| Server IP : 180.180.241.3 / Your IP : 216.73.216.252 Web Server : Microsoft-IIS/7.5 System : Windows NT NETWORK-NHRC 6.1 build 7601 (Windows Server 2008 R2 Standard Edition Service Pack 1) i586 User : IUSR ( 0) PHP Version : 5.3.28 Disable Function : NONE MySQL : ON | cURL : ON | WGET : OFF | Perl : OFF | Python : OFF | Sudo : OFF | Pkexec : OFF Directory : /Windows/Help/Windows/en-US/ |
Upload File : |
MZ����������������������������������������������������������@���PE��L��������������!
��������������������������@�����������������������0�������@����������������������������������������������������������������������������������������������������������������������������������������������������.rsrc��������������������������@��@.its�������� ��������������������@��@��������������������������������������������������������������������������������������������������������������������������������������������������������������0����������������� ��H���X��|����������|4���V�S�_�V�E�R�S�I�O�N�_�I�N�F�O�������������������������������������������������������S�t�r�i�n�g�F�i�l�e�I�n�f�o������0�4�0�9�0�4�b�0���b�!��F�i�l�e�V�e�r�s�i�o�n�����1�.�0�0�.�0�0� � � � � � � � � � � � � � � � � � � � � � � � � �����l�"��F�i�l�e�D�e�s�c�r�i�p�t�i�o�n�����C�o�m�p�i�l�e�d� �M�i�c�r�o�s�o�f�t� �H�e�l�p� �2�.�0� �T�i�t�l�e���B���F�i�l�e�S�t�a�m�p�����6�0�8�9�2�4�2�8�0�1�C�A�0�4�1�F���4�����J���C�o�m�p�i�l�e�r�V�e�r�s�i�o�n�����2�.�5�.�7�1�2�1�0�.�0���8�5�7�9�����V���C�o�m�p�i�l�e�D�a�t�e�����2�0�0�9�-�0�7�-�1�4�T�0�1�:�0�6�:�5�4��� � � � � � �����>���T�o�p�i�c�C�o�u�n�t���7�1�����0�0�0�0�0�0�0�0�0�0�0�0������A��L�e�g�a�l�C�o�p�y�r�i�g�h�t���� �2�0�0�5� �M�i�c�r�o�s�o�f�t� �C�o�r�p�o�r�a�t�i�o�n�.� �A�l�l� �r�i�g�h�t�s� �r�e�s�e�r�v�e�d�.���C�C�C�C�C�C�C�C�C�C�C�C�C�����D����V�a�r�F�i�l�e�I�n�f�o�����$����T�r�a�n�s�l�a�t�i�o�n����� ��������������������������������������������ti�G���($`����@ITOLITLS���(���������X쌡^�
V`������������������� ������������ ������x��������������������������������������������������������� ��������������������N�������������������������������������������������������������������������CAOL���P���HH��C��� �����������������������ITSF��� ������#������` ��������%�������������-Y쌡^�
VY쌡^�
VIFCM����������������AOLL��������������������������N�����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������IFCM���� ������������AOLLB�������������������������/���/$FXFtiAttribute/���/$FXFtiAttribute/BTREET/$FXFtiAttribute/DATA��/$FXFtiAttribute/PROPERTYlN
/$FXFtiMain/���/$FXFtiMain/BTREE/$FXFtiMain/DATA g/$FXFtiMain/PROPERTYN/$Index/$ATTRNAME*p/$Index/$PROPBAG/$Index/$STRINGSB/$Index/$SYSTEMf4
/$Index/$TOC/���/$Index/$TOC/$aclui�|/$Index/$TOPICATTR:p/$Index/$TOPICSf�/$Index/$URLSTRFh/$Index/$URLTBL.8/$Index/$VTAIDX /$Index/AssetId/���/$Index/AssetId/$BL0:�
/$Index/AssetId/$LEAF_COUNTS:/$Index/AssetId/$LEAVESB� /$OBJINST|
/aclui.h1c�]h
/aclui.H1F�E&
/aclui.H1T�~*
/aclui.H1V�k/aclui_AssetId.H1K�(k/aclui_BestBet.H1K�k/aclui_LinkTerm.H1K�~l/aclui_SubjectTerm.H1K�jo/assets/���0/assets/066cf7b1-0e68-40bb-b889-6268f1308575.xml�tV0/assets/2062f415-b057-4d7f-976a-aa598ff61cd7.xml�J 0/assets/24cb5900-6f96-4fd0-bb0c-e3456e1e5f0c.xml�iv0/assets/2cea42b8-ecb8-473c-9785-35d59350b2c6.xml�_50/assets/33049c64-45d1-4b9e-9bed-9bd57d35a131.xml�m0/assets/43111cad-938d-4a92-b67b-d45d54d827d1.xml��0/assets/459c9959-d1d8-4b56-b1c3-a4474f728cea.xml�
0/assets/49645c80-bcfd-4483-a815-73047bb3d868.xml�a0/assets/4a9b1c9c-8649-4857-8715-b50c3ece6a87.xml�o0/assets/4e2dc3e0-7408-4d58-be7f-fbc367dd489b.xml�@0/assets/5aba2b2a-d3a5-4a69-b408-8dca63fe2346.xml�C;0/assets/6076bede-08b6-49ac-84fa-f357e341ad96.xml�~e0/assets/61bbaf37-c16c-4420-bc13-cac3db3b488a.xml�c*0/assets/63909479-3669-48af-942d-ea29c74cfa7d.xml�
^0/assets/66aa4130-5b9b-433c-aacc-14d874c5fe01.xml�k|0/assets/6e91ebf8-2a9a-4e49-9d75-632d56470ac0.xml�go0/assets/6f5229e8-e1e2-4831-9317-c021a093fbf3.xml�Vw0/assets/714fe1cc-dd0a-47f2-b86c-a593c00f8dc3.xml�M 0/assets/72f8fa57-8cd1-46ae-923a-657a01937941.xml�m0/assets/74879417-e006-4295-9d09-f9d339305957.xml�n0/assets/7b0de306-9880-42ac-861e-e24a0a44398e.xml�e0/assets/7ea10cbc-874f-4083-90e5-1b7363f8fe9f.xml�jL0/assets/92af2cc8-0a54-4284-9c38-eaa1364b20ec.xml�660/assets/a18e704c-d945-41f1-a450-32f528ff1f42.xml�lj0/assets/a513c103-5b10-46db-a939-018b47d37f15.xml�V:0/assets/b709a6a7-632d-4a29-8f84-3d7c6971ec5f.xml�|0/assets/c2afe41c-b845-4623-a445-be6ad0a92ab4.xml�
Y0/assets/c69245e2-2ed1-4b73-8b37-e6a15e51c176.xml�e90/assets/d5c47d5f-271d-4863-817c-a9cef4976c47.xml�
b0/assets/daa22437-b34b-4418-9196-5871dfbef2f5.xml��t0/assets/de9eb804-154e-4c4f-9d21-81f992b97562.xml�t@0/assets/e97dce40-e248-41dc-8663-01351360bfa7.xml�4B0/assets/ea0a7b99-df60-4ca6-91ee-3e39af57836f.xml�vL0/assets/ebfa5c70-6870-4101-839c-dc20ff4ab45c.xml�BW0/assets/ef763292-21dc-42bb-92f7-2dc30f115fac.xml�N0/assets/fc747cd7-e7ca-4544-b485-3c40230d848c.xml�gv::DataSpace/NameList��<(::DataSpace/Storage/MSCompressed/Content�Y
,::DataSpace/Storage/MSCompressed/ControlData�T )::DataSpace/Storage/MSCompressed/SpanInfo�L/::DataSpace/Storage/MSCompressed/Transform/List�<_::DataSpace/Storage/MSCompressed/Transform/{8CEC5846-07A1-11D9-B15E-000D56BFE6EE}/InstanceData/���i::DataSpace/Storage/MSCompressed/Transform/{8CEC5846-07A1-11D9-B15E-000D56BFE6EE}/InstanceData/ResetTable�uX3::Transform/{8CEC5846-07A1-11D9-B15E-000D56BFE6EE}/�����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������
s`M:+@P�p�N�
��
�U�n�c�o�m�p�r�e�s�s�e�d���
�M�S�C�o�m�p�r�e�s�s�e�d���FX쌡^�
V��������LZXC����������������HH��<maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Advanced Security Settings Properties Page - Owner Tab</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title>
<maml:introduction>
<maml:para>See <maml:navigationLink><maml:linkText>Managing Object Ownership</maml:linkText><maml:uri href="mshelp://windows/?id=daa22437-b34b-4418-9196-5871dfbef2f5"></maml:uri></maml:navigationLink> for information about object ownership.</maml:para>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Item</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Description</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para><maml:ui>Object name</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Currently selected object.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:ui>Current owner</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>User or group that owns the object.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:ui>Change owner to</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Users or groups that can be granted ownership. Click <maml:ui>Other users or groups</maml:ui> to select additional choices from the computer or network.</maml:para>
</maml:entry></maml:row>
</maml:table>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Take Ownership of a File or Folder</maml:linkText><maml:uri href="mshelp://windows/?id=459c9959-d1d8-4b56-b1c3-a4474f728cea"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Access Control</maml:title><maml:introduction>
<maml:para>The Windows operating system helps protect files, applications, and other resources from unauthorized use through a process of matching user accounts and group membership against the rights, privileges, and permissions associated with those accounts and group memberships. The topics in this section will show you how to assign or set privileges and permissions. In addition, understanding privileges and permissions, why they are necessary, and how they function can help you manage shared resources effectively. Understanding these processes can also help you avoid unnecessary risks and troubleshoot any access control problems you might encounter.</maml:para>
<maml:para>This section contains the following topics:</maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Access Control Overview</maml:linkText><maml:uri href="mshelp://windows/?id=5aba2b2a-d3a5-4a69-b408-8dca63fe2346"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Checklist: Setting Access Controls on Objects</maml:linkText><maml:uri href="mshelp://windows/?id=e97dce40-e248-41dc-8663-01351360bfa7"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Managing Permissions</maml:linkText><maml:uri href="mshelp://windows/?id=24cb5900-6f96-4fd0-bb0c-e3456e1e5f0c"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Managing Object Ownership</maml:linkText><maml:uri href="mshelp://windows/?id=daa22437-b34b-4418-9196-5871dfbef2f5"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Managing Security Auditing</maml:linkText><maml:uri href="mshelp://windows/?id=7b0de306-9880-42ac-861e-e24a0a44398e"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Understanding User Account Control</maml:linkText><maml:uri href="mshelp://windows/?id=61bbaf37-c16c-4420-bc13-cac3db3b488a"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Resources for Access Control</maml:linkText><maml:uri href="mshelp://windows/?id=2cea42b8-ecb8-473c-9785-35d59350b2c6"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>User Interface: Access Control</maml:linkText><maml:uri href="mshelp://windows/?id=c69245e2-2ed1-4b73-8b37-e6a15e51c176"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Managing Permissions</maml:title><maml:introduction>
<maml:para>Every container and object on the network has a set of access control information attached to it. Known as a security descriptor, this information controls the type of access allowed to users and groups. Permissions are defined within an object's security descriptor. Permissions are associated with, or assigned to, specific users and groups. </maml:para>
<maml:para>When you are a member of a security group that is associated with an object, you have some ability to manage the permissions on that object. For those objects you own, you have full control. You can use different methods, such as Active Directory Domain Services (AD DS), Group Policy, or access control lists, to manage different types of objects.</maml:para>
<maml:para>This section contains:</maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>What Are Permissions?</maml:linkText><maml:uri href="mshelp://windows/?id=6f5229e8-e1e2-4831-9317-c021a093fbf3"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>File and Folder Permissions</maml:linkText><maml:uri href="mshelp://windows/?id=d5c47d5f-271d-4863-817c-a9cef4976c47"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Share and NTFS Permissions on a File Server</maml:linkText><maml:uri href="mshelp://windows/?id=4e2dc3e0-7408-4d58-be7f-fbc367dd489b"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Inherited Permissions</maml:linkText><maml:uri href="mshelp://windows/?id=43111cad-938d-4a92-b67b-d45d54d827d1"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>How Effective Permissions Are Determined</maml:linkText><maml:uri href="mshelp://windows/?id=ebfa5c70-6870-4101-839c-dc20ff4ab45c"></maml:uri></maml:navigationLink></maml:para></maml:listItem><maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Determine Where to Apply Permissions</maml:linkText><maml:uri href="mshelp://windows/?id=6e91ebf8-2a9a-4e49-9d75-632d56470ac0"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Set, View, Change, or Remove Permissions on an Object</maml:linkText><maml:uri href="mshelp://windows/?id=a513c103-5b10-46db-a939-018b47d37f15"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para>
