Comment by jandrese
1 day ago
> The Microsoft's ACLs are nothing short of one of the best designed permission systems there are.
You have a hardened Windows 11 system. A critical application was brought forward from a Windows 10 box but it failed, probably a permissions issue somewhere. Debug it and get it working. You can not try to pass this off to the vendor, it is on you to fix it. Go.
Is this a trick question, because you run it as administrator in a sandboxed account.
Procmon.exe. Give me 2 minutes. You make it sound like it's such a difficult thing to do. It literally will not take me more than 2 minutes to tell you exactly where the permission issue is and how to fix it.
Procmon won't show you every type of resource access. Even when it does, it won't tell you which entity in the resource chain caused the issue.
And then you get security product who have the fun idea of removing privileges when a program creates a handle (I'm not joking, that's a thing some products do). So when you open a file with write access, and then try to write to the file, you end up with permission errors durig the write (and not the open) and end up debugging for hours on end only to discover that some shitty security product is doing stupid stuff...
Granted, thats not related to ACLs. But for every OK idea microsoft had, they have dozen of terrible ideas that make the whole system horrible.
Shitty security products being inscrutable isn't limited to Windows. "Disable SELinux" anyone?
Especially when the permission issue is up the chain from the application. Sure it is allowed to access that subkey, but not the great great grandparent key.
At this point you're just arguing for the sake of bashing on Microsoft. You said it yourself, that's not related to ACL, so what are you doing, mate? This is not healthy foundation for a constructive discussion.
and why is it not on the vendor of the critical application?
Because they aren't allowed on the system where it is installed, and also they don't deal with hardened systems.