You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
NB: this was suggested by a user. Quoting from the email below:
I notice that windirstat, even when run as Administrator, cannot see some folders..
Producing big yellow Unknown (if reporting Unknown is enabled).
Like this:
(image not yet posted, because it may contain some stuff the user would not want here)
The root cause for this lack of access is, in my case, the ACLs of the folders.
But local Administrator should have sufficient privs to observe these right?
Well yes, but those privileges are not by default “Enabled”.
The above shows that SeBackupPrivilege is granted (or else it wouldn’t be listed), however it is disabled.
I think, in theory, the local Administrator COULD modify his User Access Token to enable SeBackupPrivilege,
but the more typical approach is that the utility itself asks for enabling of the privilege (if it has been granted).
I think that’s what robocopy does.
If this makes sense, then I’d like to create a ticket requesting this:
Windirstat should attempt to enable SeBackupPrivilege before starting its walk.
Then windirstat could count all of those folders that are now displayed as Unknown.
The text was updated successfully, but these errors were encountered:
If we check first that the user has this privilege assigned, before trying to enable it (otherwise an audit alert may result), I think that's a sound idea.
IIRC I did have that in a ticket before at some point.
Either way this should be a configuration option that is default-on, in my opinion. @NoMoreFood any opinion?
That privilege basically allows to skip certain permission checks, somewhat akin to how the owner of an object always is bestowed the WRITE_DAC access, no matter what the SD says.
NB: this was suggested by a user. Quoting from the email below:
I notice that windirstat, even when run as Administrator, cannot see some folders..
Producing big yellow Unknown (if reporting Unknown is enabled).
Like this:
(image not yet posted, because it may contain some stuff the user would not want here)
The root cause for this lack of access is, in my case, the ACLs of the folders.
But local Administrator should have sufficient privs to observe these right?
Well yes, but those privileges are not by default “Enabled”.
The above shows that SeBackupPrivilege is granted (or else it wouldn’t be listed), however it is disabled.
I think, in theory, the local Administrator COULD modify his User Access Token to enable SeBackupPrivilege,
but the more typical approach is that the utility itself asks for enabling of the privilege (if it has been granted).
I think that’s what robocopy does.
If this makes sense, then I’d like to create a ticket requesting this:
Windirstat should attempt to enable SeBackupPrivilege before starting its walk.
Then windirstat could count all of those folders that are now displayed as Unknown.
The text was updated successfully, but these errors were encountered: