Advanced NTFS Permissions

Much time can be saved by making use of Advanced NTFS File Permissions. I found the following article at which gives a good description of Advanced NTFS permissions.

You can also see some other information on basic permissions and some recommendations in my earlier post.

Traverse Folder/Execute File: Users can navigate through folders to reach other files or folders, even if they have no permissions for the traversed files or folders. The Traverse Folder permission takes effect only when the group or user doesn’t have the Bypass Traverse Checking user right in the Group Policy snap-in. (By default, the Everyone group has the Bypass Traverse Checking user right.)

List Folder/Read Data: Users can view a list of a folder’s contents and data files.

Read Attributes: Users can view the attributes of a file or folder, such as read-only and hidden. (NTFS defines these attributes.)

Read Extended Attributes: Users can view the extended attributes of a file or folder. (Defined by programs, extended attributes may vary.)

Create Files/Write Data: The Create Files permission allows users to create files within the folder. (This permission applies to folders only.) The Write Data permission allows users to make changes to the file and overwrite existing content. (This permission applies to files only.)

Create Folders/Append Data: This Create Folders permission allows users to create folders within a folder. (This applies to folders only.) The Append Data permission allows users to make changes to the end of the file, but they can’t change, delete, or overwrite existing data. (This applies to files only.)

Write Attributes: Users can change the attributes of a file or folder, such as read-only or hidden. (NTFS defines these attributes.)

Write Extended Attributes: Users can change the extended attributes of a file or folder.

Delete: Users can delete the file or folder. (If users don’t have the Delete permission on a file or folder, they can still delete it if they have the Delete Subfolders And Files permission on the parent folder.)

Read Permissions: Users have reading permissions of the file or folder, such as Full Control, Read, and Write.

Change Permissions: Users have changing permissions of the file or folder, such as Full Control, Read, and Write.

Take Ownership: Users can take ownership of the file or folder. The owner of a file or folder can always change permissions on it, regardless of any existing permissions that protect the file or folder.

Windows 7 may ship with IE in Europe after all

It seems that there may be agreement between the European Commission and Microsoft to Windows 7 being released in Europe with Internet Explorer 8 present, but with consumers being offered a “ballot screen” which would allow them to simply select from a list of other web browsers. This would set the chosen browser as default and disable Internet Explorer.

This would mean that the issues that I discussed in my previous post about Windows 7 E would go away as the versions of Windows 7 shipped in Europe would share the same functionality as the rest of the world out of the box, which is a positive step. PC manufacturers would still be free to choose to pre-install any browser(s) that they choose to be the default of the machines they ship in Europe.

The proposal states that the ballot screen will be populated with up to 10 of the most used web browsers (with a usage share of at least 0.5% in the European Economic Area, and only one version per vendor), with the top 5 being given prominence. The proposal also includes a commitment to bring the ballot screen retrospectively to XP and Vista via Windows Update.

For more detail, read Microsoft’s press release regarding their proposal to the European Commission and the statement from the Commission.

Windows 7 E

Within the University, the issues in this post aren’t going to be relevant since ISS will deal with it, but I know that we have people reading this from outside, and that those of you who are our colleagues will be the IT support for their family and friends, who may have to deal with it. I’m sure you’ve heard this news before reading this, but in case you haven’t prepare to be shocked and bemused…

Following on from various wrangling and threats of fines after a complaint to the European Union from browser maker Opera about Microsoft’s bundling of Internet Explorer with Windows being anti-competitive, Microsoft has stated that it will release special E editions of the different Windows 7 versions in Europe. Windows 7 E editions will not contain a web browser, and unlike the old N (which didn’t contain Windows Media Player, to try to please the EU, and which nobody bought), there’s no option this time – if you’re in Europe, you get the E edition and you can’t purchase a version of Windows 7 that contains IE.

Funnily enough Opera isn’t pleased about this, presumably because they have to now provide a distribution mechanism for people to get their browser onto a PC that doesn’t have a browser already with which to download it, and increasingly may not have an optical disk drive. Opera would like Windows 7 to include a “ballot screen” which would provide a selection of browsers that the user could choose from. It doesn’t take a genius to see why Microsoft would be reluctant to do that since however they ordered the options, someone would be bound to complain (and by “complain”, I mean “probably take legal action”).

It’s not all bad though. The majority of consumers who use Windows get it with a new PC, and the OEMs who manufacture those PCs aren’t going to send one out to retail without a web browser. They’ll undoubtedly do deals with one browser company or another to bundle their offering as they do with anti-virus and other software. The vast numbers of Windows users in a corporate environment don’t need to worry either since their IT department will sort them out. The only people who are really affected by this are the small percentage who buy a boxed (or downloaded) copy of Windows 7 to upgrade an existing computer. It’s a small percentage of people who buy Windows this way simply because the numbers of corporate users and PC buyers are so large, but I expect that the number will be larger with Windows 7 simply because it’s so much better suited to running on existing hardware than Windows Vista was – I’m running it quite happily on my netbook and I also put the release candidate on my mother’s creaking “built for XP” laptop with 512Mb RAM; it works fine!

I said this affects people who are buying a copy to upgrade, but the other caveat to this is that because there were no Windows Vista or XP E editions, Microsoft isn’t providing Windows 7 E upgrade versions as they have done previously. They are providing the full version of Windows 7 E, in the UK, for roughly the equivalent of the upgrade pricing they’re using outside the EU if you pre-order from selected suppliers between now and the 9th August.

