Welp, Looks Like I'm Never Upgrading to Windows 10 Build 2004

[sapphirescales]

It seems there's a new "feature" in Windows 10 2004. As you all probably know, Windows 10 (and perhaps Windows 8 - I only used Windows 8 for such a short period of time that it's like a distant memory to me) has BS file permissions crap going on, which makes transferring data from a client's computer a big pain in the a$$ because you don't have "permission" to look into their user folder to back up files. Well, the easy solution to this was to just enable the built in hidden administrator account in Windows 10 and you wouldn't have those BS restrictions anymore.

Well, it seems like they've removed that in 2004. I upgraded my main office computer to 2004 and I can no longer access folders that don't "belong" to me even in the built in administrator account. I'm going to revert back to 1909 and see if that fixes it. If it doesn't, then I'm going to nuke n' pave the system with a fresh install of 2004 to see if I still have the issue. If that doesn't work then I'm going back to 1909 and just neutering it. I'm so sick and tired of this BS, Microsoft!

If anyone knows of any other way to disable this permissions bullsh*t, I'm all ears. I really wish I could strip Windows 10 of all the bullsh*t they've added to it over the years. At this rate I'm about ready to go back to Windows 7 for my business computers and just not connect them to the internet. I don't need internet anyway for imaging and diagnostics, which is all I really use my business computers for.

 

[nlinecomputers]

That's the usual prompt,which goes all the way back to xp. Are you saying that your not getting permission when you hit continue?

 

[sapphirescales]

That's the usual prompt,which goes all the way back to xp. Are you saying that your not getting permission when you hit continue?

No, I'm saying that I actually have to hit continue in order to access the files. It takes for freaking ever and I have to sit there with my finger up my a$$ for minutes at a time. On a drive with bad sectors it's just asking for the drive to fail.

You NEVER get that prompt with the built-in administrator account. You can access/modify/delete files to your heart's content with no restrictions or having to take permission of every goddamned file in order to access it.

Maybe 7 and XP had this permissions BS too but I never ran into it, possibly because the user folders on client's computers didn't have permissions assigned to them because they ran 7/XP. I must admit I've never attempted to access a hard drive from a Windows 10 computer using a computer running Windows 7. Maybe I'd get the same BS if I did.

 

[Sky-Knight]

You always get that prompt, with all accounts. Explorer doesn't run elevated unless it needs to be so, and yes... it's been that way since XP. Well not quite, the full UAC separation was with Win7.

 

[Porthos]

I must admit I've never attempted to access a hard drive from a Windows 10 computer using a computer running Windows 7. Maybe I'd get the same BS if I did.

That is normal when you access the user's folder on a slaved.USB connected drive.

 

[sapphirescales]

You always get that prompt, with all accounts. Explorer doesn't run elevated unless it needs to be so, and yes... it's been that way since XP. Well not quite, the full UAC separation was with Win7.

That is normal when you access the user's folder on a slaved.USB connected drive.

I'm telling you guys, it doesn't happen with the built-in administrator account all the way up to 1909. I've been doing this since XP. I can prove it and take a video for you guys right now. Then I'll show you what it does in 2004.

 

[nlinecomputers]

Administrator has not had default access from service pack 2 of xp.

 

[sapphirescales]

Administrator has not had default access from service pack 2 of xp.

I don't know what you mean by "default access" but you've always been able to enable the hidden administrator account using the command line.

1. Run command line as administrator
2. net user administrator /active:yes

Then log in to your new account named "Administrator." Change your password and rename it to anything you want and you now have full access to everything on your computer.

 

[Sky-Knight]

The built in administrator account has been disabled by default for half an age... use of said account causes PROBLEMS. The domain administrator account is the same... you're not supposed to be using that... ever.

But even if you are, you take ownership because you have admin rights to get at those files. Which is why you IMAGE defective drives, MOUNT that image, and make your changes there because by clicking the button you've screen shot here you CHANGE those permissions which may just cause problems later.

This behavior has been NORMAL since Windows 7. Only by doing crap that's WRONG do you get around it, which viruses do... and that's why the door keeps getting locked a little tighter. So you managed to make it to 2004? Yay? Update your brain already.

 

[nlinecomputers]

https://social.technet.microsoft.co...require-permission-from?forum=w7itprosecurity

It's a ownership issue.