<maml:list class="unordered"><maml:listItem><maml:para>For information about managing permissions by using AD DS, see <maml:navigationLink><maml:linkText>Assign, change, or remove permissions on Active Directory objects or attributes</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=63970"></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?LinkId=63970).</maml:para></maml:listItem>
<maml:listItem><maml:para>For information about managing permissions by using Group Policy, see <maml:navigationLink><maml:linkText>Apply or Modify Permission Entries for Objects Using Group Policy</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=64928"></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?LinkId=64928).</maml:para></maml:listItem></maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Resources for Access Control</maml:title><maml:introduction>
<maml:para>For more information about access control, see the following resources on the Microsoft Web site:</maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Identity Management, Access Control, and Information Protection</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=131727"></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?LinkId=131727)</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Designing a Resource Authorization Strategy</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=63966"></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?LinkId=63966)</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Microsoft Technical Security Notifications</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=63967"></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?LinkId=63967)</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Security Auditing</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkID=131231"></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?LinkID=131231)</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Troubleshooting Access Control</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=63969"></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?LinkId=63969)</maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Apply or Modify Auditing Policy Settings for a Local File or Folder</maml:title><maml:introduction>
<maml:para>You can apply audit policies to individual files and folders on your computer by setting the permission type to record successful access attempts or failed access attempts in the security log. </maml:para>
<maml:para>Local <maml:phrase>Administrators</maml:phrase> is the minimum group membership required to complete this procedure. Review the details in "Additional considerations" in this topic.</maml:para>
<maml:procedure><maml:title>To apply or modify auditing policy settings for a local file or folder </maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open Windows Explorer.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Right-click the file or folder that you want to audit, click <maml:ui>Properties</maml:ui>, and then click the <maml:ui>Security</maml:ui> tab.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>Edit</maml:ui>, and then click <maml:ui>Advanced</maml:ui>.</maml:para>
<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>If you are not logged on as a member of the Administrators group on this computer, you must provide administrative credentials to proceed.</maml:para>
</maml:alertSet>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Advanced Security Settings for <object></maml:ui> dialog box, click the <maml:ui>Auditing</maml:ui> tab.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Do one of the following: </maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>To set up auditing for a new user or group, click <maml:ui>Add</maml:ui>. In <maml:ui>Enter the object name to select</maml:ui>, type the name of the user or group that you want, and then click <maml:ui>OK</maml:ui>.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>To remove auditing for an existing group or user, click the group or user name, click <maml:ui>Remove</maml:ui>, click <maml:ui>OK</maml:ui>, and then skip the rest of this procedure.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>To view or change auditing for an existing group or user, click its name, and then click <maml:ui>Edit</maml:ui>.</maml:para>
</maml:listItem>
</maml:list>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Apply onto</maml:ui> box, click the location where you want auditing to take place.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Access</maml:ui> box, indicate what actions you want to audit by selecting the appropriate check boxes: </maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>To audit successful events, select the <maml:ui>Successful</maml:ui> check box.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>To stop auditing successful events, clear the <maml:ui>Successful</maml:ui> check box.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>To audit unsuccessful events, select the <maml:ui>Failed</maml:ui> check box.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>To stop auditing unsuccessful events, clear the <maml:ui>Failed</maml:ui> check box.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>To stop auditing all events, click <maml:ui>Clear All</maml:ui>.</maml:para>
</maml:listItem>
</maml:list>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If you want to prevent subsequent files and subfolders of the original object from inheriting these audit entries, select the <maml:ui>Apply these auditing entries to objects and/or containers within this container only</maml:ui> check box.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
<maml:alertSet class="important"><maml:title>Important </maml:title>
<maml:para>Before setting up auditing for files and folders, you must enable object access auditing by defining auditing policy settings for the object access event category. If you do not enable object access auditing, you will receive an error message when you set up auditing for files and folders, and no files or folders will be audited. </maml:para>
</maml:alertSet>
<maml:para><maml:phrase>Additional considerations</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>You must be logged on as a member of the Administrators group or you must have been granted the <maml:ui>Manage auditing and security log</maml:ui> right in Group Policy to perform this procedure.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>To open Windows Explorer, click <maml:ui>Start</maml:ui>, point to <maml:ui>All Programs</maml:ui>, click <maml:ui>Accessories</maml:ui>, and then click <maml:ui>Windows Explorer</maml:ui>.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>After object access auditing is enabled, view the security log in Event Viewer to review the results of your changes.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>You can set up file and folder auditing only on NTFS drives.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>If you see either of the following, auditing has been inherited from the parent folder: </maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>In the <maml:ui>Auditing Entry for <File or Folder></maml:ui> dialog box, in the <maml:ui>Access</maml:ui> box, the check boxes are unavailable.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>In the <maml:ui>Advanced Security Settings for <File or Folder></maml:ui> dialog box, the <maml:ui>Remove</maml:ui> button is unavailable.</maml:para>
</maml:listItem>
</maml:list>
</maml:listItem>
<maml:listItem>
<maml:para>Because the security log is limited in size, select the files and folders to be audited carefully. Also, consider the amount of disk space that you want to devote to the security log. The maximum size for the security log is defined in Event Viewer.</maml:para>
</maml:listItem>
</maml:list>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Managing Security Auditing</maml:linkText><maml:uri href="mshelp://windows/?id=7b0de306-9880-42ac-861e-e24a0a44398e"></maml:uri></maml:navigationLink></maml:para></maml:listItem><maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Advanced Security Settings Properties Page - Auditing Tab</maml:linkText><maml:uri href="mshelp://windows/?id=49645c80-bcfd-4483-a815-73047bb3d868"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Inherited Permissions</maml:title><maml:introduction>
<maml:para>Inherited permissions are those that are propagated to an object from a parent object. Inherited permissions ease the task of managing permissions and ensure consistency of permissions among all objects within a given container.</maml:para>
</maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>Inheritance for all objects</maml:title><maml:introduction>
<maml:para>If the <maml:ui>Allow</maml:ui> and <maml:ui>Deny</maml:ui> permission check boxes in the various parts of the access control user interface are shaded when you view the permissions of an object, the object has inherited permissions from a parent object. You can set these inherited permissions by using the <maml:ui>Permissions</maml:ui> tab of the <maml:ui>Advanced Security Settings </maml:ui> properties page. </maml:para>
<maml:para>There are three recommended ways to make changes to inherited permissions:</maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>Make the changes to the parent object where the permissions are explicitly defined, and then the child object will inherit these permissions. For more information, see <maml:navigationLink><maml:linkText>Set, View, Change, or Remove Permissions on an Object</maml:linkText><maml:uri href="mshelp://windows/?id=a513c103-5b10-46db-a939-018b47d37f15"></maml:uri></maml:navigationLink>.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Select the <maml:ui>Allow</maml:ui> permission to override the inherited <maml:ui>Deny</maml:ui> permission.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Clear the <maml:ui>Include inheritable permissions from this object's parent</maml:ui> check box. Then you can make changes to the permissions or remove users or groups from the <maml:ui>Permissions</maml:ui> list. However, the object will no longer inherit permissions from the parent object.</maml:para>
<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>Inherited Deny permissions do not prevent access to an object if the object has an explicit Allow permission entry.</maml:para>
</maml:alertSet>
<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>Explicit permissions take precedence over inherited permissions, even inherited Deny permissions. </maml:para>
</maml:alertSet>
</maml:listItem>
</maml:list>
<maml:para>If the <maml:ui>Special Permissions</maml:ui> entry in <maml:ui>Permissions for <User or Group></maml:ui> is shaded, it does not imply that this permission has been inherited. This means that a special permission has been selected. </maml:para>
<maml:para>On the <maml:ui>Permissions</maml:ui> tab of the <maml:ui>Advanced Security Settings for <Folder></maml:ui> page, in <maml:ui>Permission entries</maml:ui>, the <maml:ui>Apply To</maml:ui> column lists what folders or subfolders a permission is applied to. The <maml:ui>Inherited From</maml:ui> column lists where the permissions have been inherited from.</maml:para>
<maml:para>You can use the <maml:ui>Apply To</maml:ui> field of the <maml:ui>Permission Entry for</maml:ui> <maml:ui><Folder></maml:ui> page to select the folders or subfolders you want permissions to be applied to. </maml:para>
<maml:para>For more information about how to complete these tasks, see <maml:navigationLink><maml:linkText>Set, View, Change, or Remove Permissions on an Object</maml:linkText><maml:uri href="mshelp://windows/?id=a513c103-5b10-46db-a939-018b47d37f15"></maml:uri></maml:navigationLink> and <maml:navigationLink><maml:linkText>Determine Where to Apply Permissions</maml:linkText><maml:uri href="mshelp://windows/?id=6e91ebf8-2a9a-4e49-9d75-632d56470ac0"></maml:uri></maml:navigationLink>.</maml:para>
</maml:introduction></maml:section><maml:section>
<maml:title>Inheritance for Active Directory objects</maml:title><maml:introduction>
<maml:para>If you use an <maml:ui>Apply To</maml:ui> option to control inheritance for Active Directory objects, be aware that not only do the objects specified in the <maml:ui>Apply To</maml:ui> box inherit that access control entry (ACE), but also all child objects also receive a copy of that ACE. The child objects that are not specified in the <maml:ui>Apply To</maml:ui> box receive copies of the ACE but do not enforce it. If there are enough objects getting copies of this ACE, then that increased amount of data can cause serious performance problems to your network.</maml:para>
<maml:para>If you assign permissions to a parent object and want child objects to inherit these permission entries, you can keep performance optimal by making sure all the child objects have identical access control lists (ACLs). In Windows, single-instancing allows Active Directory Domain Services (AD DS) to store only one copy of all identical ACLs. By creating ACLs that many objects can use, you can preserve the performance of your network.</maml:para>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>For more information about permissions, see <maml:navigationLink><maml:linkText>What Are Permissions?</maml:linkText><maml:uri href="mshelp://windows/?id=6f5229e8-e1e2-4831-9317-c021a093fbf3"></maml:uri></maml:navigationLink>.</maml:para>
</maml:listItem><maml:listItem><maml:para>For more information about permissions for Active Directory objects, see <maml:navigationLink><maml:linkText>Access control in Active Directory</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=63972"></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?LinkId=63972).</maml:para></maml:listItem>
</maml:list>
</maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Take Ownership of a File or Folder</maml:title><maml:introduction>
<maml:para>The owner of the object controls how permissions are set on the object and to whom permissions are granted. </maml:para>
<maml:para>The <maml:phrase>Take Ownership</maml:phrase> permission on an object or the <maml:phrase>Restore files and directories</maml:phrase> user right are the minimum requirements to complete this procedure. Review the details in "Additional considerations" in this topic.</maml:para>
<maml:procedure><maml:title>To take ownership of a file or folder</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open Windows Explorer, and then locate the file or folder you want to take ownership of.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Right-click the file or folder, click <maml:ui>Properties</maml:ui>, and then click the <maml:ui>Security</maml:ui> tab.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>Advanced</maml:ui>, and then click the <maml:ui>Owner</maml:ui> tab.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>Edit</maml:ui>, and then do one of the following:</maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>To change the owner to a user or group that is not listed, click <maml:ui>Other users and groups </maml:ui>and, in <maml:ui>Enter the object name to select (examples)</maml:ui>, type the name of the user or group, and then click <maml:ui>OK</maml:ui>. </maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>To change the owner to a user or group that is listed, in the <maml:ui>Change owner to</maml:ui> box, click the new owner. </maml:para>
</maml:listItem>
</maml:list>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>(Optional) To change the owner of all subcontainers and objects within the tree, select the <maml:ui>Replace owner on subcontainers and objects</maml:ui> check box.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
<maml:para><maml:phrase>Additional considerations</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>An administrator can take ownership of any file on the computer. </maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Assigning ownership of a file or a folder might require you to elevate your permissions by using User Access Control. </maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>To open Windows Explorer, click <maml:ui>Start</maml:ui>, point to <maml:ui>All Programs</maml:ui>, click <maml:ui>Accessories</maml:ui>, and then click <maml:ui>Windows Explorer</maml:ui>.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>You can transfer ownership in two ways: </maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>The current owner can grant the Take Ownership permission to others, allowing those users to take ownership at any time. A user granted the Take Ownership permission can take ownership of the object or assign ownership to any group that the user is a member of. </maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>A user who has the <maml:ui>Restore files and directories</maml:ui> privilege can double-click <maml:ui>Other users and groups</maml:ui> and choose any user or group to assign ownership to.</maml:para>
</maml:listItem>
</maml:list>
</maml:listItem>
<maml:listItem>
<maml:para>The Everyone group no longer includes the Anonymous Logon group.</maml:para>
</maml:listItem>
</maml:list>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Managing Object Ownership</maml:linkText><maml:uri href="mshelp://windows/?id=daa22437-b34b-4418-9196-5871dfbef2f5"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Advanced Security Settings Properties Page - Auditing Tab</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>Requirements for auditing object access</maml:title><maml:introduction>
<maml:para>Establishing audit policy is an important facet of security. Monitoring the creation or modification of objects gives you a way to track potential security problems, helps to ensure user accountability, and provides evidence in the event of a security breach.</maml:para>
<maml:para>The most common types of events to be audited are: </maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>Access to objects, such as files and folders.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Management of user accounts and group accounts.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Users logging on to and logging off from the system.</maml:para>
</maml:listItem>
</maml:list>
<maml:para>When you implement audit policy:</maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>If you want to audit directory service access or object access, determine which objects you want to monitor access of and what type of access you want to monitor. For example, if you want to audit any attempts by users to open a particular file, you can configure auditing policy settings in the object access event category so that both successful and failed attempts to read a file are recorded.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Specify the categories of events that you want to audit. Examples of event categories are user logon, user logoff, and account management. The event categories that you select constitute your audit policy. For more information about each event category, see <maml:navigationLink><maml:linkText>Audit Policies</maml:linkText><maml:uri href="mshelp://windows/?id=6076bede-08b6-49ac-84fa-f357e341ad96"></maml:uri></maml:navigationLink>.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Set the size and behavior of the Security log. You can view the Security log with Event Viewer.</maml:para>
</maml:listItem>
</maml:list>
<maml:para>You can have one or more auditing entries for the same user or group depending on the type of auditing, where it was inherited from, the type of access, and what it will be applied to.</maml:para>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Item</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Description</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para><maml:ui>Object name</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Names the currently selected object.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:ui>Auditing entries</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Displays each auditing entry for this object: </maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:ui>Type.</maml:ui> The result on which to apply the audit policy. This can be Success, Fail, or All. <maml:ui>Type</maml:ui> is set by permission access.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:ui>Name.</maml:ui> Name of object to apply audit policies.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:ui>Access.</maml:ui> Permission types, such as Full Control, Traverse Folder/Execute File, Read Attributes, and Delete. Includes file and folder permissions, Active Directory object permissions, and file server permissions.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:ui>Inherited from.</maml:ui> Object from which permissions are inherited. You can include inheritable auditing entries from the object's parent if one exists by selecting the check box on this dialog box.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:ui>Apply To.</maml:ui> Those child objects to which the permissions are also applied.</maml:para>
</maml:listItem>
</maml:list>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:ui>Include inheritable auditing entries from this object's parent</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>When selected, inheritable auditing entries from the object's parent will be written to the Security log.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:ui>Replace all existing inheritable auditing entries on all descendants with inheritable auditing entries from this object</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>When selected, auditing settings on this parent object will replace those on its descendant objects.</maml:para>
<maml:para>When cleared, auditing settings on each object, whether parent or its descendant, can be unique. </maml:para>
</maml:entry></maml:row>
</maml:table>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Managing Permissions</maml:linkText><maml:uri href="mshelp://windows/?id=24cb5900-6f96-4fd0-bb0c-e3456e1e5f0c"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Apply or Modify Auditing Policy Settings for a Local File or Folder</maml:linkText><maml:uri href="mshelp://windows/?id=33049c64-45d1-4b9e-9bed-9bd57d35a131"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Permission Entry Dialog Box</maml:title><maml:introduction>
<maml:para>Folder permissions include Full Control, Modify, Read & Execute, List Folder Contents, Read, and Write. For information about these permissions, see <maml:navigationLink><maml:linkText>File and Folder Permissions</maml:linkText><maml:uri href="mshelp://windows/?id=d5c47d5f-271d-4863-817c-a9cef4976c47"></maml:uri></maml:navigationLink>. Each of these permissions consists of a logical group of special permissions, which are listed and defined below. Not all of the special permissions will apply to all objects.</maml:para>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Permission</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Description</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para><maml:ui>Traverse Folder/Execute File</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Traverse Folder allows or denies moving through folders to reach other files or folders, even if the user has no permissions for the traversed folders. Traverse Folder takes effect only when the group or user is not granted the <maml:ui>Bypass traverse checking</maml:ui> user right in the Group Policy Management Console. By default, the Everyone group is granted the <maml:ui>Bypass traverse checking</maml:ui> user right. (Applies to folders only.)</maml:para>
<maml:para>Execute File allows or denies running program files. (Applies to files only.)</maml:para>
<maml:para>Setting the Traverse Folder permission on a folder does not automatically set the Execute File permission on all files within that folder.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:ui>List Folder/Read Data</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>List Folder allows or denies viewing file names and subfolder names within the folder. List Folder affects the contents of that folder only and does not affect whether the folder you are setting the permission on will be listed. (Applies to folders only.)</maml:para>
<maml:para>Read Data allows or denies viewing data in files. (Applies to files only.) </maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:ui>Read Attributes</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Allows or denies viewing the attributes of a file or folder, such as read-only and hidden. Attributes are defined by NTFS.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:ui>Read Extended Attributes</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Allows or denies viewing the extended attributes of a file or folder. Extended attributes are defined by programs and may vary by program.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:ui>Create Files/Write Data</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Create Files allows or denies creating files within the folder. (Applies to folders only.)</maml:para>
<maml:para>Write Data allows or denies making changes to the file and overwriting existing content. (Applies to files only.) </maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:ui>Create Folders/Append Data</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Create Folders allows or denies creating folders within the folder. (Applies to folders only.)</maml:para>
<maml:para>Append Data allows or denies making changes to the end of the file but not changing, deleting, or overwriting existing data. (Applies to files only.) </maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:ui>Write Attributes</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Allows or denies changing the attributes of a file or folder, such as read-only or hidden. Attributes are defined by NTFS.</maml:para>
<maml:para>The Write Attributes permission does not imply creating or deleting files or folders; it only includes the permission to make changes to the attributes of a file or folder. To allow (or deny) create or delete operations, see <maml:ui>Create Files/Write Data</maml:ui>, <maml:ui>Create Folders/Append Data</maml:ui>, <maml:ui>Delete Subfolders and Files</maml:ui>, and <maml:ui>Delete</maml:ui>.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:ui>Write Extended Attributes</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Allows or denies changing the extended attributes of a file or folder. Extended attributes are defined by programs and may vary by program.</maml:para>
<maml:para>The Write Extended Attributes permission does not imply creating or deleting files or folders; it only includes the permission to make changes to the attributes of a file or folder. To allow (or deny) create or delete operations, see <maml:ui>Create Files/Write Data</maml:ui>, <maml:ui>Create Folders/Append Data</maml:ui>, <maml:ui>Delete Subfolders and Files</maml:ui>, and <maml:ui>Delete</maml:ui>.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:ui>Delete Subfolders and Files</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Allows or denies deleting subfolders and files, even if the Delete permission has not been granted on the subfolder or file. </maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:ui>Delete</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Allows or denies deleting the file or folder. If you do not have Delete permission on a file or folder, you can still delete it if you have been granted Delete Subfolders and Files on the parent folder.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:ui>Read Permissions</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Allows or denies reading permissions of the file or folder, such as Full Control, Read, and Write.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:ui>Change Permissions</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Allows or denies changing permissions of the file or folder, such as Full Control, Read, and Write.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:ui>Take Ownership</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Allows or denies taking ownership of the file or folder. The owner of a file or folder can always change permissions on it, regardless of any existing permissions on the file or folder.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:ui>Synchronize</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Allows or denies different threads to wait on the handle for the file or folder and synchronize with another thread that may signal it. This permission applies only to multithreaded, multiprocess programs.</maml:para>
</maml:entry></maml:row>
</maml:table>
<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>You will not be able to access an encrypted file without the Encrypting File System (EFS) key, even if you have the necessary permissions.</maml:para>
</maml:alertSet>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>What Are Permissions?</maml:linkText><maml:uri href="mshelp://windows/?id=6f5229e8-e1e2-4831-9317-c021a093fbf3"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>File and Folder Permissions</maml:linkText><maml:uri href="mshelp://windows/?id=d5c47d5f-271d-4863-817c-a9cef4976c47"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Determine Where to Apply Permissions</maml:linkText><maml:uri href="mshelp://windows/?id=6e91ebf8-2a9a-4e49-9d75-632d56470ac0"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Take Ownership of a File or Folder</maml:linkText><maml:uri href="mshelp://windows/?id=459c9959-d1d8-4b56-b1c3-a4474f728cea"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Share and NTFS Permissions on a File Server</maml:title><maml:introduction>
<maml:para>Access to a folder on a file server can be determined through two sets of permission entries: the share permissions set on a folder and the NTFS permissions set on the folder (which can also be set on files). Share permissions are often used for managing computers with FAT32 file systems, or other computers that do not use the NTFS file system.</maml:para>
<maml:para>Share permissions and NTFS permissions are independent in the sense that neither changes the other. The final access permissions on a shared folder are determined by taking into consideration both the share permission and the NTFS permission entries. The more restrictive permissions are then applied.</maml:para>
<maml:para>The following table suggests equivalent permissions that an administrator can grant to the Users group for certain shared folder types. Another approach is to set share permissions to Full Control for the Everyone group and to rely entirely on NTFS permissions to restrict access.</maml:para>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Folder type</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Share permissions</maml:para>
</maml:entry>
<maml:entry>
<maml:para>NTFS permissions</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para><maml:ui>Public folder.</maml:ui> A folder that can be accessed by everyone.</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Grant Change permission to the Users group.</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Grant Modify permission to the Users group.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:phrase>Drop folder</maml:phrase>. A folder where users can drop confidential reports or homework assignments that only the group manager or instructor can read.</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Grant Change permission to the Users group.</maml:para>
<maml:para>Grant Full Control permission to the group manager.</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Grant Write permission for the Users group that is applied to <maml:ui>This Folder only</maml:ui>. (This is an option available on the <maml:ui>Advanced</maml:ui> page.) </maml:para>
<maml:para>If each user needs to have certain permissions to the files that he or she dropped, you can create a permission entry for the Creator Owner well-known security identifier (SID) and apply it to <maml:ui>Subfolder and files only</maml:ui>. For example, you can grant the Read and Write permission to the Creator Owner SID on the drop folder and apply it to all subfolders and files. This grants the user who dropped or created the file (the Creator Owner) the ability to read and write to the file. The Creator Owner can then access the file through the <maml:ui>Run</maml:ui> command by using <maml:replaceable>\\ServerName\DropFolder\FileName</maml:replaceable>.</maml:para>
<maml:para>Grant Full Control permission to the group manager.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:phrase>Application folder.</maml:phrase> A folder containing applications that can be run over the network.</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Grant Read permission to the Users group.</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Grant Read, Read & Execute, and List Folder Contents permissions to the Users group.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para> <maml:phrase>Home folder.</maml:phrase> An individual folder for each user. Only the user has access to the folder.</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Grant Full Control permission to each user on his or her respective folder.</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Grant Full Control permission to each user on his or her respective folder.</maml:para>
</maml:entry></maml:row>
</maml:table>
<maml:para><maml:phrase>Additional considerations</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>Granting a user Full Control NTFS permission on a folder enables that user to take ownership of the folder unless the user is restricted in some other way. Be cautious in granting Full Control.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>If you want to manage folder access by using NTFS permissions exclusively, set share permissions to Full Control for the Everyone group. </maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>NTFS permissions affect access both locally and remotely. NTFS permissions apply regardless of protocol. Share permissions, by contrast, apply only to network shares. Share permissions do not restrict access to any local user, or to any terminal server user, of the computer on which you have set share permissions. Thus, share permissions do not provide privacy between users on a computer used by several users, nor on a terminal server accessed by several users.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>By default, the Everyone group does not include the Anonymous group, so permissions applied to the Everyone group do not affect the Anonymous group.</maml:para>
</maml:listItem>
</maml:list>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para><maml:list class="unordered"><maml:listItem><maml:para><maml:navigationLink><maml:linkText>Managing Permissions</maml:linkText><maml:uri href="mshelp://windows/?id=24cb5900-6f96-4fd0-bb0c-e3456e1e5f0c"></maml:uri></maml:navigationLink></maml:para></maml:listItem></maml:list></maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Access Control Overview</maml:title><maml:introduction>
<maml:para>Access control is the process of authorizing users, groups, and computers to access objects on the network or computer. </maml:para>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction><maml:para>To understand and manage access control, you need to understand the relationship between:</maml:para>
<maml:list class="unordered"><maml:listItem><maml:para>Objects (files, printers, and other resources)</maml:para></maml:listItem><maml:listItem><maml:para>Access tokens</maml:para></maml:listItem><maml:listItem><maml:para>Access control lists (ACLs) and access control entries (ACEs)</maml:para></maml:listItem><maml:listItem><maml:para>Subjects (users or applications)</maml:para></maml:listItem><maml:listItem><maml:para>The operating system</maml:para></maml:listItem><maml:listItem><maml:para>Permissions</maml:para></maml:listItem><maml:listItem><maml:para>User rights and privileges</maml:para></maml:listItem></maml:list><maml:para>Before a subject can gain access to an object, the subject must identify itself to the security subsystem for the operating system. This identity is contained within an access token that is re-created every time a subject logs on. Before allowing the subject to access an object, the operating system checks to determine whether the access token for the subject is authorized to access the object and complete the desired task. It does this by comparing information in the access token with access control entries (ACEs) for the object.</maml:para>
<maml:para>ACEs can allow or deny a number of different behaviors, depending on the type of object. For example, options on a file object can include Read, Write, and Execute. On a printer, the ACEs that are available include Print, Manage printers, and Manage documents.</maml:para><maml:para>Individual ACEs for an object are combined in an access control list (ACL). The security subsystem checks the object's ACL for ACEs that apply to the user and the groups that the user belongs to. It steps through each ACE until it finds one that either allows or denies access to the user or one of the user's groups, or until there are no more ACEs to check. If it comes to the end of the ACL and the desired access is still not explicitly allowed or denied, the security subsystem denies access to the object.</maml:para></maml:introduction></maml:section><maml:section>
<maml:title>Permissions</maml:title><maml:introduction>
<maml:para>Permissions define the type of access granted to a user or group for an object or object property. For example, the Finance group can be granted Read and Write permissions for a file named Payroll.dat. </maml:para>
<maml:para>Using the access control user interface, you can set NTFS permissions for objects such as files, Active Directory objects, registry objects, or system objects such as processes. Permissions can be granted to any user, group, or computer. It is a good practice to assign permissions to groups because it improves system performance when verifying access to an object.</maml:para>
<maml:para>For any object, you can grant permissions to:</maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>Groups, users, and other objects with security identifiers in the domain.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Groups and users in that domain and any trusted domains.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Local groups and users on the computer where the object resides.</maml:para>
</maml:listItem>
</maml:list>
<maml:para>The permissions attached to an object depend on the type of object. For example, the permissions that can be attached to a file are different from those that can be attached to a registry key. Some permissions, however, are common to most types of objects. These common permissions are:</maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>Read </maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Modify </maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Change owner</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Delete</maml:para>
</maml:listItem>
</maml:list>
<maml:para>When you set permissions, you specify the level of access for groups and users. For example, you can let one user read the contents of a file, let another user make changes to the file, and prevent all other users from accessing the file. You can set similar permissions on printers so that certain users can configure the printer and other users can only print.</maml:para>
<maml:para>When you need to change the permissions on a file, you can run Windows Explorer, right-click the file name, and click <maml:ui>Properties</maml:ui>. On the <maml:ui>Security</maml:ui> tab, you can change permissions on the file. For more information, see <maml:navigationLink><maml:linkText>Managing Permissions</maml:linkText><maml:uri href="mshelp://windows/?id=24cb5900-6f96-4fd0-bb0c-e3456e1e5f0c"></maml:uri></maml:navigationLink>.</maml:para>
<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>Another kind of permissions, called share permissions, is set on the <maml:ui>Sharing</maml:ui> tab of a folder's <maml:ui>Properties</maml:ui> page or by using the Shared Folder wizard. For more information, see <maml:navigationLink><maml:linkText>Share and NTFS Permissions on a File Server</maml:linkText><maml:uri href="mshelp://windows/?id=4e2dc3e0-7408-4d58-be7f-fbc367dd489b"></maml:uri></maml:navigationLink>.</maml:para>
</maml:alertSet>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Ownership of objects</maml:title><maml:introduction>
<maml:para>An owner is assigned to an object when that object is created. By default, the owner is the creator of the object. No matter what permissions are set on an object, the owner of the object can always change the permissions on an object. For more information, see <maml:navigationLink><maml:linkText>Managing Object Ownership</maml:linkText><maml:uri href="mshelp://windows/?id=daa22437-b34b-4418-9196-5871dfbef2f5"></maml:uri></maml:navigationLink>.</maml:para>
</maml:introduction></maml:section>
<maml:section>
<maml:title>Inheritance of permissions</maml:title><maml:introduction>
<maml:para>Inheritance allows administrators to easily assign and manage permissions. This feature automatically causes objects within a container to inherit all the inheritable permissions of that container. For example, the files within a folder, when created, inherit the permissions of the folder. Only permissions marked to be inherited will be inherited.</maml:para>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section><maml:section>
<maml:title>User rights and privileges</maml:title><maml:introduction>
<maml:para>User rights grant specific privileges and logon rights to users and groups in your computing environment. Administrators can assign specific rights to group accounts or to individual user accounts. These rights authorize users to perform specific actions, such as logging on to a system interactively or backing up files and directories.</maml:para>
<maml:para>User rights are different from permissions because user rights apply to user accounts, and permissions are attached to objects. Although user rights can apply to individual user accounts, user rights are best administered on a group account basis. There is no support in the access control user interface to grant user rights; however, user rights assignment can be administered through the Local Security Policy snap-in under <maml:ui>Local Policies\User Rights Assignment</maml:ui>. For more information, see <maml:navigationLink><maml:linkText>User Rights and Privileges</maml:linkText><maml:uri href="mshelp://windows/?id=92af2cc8-0a54-4284-9c38-eaa1364b20ec"></maml:uri></maml:navigationLink>.</maml:para>
</maml:introduction></maml:section><maml:section>
<maml:title>Object auditing</maml:title><maml:introduction>
<maml:para>With administrator's rights, you can audit users' successful or failed access to objects. You can select which object access to audit by using the access control user interface, but first you must enable the audit policy by selecting <maml:ui>Audit object access</maml:ui> under <maml:ui>Local Policy\Audit Policy\Local Policies</maml:ui> in the Local Security Policy snap-in. You can then view these security-related events in the Security log in Event Viewer.</maml:para>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para>
<maml:list class="unordered"><maml:listItem><maml:para>For more information about authorization and access control, see <maml:navigationLink><maml:linkText>Windows Security Collection</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=4565"></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?LinkId=4565).</maml:para></maml:listItem><maml:listItem><maml:para>For information about authorization strategy, see <maml:navigationLink><maml:linkText>Designing a Resource Authorization Strategy</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=4734"></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?LinkId=4734).</maml:para></maml:listItem></maml:list>
</maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Audit Policies</maml:title><maml:introduction>
<maml:para>Before you implement auditing, you must decide on an auditing policy. An auditing policy specifies categories of security-related events that you want to audit. When this version of Windows is first installed, all auditing categories are disabled. By enabling various auditing event categories, you can implement an auditing policy that suits the security needs of your organization. </maml:para>
<maml:para>The event categories that you can choose to audit are:</maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>Audit account logon events </maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Audit account management </maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Audit directory service access </maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Audit logon events </maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Audit object access </maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Audit policy change </maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Audit privilege use </maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Audit process tracking </maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Audit system events </maml:para>
