I have a computer connected to the internet, but otherwise stand-alone, which uses Windows 7 Home Premium (64-bit OS). ICACLS shows that the security settings on C:\Windows are C:\Windows NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(M) NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F) BUILTIN\Administrators:(I)(OI)(CI)(F) BUILTIN\Users:(I)(OI)(CI)(RX,W) I understand that the default settings are C:\windows NT SERVICE\TrustedInstaller:(F) NT SERVICE\TrustedInstaller:(CI)(IO)(F) NT AUTHORITY\SYSTEM:(M) NT AUTHORITY\SYSTEM:(OI)(CI)(IO)(F) BUILTIN\Administrators:(M) BUILTIN\Administrators:(OI)(CI)(IO)(F) BUILTIN\Users:(RX) BUILTIN\Users:(OI)(CI)(IO)(GR,GE) CREATOR OWNER:(OI)(CI)(IO)(F) I have two questions. (a) Are there security risks with my settings? (b) Is it safe to use icacls C:\windows /T /Q /C /RESET? The reason I ask this is because Sean Reeves states in another forum that "I’ve been informed by Microsoft that icalcs shouldn’t be used on the drive with the OS. I am still awaiting clarification about whether it’s not to be run on the drive with the OS (at all) or simply not in system folders or directories containing system folders." (see http://lallousx86.wordpress.com/2009/06/14/resetting-ntfs-files-security-and-permission-in-windows-7/) Thanks in advance for any help with this.

Not having received any replies, I have done some further investigation. The security settings of the majority of the subfolders of C:\Windows are not inherited and agree with the default settings. However, the remaining subfolders inherit their settings from C:\ and consequently differ from the default settings, which are inherited from the explicit C:\Windows settings. The owner of folder C:\Windows is an unknown security identifier, S-1-5-21-2496373424-2134928991-926383051-8401, rather than the default TrustedInstaller. I assume the differences result of from installing software. As the system seems to be working normally this is not a big issue but I would be interested to know whether security is compromised. Question (b) in the previous post is no longer relevant, because I misunderstood the purpose of the reset command. Once again thanks in advance for any replies.