Discussion:
adding folder to existing WIM and ntfs perms question
(too old to reply)
James
2009-01-20 21:55:43 UTC
Permalink
Hello,

I am using MDT 2008 update 1.

I need to add a folder to some existing WIM images. I know I can easily
mount the wim file with imagex.exe /mountrw and add the folder. I have done
this with no issues... then of course use imagex.exe /commit /unmount etc..

my question is how are nfts permissions handled when doing this? I deployed
the image expecting this folder to just inherit the ntfs perms from the root
of the drive but it also had permissions from the system that was used to
mount the image and add the folder? I'm adding this folder to the root of
the filesystem in the wim image.

Is there a way I can manually add this folder and have it only inherit
permissions from the root of the filesystem in the deployed wim image? or do
I have to fix up the permissions via script post-image deployment?

the images are of server 2003.

any input would be appreciated. Thanks.
unknown
2009-01-22 00:29:17 UTC
Permalink
When an image is mounted, ACLs are preserved but not set on files so
that they are easier to manipulate and service.

Then when the image is unmounted, if any ACLs were changed they're
updated in the image and will be honored when applied. If you create
new files - like drag in a folder - whatever ACLs it had prior to
being dragged in will persist.

You could manually adjust the ACLs on the files/folders you add prior
to unmounting, saving the step on the deployed machines.

Regards

Johan Arwidmark
Microsoft MVP - Setup / Deployment
http://www.deployvista.com
Post by James
Hello,
I am using MDT 2008 update 1.
I need to add a folder to some existing WIM images. I know I can easily
mount the wim file with imagex.exe /mountrw and add the folder. I have done
this with no issues... then of course use imagex.exe /commit /unmount etc..
my question is how are nfts permissions handled when doing this? I deployed
the image expecting this folder to just inherit the ntfs perms from the root
of the drive but it also had permissions from the system that was used to
mount the image and add the folder? I'm adding this folder to the root of
the filesystem in the wim image.
Is there a way I can manually add this folder and have it only inherit
permissions from the root of the filesystem in the deployed wim image? or do
I have to fix up the permissions via script post-image deployment?
the images are of server 2003.
any input would be appreciated. Thanks.
James
2009-01-22 16:08:22 UTC
Permalink
great to hear from you Johan!

so I could set permissions for say, the administrators group while the image
is mounted, remove all other permissions, and then when I apply the image
the administrators group on the deployed machine is actually used? Would it
make a difference if the machine you are using to mount and edit the image
is a domain controller and therefore when you add 'administrators', its
actually the domain administrators group rather than a local administrators
group?

I guess I'm concerned/curious/confused about how the SIDS are handled... are
the SIDS for builtin groups like 'users' and 'administrators' always the
same on all machines? or does imagex just know when/how to make the switch
to the appropriate one?

what about non-builtin groups, or groups you create?

I guess the core of my confusion is that I have always thought of each user
and group being unique identities between machines... like administrators
from machineA being unique from administrators on machineB...

any futher enlightenment would be greatly appreciated.
Post by unknown
When an image is mounted, ACLs are preserved but not set on files so
that they are easier to manipulate and service.
Then when the image is unmounted, if any ACLs were changed they're
updated in the image and will be honored when applied. If you create
new files - like drag in a folder - whatever ACLs it had prior to
being dragged in will persist.
You could manually adjust the ACLs on the files/folders you add prior
to unmounting, saving the step on the deployed machines.
Regards
Johan Arwidmark
Microsoft MVP - Setup / Deployment
http://www.deployvista.com
Post by James
Hello,
I am using MDT 2008 update 1.
I need to add a folder to some existing WIM images. I know I can easily
mount the wim file with imagex.exe /mountrw and add the folder. I have done
this with no issues... then of course use imagex.exe /commit /unmount etc..
my question is how are nfts permissions handled when doing this? I deployed
the image expecting this folder to just inherit the ntfs perms from the root
of the drive but it also had permissions from the system that was used to
mount the image and add the folder? I'm adding this folder to the root of
the filesystem in the wim image.
Is there a way I can manually add this folder and have it only inherit
permissions from the root of the filesystem in the deployed wim image? or do
I have to fix up the permissions via script post-image deployment?
the images are of server 2003.
any input would be appreciated. Thanks.
Loading...