Not happy John! Defending our democracy',
>> >> >http://www.smh.com.au/articles/2004/06/29/1088392635123.html
>> >> >"Tony" <anonymous@discussions.microsoft.com> wrote in message
>> >> news:u9wMO6AZEHA.4092@TK2MSFTNGP11.phx.gbl...
>> >> >> Are you implying that all files in system32 are not protected, or
only
>> >> >> notepad.exe in system32 is not protected? Because, on my Windows
XP
>> >> system,
>> >> >> some files in system32 are certainly protected - actres.dll, for >
example.
>> >> >>
>> >> >> "David Candy" <david@mvps.org> wrote in message
>> >> >> news:O%23WU835YEHA.3844@TK2MSFTNGP10.phx.gbl...
>> >> >> My program that I've posted here before asks windows what is it
>> >> protecting.
>> >> >> I'm just confirming Windows is protected and system32 isn't. The >
poster
>> >> >> suspects this by experimentally testing it. I'm just giving an
>> official
>> >> >> answer from Windows itself.
>> >> >>
>> >> >> --
>> >> >> ----------------------------------------------------------
>> >> >> 'Not happy John! Defending our democracy',
>> >> >> http://www.smh.com.au/articles/2004/06/29/1088392635123.html
>> >> >>
>> >> >> "NoNoBadDog!" <mysocks_bjsledge_AT_pixi.com> wrote in message
>> >> >> news:OKYytx5YEHA.2520@TK2MSFTNGP12.phx.gbl...
>> >> >> > ??????
>> >> >> >
>> >> >> > David...just what was is you *meant* to say...'cause your post
makes
>> >> >> > absolutely no sense!!!
>> >> >> >
>> >> >> > Bobby
>> >> >> >
>> >> >> > "David Candy" <david@mvps.org> wrote in message
>> >> >> > news:OnRrVI2YEHA.2500@TK2MSFTNGP09.phx.gbl...
>> >> >> > Windows is the one file protection protects.
>> >> >> >
>> >> >> >
>> >> >> > --
>> >> >> > ----------------------------------------------------------
>> >> >> > 'Not happy John! Defending our democracy',
>> >> >> > http://www.smh.com.au/articles/2004/06/29/1088392635123.html
>> >> >> >
>> >> >> > "Tony" <anonymous@discussions.microsoft.com> wrote in message
>> >> >> > news:%23OlIXV0YEHA.996@TK2MSFTNGP12.phx.gbl...
>> >> >> > > I have evidence to suggest that the file notepad.exe is not
>> >> protected by
>> >> >> > > Windows File Protection (WFP) in the system32 directory on
>> Windows
>> >> XP.
>> >> >> If
>> >> >> > > you move notepad.exe out of the system32 directory into a
>> temporary
>> >> >> > > directory, WFP does not restore it from dllcache. It is
>> protected in
>> >> >> the
>> >> >> > > WINDOWS directory, however. On Windows 2000, notepad.exe is >
>> protected
>> >> >> in
>> >> >> > > both the system32 and the WINNT directories. Does anyone know
>> >> whether
>> >> >> > > this
>> >> >> > > is a known defect in WFP on Windows XP, or was it intentional
that
>> >> >> > > notepad.exe should not be protected in the system32 directory?
>> >> >> > >
>> >> >> > >
>> >> >> >
>> >> >> >
>> >> >>
>> >> >>
>> >> >
>> >>
>> >
>>
>
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom