Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Explicit permissions - remove inheritance/lock down to admins #398
This further restricts the default installation location by removing all permissions and inheritance of permissions, explicitly giving Administrator/LocalSystem to Full access, and Users are granted Read and Execute.
I owe @jberezanski a debt of gratitude for his tireless work in providing code, examples and testing all the scenarios to find security holes.
A non-admin can write to the programdata folder, but they cannot modify or append to existing files. They are also not able to delete existing files they did not put there (and possibly not even those files).
Lock down the default folder even more so that by default, non-admins can not even write to the folder.
Another place to see some examples of acl setting came in an interesting unrelated search http://blog.enowsoftware.com/solutions-engine/bid/185867/Powershell-Upping-your-Parameter-Validation-Game-with-Dynamic-Parameters-Part-II