</maml:listItem>
</maml:list>
<maml:para>If you choose to audit access to objects as part of your audit policy, you must enable either the audit directory service access category (for auditing objects on a domain controller), or the audit object access category (for auditing objects on a member server or workstation). Once you have enabled the object access category, you can specify the types of access you want to audit for each group or user. </maml:para>
<maml:para>To enable auditing of local objects, you must be logged on as a member of the built-in Administrators group. </maml:para>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para><maml:list class="unordered"><maml:listItem><maml:para><maml:navigationLink><maml:linkText>Managing Security Auditing</maml:linkText><maml:uri href="mshelp://windows/?id=7b0de306-9880-42ac-861e-e24a0a44398e"></maml:uri></maml:navigationLink></maml:para></maml:listItem></maml:list></maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Understanding User Account Control</maml:title><maml:introduction>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title>
<maml:introduction>
<maml:para>User Account Control (UAC) is a feature in Windows that can help prevent unauthorized changes to your computer. UAC does this by asking you for permission or an administrator password before performing actions that could potentially affect your computer's operation or change settings that affect other users. </maml:para>
<maml:para>When you see a UAC message, read it carefully, and then make sure the name of the action or program that's about to start is one that you intended to start. By verifying these actions before they start, UAC can help prevent malicious software (malware) from installing itself or making changes to your computer without permission. </maml:para>
<maml:para>When your permission or password is needed to complete a task, UAC will alert you with one of the following messages:</maml:para><maml:list class="unordered"><maml:listItem><maml:para><maml:ui>Windows needs your permission to continue.</maml:ui> A Windows function or program that can affect other users of this computer needs your permission to start. Check the name of the action to ensure that it's a function or program you want to run.</maml:para></maml:listItem><maml:listItem><maml:para><maml:ui>A program needs your permission to continue.</maml:ui> A program that's not part of Windows needs your permission to start. It has a valid digital signature indicating its name and its publisher, which helps to ensure that the program is what it claims to be. Make sure that this is a program that you intended to run.</maml:para></maml:listItem><maml:listItem><maml:para><maml:ui>An unidentified program wants access to your computer.</maml:ui> An unidentified program is one that doesn't have a valid digital signature from its publisher to ensure that the program is what it claims to be. This doesn't necessarily indicate malicious software, as many older, legitimate programs lack signatures. However, you should use extra caution and only allow this program to run if you obtained it from a trusted source, such as the original CD or a publisher's Web site.</maml:para></maml:listItem><maml:listItem><maml:para><maml:ui>This program has been blocked.</maml:ui> This is a program that your administrator has specifically blocked from running on your computer. To run this program, you must contact your administrator and ask to have the program unblocked.</maml:para></maml:listItem></maml:list></maml:introduction>
<maml:sections><maml:section>
<maml:title>Using standard user accounts</maml:title><maml:introduction>
<maml:para>We recommend that you log on to your computer with a standard user account most of the time. You can browse the Internet, send e-mail, and use a word processor, all without an administrator account. When you want to perform an administrative task, such as installing a new program or changing a setting that will affect other users, you don't have to switch to an administrator account. Windows will prompt you for permission or an administrator password before performing the task. </maml:para>
<maml:para>To help protect your computer, you can create standard user accounts for all users who share the computer. When someone who has a standard account tries to install software, Windows will ask for an administrator account's password so that software cannot be installed without your knowledge and permission.</maml:para></maml:introduction></maml:section>
<maml:section><maml:title>Using administrator accounts</maml:title><maml:introduction><maml:para>Users who log on with an administrator account may still experience UAC prompts, if Admin Approval Mode is configured in Group Policy. Admin Approval Mode helps prevent malicious software from silently installing itself without an administrator's knowledge. It also helps protect from inadvertent system-wide changes. Lastly, it can be used to enforce a higher level of compliance where administrators must actively consent or provide credentials for each administrative process.</maml:para>
<maml:alertSet class="important"><maml:title>Important </maml:title><maml:para>If Admin Approval Mode mode is configured, administrators may experience problems completing tasks from the command line. To avoid these problems, open an administrative Command Prompt window or use the Runas command-line tool to complete your task. </maml:para></maml:alertSet>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para>
<maml:list class="unordered"><maml:listItem><maml:para><maml:navigationLink><maml:linkText>Understanding and Configuring User Account Control in Windows Vista</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkID=79026"></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?LinkID=79026)</maml:para></maml:listItem>
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Runas</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=135920"></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?LinkId=135920) in the command-line tool reference</maml:para></maml:listItem></maml:list></maml:introduction></maml:section>
</maml:sections></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Advanced Security Settings Properties Page - Permissions Tab</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title>
<maml:introduction>
<maml:para>You can add additional resources, groups or users to have explicit NTFS permissions to access this object, or you can edit or remove the NTFS permissions granted to a resource, group, or user on the object. For the access limitations for each set of NTFS permissions, see <maml:navigationLink><maml:linkText>File and Folder Permissions</maml:linkText><maml:uri href="mshelp://windows/?id=d5c47d5f-271d-4863-817c-a9cef4976c47"></maml:uri></maml:navigationLink>.</maml:para>
<maml:para>Inherited permissions are those that are propagated to an object from a parent object. Inherited permissions ease the task of managing permissions and ensure consistency of permissions among all objects within a given container. For more information about the effects of inherited permissions, see <maml:navigationLink><maml:linkText>How Inheritance Affects File and Folder Permissions</maml:linkText><maml:uri href="mshelp://windows/?id=a18e704c-d945-41f1-a450-32f528ff1f42"></maml:uri></maml:navigationLink>.</maml:para>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Item</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Description</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para><maml:ui>Object name</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Names the currently selected object.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:ui>Permission entries</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Displays each permission entry for this object: </maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:ui>Type.</maml:ui> Either Allow or Deny this group or user this permission for this object.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:ui>Name.</maml:ui> Resource, user, or group.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:ui>Permission.</maml:ui> Restrictions currently applied to this object for this resource, user, or group.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:ui>Inherited from.</maml:ui> Identifies the parent object.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:ui>Apply To.</maml:ui> Identifies any descendant objects to which the permissions are also applied.</maml:para>
</maml:listItem>
</maml:list>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:ui>Include inheritable permissions from this object's parent</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>When selected, each child object will have permissions inherited from its parent object. </maml:para>
<maml:para>When cleared, the permissions applied on the parent object will no longer be applied to its child object or objects.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:ui>Replace all existing inheritable permissions on all descendants with inheritable permissions from this object</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>When selected, permissions on this parent object will replace those on its descendant objects.</maml:para>
<maml:para>When cleared, permissions on each object, whether parent or its descendant, can be unique.</maml:para>
</maml:entry></maml:row>
</maml:table>
</maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Set, View, Change, or Remove Permissions on Files and Folders</maml:title><maml:introduction>
<maml:para>When a file or folder is created, Windows assigns default permissions to that object. </maml:para>
<maml:para><maml:phrase>Modify</maml:phrase> is the minimum permission required to complete this procedure. Review the details in "Additional considerations" in this topic.</maml:para>
<maml:procedure><maml:title>To set, view, change, or remove permissions on files and folders</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Right-click the file or folder for which you want to set permissions, click <maml:ui>Properties</maml:ui>, and then click the <maml:ui>Security</maml:ui> tab.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>Edit</maml:ui> to open the <maml:ui>Permissions for <Object></maml:ui> dialog box.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Do one of the following:</maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>To set permissions for a group or user that does not appear in the <maml:ui>Group or user names</maml:ui> box, click <maml:ui>Add</maml:ui>. Type the name of the group or user you want to set permissions for, and then click <maml:ui>OK</maml:ui>.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>To change or remove permissions from an existing group or user, click the name of the group or user.</maml:para>
</maml:listItem>
</maml:list>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Do one of the following:</maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>To allow or deny a permission, in the <maml:ui>Permissions for <User or Group></maml:ui> box, select the <maml:ui>Allow</maml:ui> or <maml:ui>Deny</maml:ui> check box.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>To remove the group or user from the <maml:ui>Group or user names</maml:ui> box, click <maml:ui>Remove</maml:ui>.</maml:para>
