I am still using dual-boot on some of my computers, so I have two Windows 7 installations running. Most data is on a partition on a separate hard drive that both installations use.
For certain files I need to set NTFS permission, if I do this using a user account or a custom windows group it works fine on one installation. When booting into the second installation, the user has no access to the files because the entries in the ACLs are specific to the account from the first installation (and shown as 'unknown' in the security dialog)
To work around this, I could use one of the built-in Windows groups. Their sid's are the same on all installations of Windows.
The question is which of the built-in groups to use? I want to give the user as little extra permissions as possible:
Administrators S-1-5-32-544
Backup Operators S-1-5-32-551
Cryptographic Operators S-1-5-32-569
Distributed COM Users S-1-5-32-562
Event Log Readers S-1-5-32-573
Guests S-1-5-32-546
IIS_IUSRS S-1-5-32-568
Network Configuration Operators S-1-5-32-556
Performance Log Users S-1-5-32-559
Performance Monitor Users S-1-5-32-558
Power Users S-1-5-32-547
Remote Desktop Users S-1-5-32-555
Replicator S-1-5-32-552
Users S-1-5-32-545
I don't want to use Administrators, Backup Operators or Power Users because accounts in these groups have powerful permissions. Which of the remaining is the least 'powerful'?
I also can't use 'Guests' because they should not have access to the files.
I can't use 'users' either because every normal user is in that group, but not every user
should have access to the files in question.
Best Answer
1 word. Users.
Users is basically everyone who can be authenticated by that machine locally.