Edit Permissions on the System Drive in Windows 10 20h2 Build 19042.508

Question

Hi , you got any update about this already known issue please? this issue is very problematic. As others, when trying to remove or edit existing permissions(here the "Modify" right to 'authenticated Users") it deletes all permissions on the drive, so the system becomes unbootable.
It used to work in 1909.

Build is 20H2 19042.508

Here is the powershell i use (doing it with the system account)

$ACL = Get-ACL -Path "C:\"  
$AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule("NT AUTHORITY\Authenticated Users","Modify","Allow")  
$ACL.RemoveAccessRule($AccessRule)  
$ACL | Set-Acl -Path "C:\"  

Can't even see the permission with system account :

thanks for updating

Answer 1

It looks like this issue is fixed in 21H1 but if like us you have invested loads of time already in an 20H2 image I came up with the following commands to get the same outcome (accepting that the existing default permissions get blown away by the bug anyway). The Adminstrator rights have to come first so you don't lock yourself out (in the same way the removal of the Authenticated Users permission bug does):

icacls C:\ /grant:r "Administrators":(OI)(CI)F
icacls C:\ /grant "Authenticated Users":(OI)(CI)(RX)
icacls C:\ /grant "SYSTEM":(OI)(CI)F

Answer 2

If system unable to boot now, the first thing we usually do is system restore. Make system usable again.
It seems strange that you would be assigning permissions in the file system to authenticated users, especially C:. A more appropriate setting would be Interactive Users or, if you're locking down workstations, read only.
Authenticated Users:
Any user accessing the system through a logon process has the Authenticated Users identity. This identity allows access to shared resources within the domain, such as files in a shared folder that should be accessible to all the workers in the organization.
https://learn.microsoft.com/en-us/previous-versions/technet-magazine/dd637754(v=msdn.10)?redirectedfrom=MSDN
A similar case:
Windows 7: accidentally removed permission for authenticated user for drive d
https://www.sevenforums.com/general-discussion/145806-accidentally-removed-permission-authenticated-user-drive-d.html
Please note: Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.

-------------------------------------------------------------------------------------

If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 3

Thxs for your answer and your help
But I’m an IT professional and I know what I’m doing here.
The issue is that I’m doing that in the workstation mastering process since windows 7 and all windows 10 build since a few years and I never had issue with removing the modify permissions for authenticated users.

The script I’m using (even with power shell command or icacls) is not working only with the last windows 10 build. It seems that ACL’s on the system drive are a bit different from before.

This issue seems to be known

I will open a support case.

Thxs for help again.

Answer 4

You need the updated release of 20H2 19042.631
There are unconfirmed reports or acl issues kike this in an earlier version