So, if you’re moving your old PC to Windows 7 E, not only will you not have a browser, but you’re going to have to do a clean install too. Microsoft have put up a web page which takes you through the steps you can take to make the transition as painless as possible. Obviously it tells you how to get to running Windows 7 E with IE8, but if you already use a different web browser I’m sure you can work out how to switch it in at that point.

Of course it’s not only people using Windows in Europe who are impacted by the release of the E editions. Software developers worldwide, who may have used the fact that IE was present in every version of Windows in their applications, will have to look at ways around it being missing, or another browser being in its place. There is some excellent advice for developers on the Windows blog about this. I’d recommend that Windows sys admins check that out too, since it’ll help them in testing software before rolling it out across their Windows infrastructure.

Some further reading regarding Windows 7:
…for IT Pros: Talking About Windows and IT Pro at Home
…for people building hardware or developing software: Ready. Set. 7.

Office 2010 reaches Technical Preview

Yesterday, at their Worldwide Partner Conference, Microsoft announced that the next release of Office has reached the Technical Preview milestone. The announcement included demos of some features, and there are more on their site Introducing Microsoft Office 2010 Technical Preview (unfortunately the site appeared to be struggling under the load, but Long Zheng contacted me to say he had reliable mirrors of the videos on his fantastic blog).

Office 2010 isn’t the revolutionary product that Office 2007 was, where Microsoft introduced it’s new Ribbon interface, but the Ribbon has evolved (and spread to the places where it wasn’t last time round, like Outlook), and they appear to have added some handy new features. You should check the videos out to see what may be most appealing to you, but there are some things that I think will give productivity gains to most users (albeit small ones, but they all add up over the lifetime of a version of version of Office).

I particularly like the new printing UI in Word which incorporates the printing dialogue options along with the print preview – it removes at least one step (checking the preview before going to the print the document), but it could potentially remove several iterations of checking the preview, altering the print options, checking the preview again, etc. This feature is actually part of what Microsoft call Backstage, which should be consistent across the whole Office suite. Also in Word, the Navigation Pane looks like a handy way to search and manage the order of sections in a large document.

In Outlook, if you’re going to send a message to someone on your Exchange infrastructure who has an out of office auto-reply setup, the new MailTips will tell you that when you add them to the recipient list, rather than you composing the message and sending it before you find out that the person isn’t there to read it. Something else in Outlook that got a lot of positive feedback on Twitter from the people watching the streaming video of the WPC keynote was the option to ignore a mail conversation, which would throw out all the past and future messages in a conversation (the conversation view of your inbox has been promoted to be the default in Outlook 2010).

For the first time, Office has an online version – Office Web Apps provide trimmed down versions of the desktop applications in the browser (IE/FF/Safari). This won’t be part of the Technical Preview, instead debuting later in the year. I don’t know if this has been announced before, but when you look at Google Docs it’s probably an obvious step – Office Web Apps will be free to consumers with a Windows Live ID. In addition, Microsoft will provide a hosted version for businesses (like Google do), but they also allow companies to host them locally, in case you don’t want to give your data to Microsoft (not an option with Google Docs).

Although I’m not a heavy user of Office (other than Outlook), I’m a bit of an Office junkie, so I expect I’ll post more about it up to the release, but in the meantime you can go and check out those vids and you might want to check out Paul Thurrott’s write-up of the Technical Preview on his SuperSite for Windows. If that makes you desperate to get your hands on the Technical Preview, you can add yourself to the Waitlist.

Windows 7 and Windows Server 2008 R2 Event – great success! But what about Windows 7 XP Mode?

Last night, I attended the Windows 7 and Windows Server 2008 R2 Event publicised by Jonathan below. I hadn’t attended any of the VBUG stuff before, thinking it probably wouldn’t be that relevant to my work and interests, being (as I had thought) aimed more at techie VB/Powershell developers. How wrong!

The talk was entirely relevant and I’m actually very glad I went because it made me realise that I’d made some incorrect assumptions about Windows 7. One item, in particular, set off some alarm bells…

XP Mode – the answer to all our prayers for running legacy Windows XP applications on Windows 7 on all our existing PCs – wrong! XP Mode requires Windows 7 Virtual PC which in turn requires hardware virtualisation support on the motherboard. Hardware virtualisation on machines older than 1 or 2 years is simply non-existent. Even some new laptops and PCs don’t come with hardware virtualisation and even when they do, it isn’t always possible to switch it on!

It is a shame that Microsoft have insisted on developing XP Mode to work only when hardware virtualisation is present as it seems to be in opposition to the purpose of XP Mode. Given that Windows 7 will run so well on older kit where Vista wouldn’t, and you can get away with much less memory, it just seems senseless that XP Mode needs brand new boxes in order to work. One can only get cynical about these things… and wonder about the Intel sales and marketing influence…

But the real message here is: if you want to run XP Mode make sure you’re buying machines that fully support hardware virtualisation.

There’s plenty of good news though. With improved deployment utilities for Windows 7, we are looking at a lot quicker turn around times for getting driver support into images. Bitlocker setup is a much more straight-forward process in Windows 7 and ‘Bitlocker To Go’ means USB pen drives can be easily encrypted with little technical know-how required. UAC is now fully working and is far less intrusive than in Vista. Allegedly the User State Migration Tools now work too… we’ll see.

All in all, last night’s talk was enjoyable and very informative, with an excellent and knowledgeable speaker, who really knew his stuff.

The VBUG group are taking a summer break but will be back in September to host some more events in conjunction with Microsoft Professionals. They are wanting ideas for topics to cover so please post your ideas on this blog.