</maml:listItem>
</maml:list>
</maml:section></maml:sections></maml:step></maml:procedure>
<maml:para><maml:phrase>Additional considerations</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>For a description of all permissions, see <maml:navigationLink><maml:linkText>Permission Entry Dialog Box</maml:linkText><maml:uri href="mshelp://windows/?id=4a9b1c9c-8649-4857-8715-b50c3ece6a87"></maml:uri></maml:navigationLink>.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Performing this procedure might require you to elevate permissions through User Account Control.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>To open Windows Explorer, click <maml:ui>Start</maml:ui>, point to <maml:ui>All Programs</maml:ui>, click <maml:ui>Accessories</maml:ui>, and then click <maml:ui>Windows Explorer</maml:ui>.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>You can set file and folder permissions only on drives formatted to use NTFS.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>To change permissions, you must be the owner or have been granted permission to do so by the owner.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Groups or users that are granted Full Control permission for a folder can delete files and subfolders within that folder, regardless of the permissions that protect the files and subfolders.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>If the check boxes under <maml:ui>Permissions for <User or Group></maml:ui> are shaded or if the <maml:ui>Remove</maml:ui> button is unavailable, the file or folder has inherited permissions from the parent folder. </maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>When adding a new user or group, by default, this user or group will have Read & Execute, List Folder Contents, and Read permissions.</maml:para>
</maml:listItem>
</maml:list>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>View Effective Permissions on Files and Folders</maml:linkText><maml:uri href="mshelp://windows/?id=72f8fa57-8cd1-46ae-923a-657a01937941"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Set, View, Change, or Remove Special Permissions</maml:linkText><maml:uri href="mshelp://windows/?id=ea0a7b99-df60-4ca6-91ee-3e39af57836f"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>File and Folder Permissions</maml:linkText><maml:uri href="mshelp://windows/?id=d5c47d5f-271d-4863-817c-a9cef4976c47"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Determine Where to Apply Permissions</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title>
<maml:introduction>
<maml:para>When you set advanced permissions on files and folders, you can use the <maml:ui>Permission Entry for <Object Name> </maml:ui>dialog box to set which descendant objects will inherit permissions. </maml:para>
<maml:para>To find this dialog box, click <maml:ui>Advanced</maml:ui> on the access control user interface. On the <maml:ui>Permissions</maml:ui> tab, click <maml:ui>Edit</maml:ui> twice. </maml:para>
<maml:para>In the <maml:ui>Permission Entry for <Object Name> </maml:ui>dialog box, the <maml:ui>Apply onto</maml:ui> box on the <maml:ui>Object</maml:ui> tab lists the locations where you can apply permissions. How these permissions are applied depends on whether you select the <maml:ui>Apply these permissions to objects and/or containers within this container only</maml:ui> check box. </maml:para>
<maml:alertSet class="important"><maml:title>Important </maml:title>
<maml:para>For Active Directory objects, not only do the specified objects in the <maml:ui>Apply onto</maml:ui> box inherit the access control entries but <maml:foreignPhrase>all</maml:foreignPhrase> child objects also receive a copy of that ACE. The child objects not specified in the <maml:ui>Apply onto</maml:ui> box do not use the ACE whose copy they receive, but if enough objects get copies of this ACE, that increased amount of data can cause serious performance problems to your network. </maml:para>
</maml:alertSet>
<maml:para>By default, this check box is cleared. See the following tables for details about how the inherited permissions are applied:</maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>When the Apply these permissions to objects and/or containers within this container only check box is cleared</maml:linkText><maml:uri href="mshelp://windows/?id=6e91ebf8-2a9a-4e49-9d75-632d56470ac0#BKMK_cleared"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>When the Apply these permissions to objects and/or containers within this container only check box is selected</maml:linkText><maml:uri href="mshelp://windows/?id=6e91ebf8-2a9a-4e49-9d75-632d56470ac0#BKMK_selected"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section address="BKMK_cleared">
<maml:title>When the Apply these permissions to objects and/or containers within this container only check box is cleared</maml:title><maml:introduction>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Apply onto</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Applies permissions to current folder</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Applies permissions to subfolders in current folder</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Applies permissions to files in current folder</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Applies permissions to all subsequent subfolders</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Applies permissions to files in all subsequent subfolders</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>This folder only</maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>This folder, subfolders, and files</maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>This folder and subfolders</maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>This folder and files</maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Subfolders and files only</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Subfolders only</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Files only</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry></maml:row>
</maml:table>
</maml:introduction></maml:section>
<maml:section address="BKMK_selected">
<maml:title>When the Apply these permissions to objects and/or containers within this container only check box is selected</maml:title><maml:introduction>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Apply onto</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Applies permissions to current folder</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Applies permissions to subfolders in current folder</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Applies permissions to files in current folder</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Applies permissions to all subsequent subfolders</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Applies permissions to files in all subsequent subfolders</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>This folder only</maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>This folder, subfolders, and files</maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>This folder and subfolders</maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>This folder and files</maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Subfolders and files only</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Subfolders only</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Files only</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry></maml:row>
</maml:table>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para>
<maml:para>For information about where to assign permissions to Active Directory objects, see <maml:navigationLink><maml:linkText>Best practices for assigning permissions on Active Directory objects</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=63971"></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?LinkId=63971).</maml:para>
<maml:para>For more information about setting permissions, see the following:</maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>File and Folder Permissions</maml:linkText><maml:uri href="mshelp://windows/?id=d5c47d5f-271d-4863-817c-a9cef4976c47"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Set, View, Change, or Remove Permissions on an Object</maml:linkText><maml:uri href="mshelp://windows/?id=a513c103-5b10-46db-a939-018b47d37f15"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>What Are Permissions?</maml:title><maml:introduction>
</maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>Permissions and security descriptors</maml:title><maml:introduction>
<maml:para>Every container and object on the network has a set of access control information attached to it. Known as a security descriptor, this information controls the type of access allowed to users and groups. The security descriptor is automatically created along with the container or object that is created. A typical example of an object with a security descriptor is a file. </maml:para>
<maml:para>Permissions are defined within an object's security descriptor. Permissions are associated with, or assigned to, specific users and groups. For example, for the file Temp.dat, the built-in Administrators group might be assigned Read, Write, and Delete permissions, while the Backup Operators group might be assigned Read and Write permissions only. </maml:para>
<maml:para>Each assignment of permissions to a user or group is represented in the system as an access control entry (ACE). The entire set of permission entries in a security descriptor is known as a permission set or access control list (ACL). Thus, for a file named Temp.dat, the permission set includes two permission entries, one for the built-in Administrators group and one for the Backup Operators group.</maml:para>
</maml:introduction></maml:section><maml:section>
<maml:title>Explicit vs. inherited permissions</maml:title><maml:introduction>
<maml:para>There are two types of permissions: explicit permissions and inherited permissions. </maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>Explicit permissions are those that are set by default on non-child objects when the object is created, or by user action on non-child, parent, or child objects.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Inherited permissions are those that are propagated to an object from a parent object. Inherited permissions ease the task of managing permissions and ensure consistency of permissions among all objects within a given container. </maml:para>
</maml:listItem>
</maml:list>
<maml:para>By default, objects within a container inherit the permissions from that container when the objects are created. For example, when you create a folder called MyFolder, all subfolders and files created within MyFolder automatically inherit the permissions from that folder. Therefore, MyFolder has explicit permissions, while all subfolders and files within it have inherited permissions.</maml:para>
<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>Inherited Deny permissions do not prevent access to an object if the object has an explicit Allow permission entry. Explicit permissions take precedence over inherited permissions, even inherited Deny permissions. </maml:para>
