Permissions in Windows 7

In Windows 7 in order to provide more security to the operating system, Microsoft introduced a group called the "TrustedInstaller". The Administrator account was removed from write/modify access to important Windows folders and Registry Keys and this group was given access instead.

This modification broke a lot of software that was designed to install in a Windows XP environment where administrators have full access rights to everything.

In a home user environment where all users are administrators, this added security helps protect the Operating System from virus and other attacks.

However, in a Domain Environments where users don't have administrative access, this added security can hinder the Domain Administrator from proper administration. It can also break a lot of older software installation.

To successfully implement Windows 7 into my Domain Environment take owership and then via xcacls, reset the permissions on the C:\ as well as in the Registry back to XP Permissions (list here).

For example the HKEY_CLASSES_ROOT is one such Registry key that is protected in Windows 7. However, with the removal of the File Types Tab it is essential to have access to this key in order to change file associations via script.

I noticed that once resetting the permissions, older software that would no previously install, installed without error.