The following lines were added (+) and removed (-):
== Restricted Access to File System ==Users are finding that downloads and files cannot be saved directly to the file system, unless within the user home directory or a few other select places. Access to the file system has been highly restricted, but not necessarily in an intelligent way. To enhance security Microsoft has even denied Administrators access to some folders.Users are supposed to have the option to grant permission to write to a restricted folder. However, this works inconsistently at best.When working with file system security consider the two individual components:* permission* ownershipChanging file or folder ownership:* right-click any file or folder, select Properties, and go to Security tab. Now click the Advanced * go to Owner tab and click Edit * select owner Changing file or folder permission (does not work consistently):* right-click the file or folder and select Properties. Go to Security tab, and click Edit* select your username and check the Full Control checkboxRemember, even if you are administrator account you still may not be able to save to a folder or access a file or folder. You can try to give complete permission to yourself, but this even fails due to Microsoft poor implementation. Some folders and files are locked in such a way that access will remain restricted. Microsoft likes to restrict your access to your own PC. == Running Applications With Administrator Privilege ==Microsoft borrowed the concept of 'sudo' from UNIX/Linux by allowing users to run an application as root. When you run a program, it runs under your user account and is restricted the same way your user account is. You can run a program as administrator from your user account by right click on the program and choosing "Run as..." (technically the option existed in XP too)== Folder Virtualization Security ==Windows restricts portions of the Windows file system and registry, and also restricts write operations during normal operation. Applications no longer have unlimited access to C:\Program Files and C:\Windows . Since software created for Windows often expect access to all directories, windows does some shifting behind the scenes. Windows will automatically and silently redirect global registry and anywhere file system writes to per-user locations that are not supposed to harm the system or compromise security. This will cause some legacy installers to fail or installed applications to not function correctly.To prevent failure and preserve operation of legacy installers that require direct access to restricted file system and registry locations, Microsoft engineers cooked up this virtualization scheme. If a legacy application attempts to write to the Program Files directory, Windows User Account Control silently redirects that operation to an unprotected user-specific folder. === Virtualized Folders when downloading files ===Downloading a file may go directly to the path you choose under your user directory. However, sometimes a web site might use an ActiveX control to download. ActiveX controls cannot write directly to anywhere on the file system, including your own user folder, except for a virtualized cage buried deep within AppData. Basically, if you try to save a download to: c:\users\<username>It might actually end up going to the virtualized folder: c:\users\<username>\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\<username>Microsoft intentionally tries to obfuscate actual file system paths. Internet Explorer 7 offered users the opportunity to open the Virtualization Folder. Since Internet Explorer 8 the virtualized folder path is hidden and the user receives no indication that a download is not actually going where the user thinks it is, that it has silently been redirected to the bastardized and buried virtualized folder. [[Category:Computer_Technology]][[Category:Microsoft]][[Category:Windows]][[Category:Windows 7]][[Category:Security]]