Jump to content



Photo

  • Please log in to reply
9 replies to this topic

#1 +warwagon

warwagon

    Only you can prevent forest fires.

  • Tech Issues Solved: 3
  • Joined: 30-November 01
  • Location: Iowa

Posted 19 March 2013 - 16:05

I brought this question up in a previous support thread that was just locked by request of the OP.

So I guess i'll move the question to a new thread.

When transferring data from a previous machine to a new machine, you open the old drive on the new machine and attempt to navigate to the previous user account in the documents and settings folder or users folder and the new Vista, 7 or 8 machine says that before you can access this folder it the OS must take ownership.

But if you boot into a bartpe environment and try to load that exact same folder, it will open up first try and the files are visible and copyable clear as day without taking any sort of ownership.

Charisma said

This happened with me when I recently set up a new build--set up the OS on a SSD and used the old drive with all my files on it as a secondary/storage drive. I'm just going through doing that as needed, but it's quite normal, since the files were created/owned by a different SID on a different system.


Because BartPE doesn't have to take ownership we know it's not a security measure of the file system on the previous drive. So we know it is possible to read files without taking ownership, is it the case that Vista, 7 and 8 cares to much? Or does it have something to do with UAC?


#2 articuno1au

articuno1au

    Neowinian Senior

  • Tech Issues Solved: 3
  • Joined: 20-March 11
  • Location: Brisbane, Australia

Posted 19 March 2013 - 16:10

It is a security system of NTFS.

Unfortunately, the kernel implements (or in this case doesn't) the security based on the folder settings. Windows 7 and 8 are correctly implementing security. Bartpe isn't >.>

SOOOOOO.. Physical access to the disk beats all else.

#3 OP +warwagon

warwagon

    Only you can prevent forest fires.

  • Tech Issues Solved: 3
  • Joined: 30-November 01
  • Location: Iowa

Posted 19 March 2013 - 16:14

It is a security system of NTFS.

Unfortunately, the kernel implements (or in this case doesn't) the security based on the folder settings. Windows 7 and 8 are correctly implementing security. Bartpe isn't >.>

SOOOOOO.. Physical access to the disk beats all else.


Exactly Windows Vista 7, 8 is correctly implementing security. But what good is that, if you can just boot bartpe which isn't correctly implementing it and get access.

#4 +LogicalApex

LogicalApex

    Software Engineer

  • Tech Issues Solved: 8
  • Joined: 14-August 02
  • Location: Philadelphia, PA
  • OS: Windows 7 Ultimate x64
  • Phone: Nexus 5

Posted 19 March 2013 - 16:15

I haven't used BartPE, but my assumption would be the following...

BartPE runs in the context of Administrator which already has access to all the folders. When you run Windows Vista or later you're running under the context of a less privileged user and you need to be given access to that folder, as a less privileged user, before you can access it. If you fired up Explorer as Admin (you can do this) then I suspect you wouldn't encounter the take ownership prompts on Windows Vista or later just as you don't in BartPE.

The ACL rules are still the same in all cases.

#5 articuno1au

articuno1au

    Neowinian Senior

  • Tech Issues Solved: 3
  • Joined: 20-March 11
  • Location: Brisbane, Australia

Posted 19 March 2013 - 16:16

Physical access > All.

Lets say your server dies? How do you recover the file system?

The reason this is important is because you can transfer the FS to a new server, and all of the permissions will persist.

If you can take the disk out of the server and plug it into something stupid (bartpe/XP for instance :p) you can bypass the security settings.

Hell, Vista, 7 and 8 can all bypass it if you have physical access and Admin permission on the kernel.

The point is that people ought not be able to take drives off your servers without your permission :p But you want your permissions (when moved with your.. permission.. >.>) to persist :)

EDIT::
I figured Bartpe wasn't implementing NTFS permissions correctly, might well be that you're always running as Admin on the system thus you're taking advantage of established permissions. No idea >.<

#6 +Brando212

Brando212

    Neowinian Senior

  • Tech Issues Solved: 17
  • Joined: 15-April 10
  • Location: Omaha, NE
  • OS: Windows 8.1
  • Phone: Sony Xperia ZL, Nokia Lumia 925

Posted 19 March 2013 - 16:18

more so than just bartPE you can boot any linux distro and read the files as well

#7 PGHammer

PGHammer

    Neowinian Senior

  • Tech Issues Solved: 1
  • Joined: 31-August 03
  • Location: Accokeek, MD
  • OS: Windows 8 Pro with Media Center x64

Posted 19 March 2013 - 16:20

Exactly Windows Vista 7, 8 is correctly implementing security. But what good is that, if you can just boot bartpe which isn't correctly implementing it and get access.


It's why bootable images (either DVD-based or USB-based) of WinPE (which bartPE is based on) are useful in forensic analysis of Windows PCs (such as that of the unlamented Adam Larranza) - it's also part of how drive-migration tools (such as Drive Magician and TrueImage, and Partition Magic before that) have ALWAYS worked.

The $0.64USD question is did bartPE need updating to work with Windows 8's NTFS.

#8 OP +warwagon

warwagon

    Only you can prevent forest fires.

  • Tech Issues Solved: 3
  • Joined: 30-November 01
  • Location: Iowa

Posted 19 March 2013 - 16:21

With everything including PE you can read the contents of an external drive. It's just that Vista, 7 and 8 make it more of a pain in the ass to accomplish the same thing.

#9 articuno1au

articuno1au

    Neowinian Senior

  • Tech Issues Solved: 3
  • Joined: 20-March 11
  • Location: Brisbane, Australia

Posted 19 March 2013 - 16:23

Nope, NTFS is entirely backwards compatible. If it encounters a flag it doesn't understand, it steps over it. There's a KB on ReFS that explains NTFS implementation of this area >.<

Bartpe is running XP's kernel, thus XP's NTFS implementation without proper security permissions.

@ Warwagon - Physical access yes?

Even thought NTFS details the permissions, the Kernel implements them. Thus you can do whatever you want if you have control of the Kernel.

EDIT::
For your edit >.>
If you consider moving your file permissions with the file system a pain in the arse, sure. I think most admins prefer it this way, makes life a ****ton easier.

#10 +BudMan

BudMan

    Neowinian Senior

  • Tech Issues Solved: 106
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 19 March 2013 - 18:11

BartPE is just a homegrown version of WinPE

http://msdn.microsof...dded.51%29.aspx
When you boot your device by using Windows PE, you have complete access to the NTFS file system on the target device, regardless of administrator privileges, access control lists, or NTFS permissions placed on the file system.

http://download.micr...dowsPE_tech.doc
Windows PE allows you to access the NTFS file system without regard to the access control lists placed on the file system.

This is no different than booting say as mentioned already a linux CD, as also stated if you have physical access does not matter what sort of ACLs you have set on the filesystem, be windows NTFS, or other OS file systems EXT3, ReiserFS, HFS+, etc.

Unless the filesystem/file is encrypted - if you have physical access then you can gain access. Is what your asking why does a full blown OS like XP, Vista, 7 or 8 adhere to NTFS permissions when an OS like winPE does not?

I would of like for that other thread to remain open for a place of discussion as well. Would of been a good place to go over NTFS basics - and the details of why users run into problems when they move disks or try and share externals between systems. If your going to use an OS, its a good idea to understand the basics of how its filesystems permissions system works ;)

I agree we see quite a few threads with the same flavor - why can I not access my files when I reinstall my OS, or when I put the disk in different machine, etc. If you have physical access, and not encrypted and you are admin on the OS your using to access - then does not matter what permissions were set on the other OS, you can always take ownership and set the permissions to your liking.