 

[sapphirescales]

by clicking the button you've screen shot here you CHANGE those permissions which may just cause problems later.

Which is why I don't do that. I don't have to change any permissions in order to access those files using the built in administrator account. Then I transfer them and they no longer have annoying a$$ permissions to deal with. I've been doing this for over a decade with absolutely ZERO issues.

 

[Sky-Knight]

Creator Owner has full control by default, but the profile folders often either do not have administrators in their permissions list OR the shell itself isn't running as admin. If it's taking forever to open, that's because the permissions themselves are being adjusted... and that happens on a file by file basis.

If you yank any NTFS volume from one machine, and attempt to dig into ANY subfolder of C:\users... you WILL get that permissions block. Because the Administrators group on your machine doesn't match the GUID of the administrators group known to the hard disk you're accessing.

Yes, you can take ownership, and reset the permissions because you own the OS you're on, but that's not the OS that set them. And Yes this is ancient, and normal behavior that technically goes all the way back to NT 3.5... possibly further.

 

[sapphirescales]

https://social.technet.microsoft.co...require-permission-from?forum=w7itprosecurity

It's a ownership issue.

This might actually fix my issue:

You can disable the UAC feature that triggers this.

Start---run---gpedit.msc

Computer Configuration -- windows settings --Security Settings -- Local Policies -- Security Options

Scroll down to:

User Account Control: Run all administrators in Admin Approval Mode - Set to DISABLED.

Reboot.

Done.

I'm going to try it.

 

[sapphirescales]

Creator Owner has full control by default, but the profile folders often either do not have administrators in their permissions list OR the shell itself isn't running as admin. If it's taking forever to open, that's because the permissions themselves are being adjusted... and that happens on a file by file basis.

If you yank any NTFS volume from one machine, and attempt to dig into ANY subfolder of C:\users... you WILL get that permissions block. Because the Administrators group on your machine doesn't match the GUID of the administrators group known to the hard disk you're accessing.

Yes, I know all this and I want to bypass it because this is something I do on a regular basis. I use a program called Unstoppable Copier, which simply copies the files over and there are no more BS permissions anymore after that. Anyone can access those files because they weren't "created" by anyone. Problem solved.

I shouldn't have to "take ownership" of every f*cking file just to access them in order to make a copy of the files. I should have access to any file I want on my own freaking computer. I don't care where it is, I want full control over everything.

 

[Sky-Knight]

The UAC feature being disabled above would address this too... but you'd be better served simply disabling UAC entirely on any machine used for data recovery.

 

[sapphirescales]

The UAC feature being disabled above would address this too... but you'd be better served simply disabling UAC entirely on any machine used for data recovery.

I disable UAC on every system I see, including client's systems. Doesn't affect this unfortunately.

And before you jump down my throat for disabling UAC on client's systems, UAC is USELESS for the average computer-illiterate end user who just clicks "yes" or "ok" on everything that pops up.

 

[Sky-Knight]

I disable UAC on every system I see, including client's systems. Doesn't affect this unfortunately.

And before you jump down my throat for disabling UAC on client's systems, UAC is USELESS for the average computer-illiterate end user who just clicks "yes" or "ok" on everything that pops up.

No... it isn't... because it still provides another layer for the AV software to intercept the malware before it actually runs.

 

[sapphirescales]

No... it isn't... because it still provides another layer for the AV software to intercept the malware before it actually runs.

I'm talking about the actual notifications. I don't disable the entire thing.

EDIT: When it comes to malicious software, Smartscreen does a pretty good job.

 

[sapphirescales]

This might actually fix my issue:

HOLY SH*T GUYS - IT ACTUALLY WORKED!!!!!!!!!

Not only did it work for the built in administrator account, but it also works with other administrator accounts too! It does NOT work for standard, non-admin users though. Maybe this setting was just changed in 2004. I dunno. Frankly I don't care either. All I know is that I can access any files I want now and I don't even need to have the full admin rights to do it!

I'm going to try using a regular admin account from now on and see how this works. The main reason I use the built in administrator account is so that I can access and copy anything I want without restriction. If I can do that without using the built in account then that would make things easier for me.

 

[Sky-Knight]

It should, that policy is what configures that specific restriction.