When setting ACLs in the file system, Setup generally first examines the ACL to see if there are any explicit (that is, noninherited) ACEs on the folder. If there are, then Setup assumes that one of two cases applies: either Setup has previously stamped ACLs on this folder, and there is no need to do so again, or an administrator has manually adjusted permissions to his or her liking, in which case Setup should not overwrite those settings. The effect is that, in the default case, Setup stamps file system permissions on a clean install, but does not modify them on reinstalls.
For the default installation folder, Setup reads the ACL from the Program Files folder and duplicates it; the permissions shown in Table B-23 are those that exist by default on Program Files.
Account | Allow/Deny | Inherit | Right | Notes |
---|---|---|---|---|
During server installation (if no preexisting explicit ACEs) | ||||
Authenticated Users | Allow | Yes | Read & Execute |
|
Server Operators | Allow | Yes | Modify |
|
Administrators | Allow | Yes | Full Control |
|
CREATOR OWNER | Allow | Yes | Full Control |
|
TERMINAL SERVER USER | Allow | Yes | Modify |
|
SYSTEM | Allow | Yes | Full Control |
|
Account | Allow/Deny | Inherit | Right | Notes |
---|---|---|---|---|
During server installation (if no preexisting explicit ACEs) | ||||
Everyone | Allow | Yes | Full Control |
|
ANONYMOUS LOGON | Allow | Yes | Full Control | Required for anonymous Simple Mail Transfer Protocol (SMTP) message submission |
Account | Allow/Deny | Inherit | Right | Notes |
---|---|---|---|---|
During server installation | ||||
Authenticated Users | Allow | Yes | Read |
Account | Allow/Deny | Inherit | Right | Notes |
---|---|---|---|---|
During server installation | ||||
Authenticated Users | Allow | Yes | Read & Execute |
Account | Allow/Deny | Inherit | Right | Notes |
---|---|---|---|---|
During server installation | ||||
ANONYMOUS LOGON | Allow | Yes | Read |
Account | Allow/Deny | Inherit | Right | Notes |
---|---|---|---|---|
During server installation | ||||
ANONYMOUS LOGON | Allow | Yes | Read | These permissions are applied to the Controls, Cabs, IMG, Views, and Help directories unless other ACLs have already been stamped there |