</maml:alertSet>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>File and Folder Permissions</maml:linkText><maml:uri href="mshelp://windows/?id=d5c47d5f-271d-4863-817c-a9cef4976c47"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Set, View, Change, or Remove Permissions on an Object</maml:linkText><maml:uri href="mshelp://windows/?id=a513c103-5b10-46db-a939-018b47d37f15"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Object Types Dialog Box</maml:title><maml:introduction>
<maml:para>You can access the <maml:ui>Object Types</maml:ui> dialog box by clicking <maml:ui>Object Types</maml:ui> in the <maml:ui>Select Users, Computers, or Groups</maml:ui> dialog box. The <maml:ui>Object Types</maml:ui> dialog box lists the available object types that you can look for. This list can include one or more of the following types of objects.</maml:para>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Object type</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Details</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para><maml:ui>Built-in security principals</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Objects that represent default built-in groups and security principals. Examples include: Administrators, System Operators, Users, Power Users, Everyone, Authenticated Users, Anonymous Logon, Guests, and System.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:ui>Computers</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Objects used to represent a computer's access to network resources.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:ui>Groups</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Objects that can have users, computers, and other groups as its members.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:ui>Users</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Objects used to allow people to access network resources.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:ui>Contacts</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Objects used to locate information about people. Contact objects cannot be assigned permissions and therefore do not have access to network resources.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:ui>Other</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Objects that can be created by applications.</maml:para>
</maml:entry></maml:row>
</maml:table>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para><maml:list class="unordered"><maml:listItem><maml:para><maml:navigationLink><maml:linkText>User Interface: Access Control</maml:linkText><maml:uri href="mshelp://windows/?id=c69245e2-2ed1-4b73-8b37-e6a15e51c176"></maml:uri></maml:navigationLink></maml:para></maml:listItem></maml:list></maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>View Effective Permissions on Files and Folders</maml:title><maml:introduction>
<maml:para>When a file or folder is created, Windows assigns default permissions to that object or the creator can assign specific permissions. </maml:para>
<maml:para><maml:phrase>Read</maml:phrase> is the minimum permission required to view effective permissions. Review the details in "Additional considerations" in this topic.</maml:para>
<maml:procedure><maml:title>To view effective permissions on files and folders</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open Windows Explorer, and then locate the file or folder for which you want to view effective permissions.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Right-click the file or folder, click <maml:ui>Properties</maml:ui>, and then click the <maml:ui>Security</maml:ui> tab.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>Advanced</maml:ui>, click the <maml:ui>Effective Permissions</maml:ui> tab, and then click <maml:ui>Select</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para> In <maml:ui>Enter the object name to select (examples)</maml:ui>, enter the name of a user or group, and then click <maml:ui>OK</maml:ui>. The selected check boxes indicate the effective permissions of the user or group for that file or folder.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
<maml:para><maml:phrase>Additional considerations</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>To open Windows Explorer, click <maml:ui>Start</maml:ui>, point to <maml:ui>All Programs</maml:ui>, click <maml:ui>Accessories</maml:ui>, and then click <maml:ui>Windows Explorer</maml:ui>.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>If the specified object grants access to the Everyone group, the Authenticated Users group, or the Local Users group, the effective rights always include those permissions, except when the specified user or group is the Anonymous group. This version of Windows does not include the Anonymous users in the Everyone group.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>The <maml:ui>Effective Permissions</maml:ui> tab shows information that is calculated from the existing permissions entries. Therefore, the information displayed on that page is read-only and does not support changing a user's permissions by selecting or clearing permission check boxes.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Permissions are set only on drives formatted to use NTFS when using the access control user interface.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Share permissions are not part of the effective permissions calculation. Access to shared folders can be denied through share permissions even when access is allowed through NTFS permissions.</maml:para>
</maml:listItem>
</maml:list>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>File and Folder Permissions</maml:linkText><maml:uri href="mshelp://windows/?id=d5c47d5f-271d-4863-817c-a9cef4976c47"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Security Settings Property Page</maml:title><maml:introduction>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title>
<maml:introduction>
<maml:para>In order to secure a computer and its resources, you must consider the rights that users will have. You can secure a computer or multiple computers by granting users or groups specific user rights. You can help secure an object, such as a file or folder, by assigning permissions to allow users or groups to perform specific actions on that object.</maml:para>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Item</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Description</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para><maml:ui>Object name</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Names the currently selected object.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:ui>Group or user names</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Displays a list of groups or users that have been granted access to this computer.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:ui>Edit</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Allows modification of security settings on this object.</maml:para>
<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>If this button is unavailable, you might not have permission to modify any security settings. However, you can view them by clicking <maml:ui>Advanced</maml:ui>.</maml:para>
</maml:alertSet>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:ui>Permissions for</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Displays a list of Allow and Deny permissions in effect for each group or user selected.</maml:para>
</maml:entry></maml:row>
</maml:table>
<maml:para></maml:para>
<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>The types of permission listed will vary depending on the type of object selected. For more information, see <maml:navigationLink><maml:linkText>Managing Permissions</maml:linkText><maml:uri href="mshelp://windows/?id=24cb5900-6f96-4fd0-bb0c-e3456e1e5f0c"></maml:uri></maml:navigationLink> and Set permissions for print servers (<maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=141450</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=141450"></maml:uri></maml:navigationLink>).</maml:para>
</maml:alertSet>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Access Control Overview</maml:linkText><maml:uri href="mshelp://windows/?id=5aba2b2a-d3a5-4a69-b408-8dca63fe2346"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Managing Security Auditing</maml:title><maml:introduction>
<maml:para>Monitoring the creation or modification of objects gives you a way to track potential security problems, helps to ensure user accountability, and provides evidence in the event of a security breach.</maml:para>
<maml:para>The most common types of events to be audited are: </maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>Access to objects, such as files and folders.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Management of user accounts and group accounts.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Users logging on to and logging off from the system.</maml:para>
</maml:listItem>
</maml:list>
<maml:para>This section contains: </maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Audit Policies</maml:linkText><maml:uri href="mshelp://windows/?id=6076bede-08b6-49ac-84fa-f357e341ad96"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Define or Modify Auditing Policy Settings for an Event Category</maml:linkText><maml:uri href="mshelp://windows/?id=c2afe41c-b845-4623-a445-be6ad0a92ab4"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Apply or Modify Auditing Policy Settings for a Local File or Folder</maml:linkText><maml:uri href="mshelp://windows/?id=33049c64-45d1-4b9e-9bed-9bd57d35a131"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>View the Security Log</maml:linkText><maml:uri href="mshelp://windows/?id=b709a6a7-632d-4a29-8f84-3d7c6971ec5f"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Select Users, Computers, or Groups Dialog Box</maml:title><maml:introduction>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Item</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Details</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para><maml:ui>Object Types</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Click to choose the types of objects that you want to select. For more information about object types, see <maml:navigationLink><maml:linkText>Object Types Dialog Box</maml:linkText><maml:uri href="mshelp://windows/?id=714fe1cc-dd0a-47f2-b86c-a593c00f8dc3"></maml:uri></maml:navigationLink>.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:ui>Locations</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Click to define the root location from which to begin your search.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:ui>Check Names</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Locates all matching or similar object names listed in the <maml:ui>Enter the object names to select</maml:ui> box by using the selected object types and directory location.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:ui>Enter the object names to select (examples)</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Provides a space for you to type the object names that you want to find. You can search for multiple objects by separating each name with a semicolon. Use one of the following syntax examples:</maml:para>
<maml:para>DisplayName (example: FirstName LastName)</maml:para>
<maml:para>ObjectName (example: Computer1)</maml:para>
<maml:para>UserName (example: User1)</maml:para>
<maml:para>ObjectName@DomainName (example: User1@Domain1)</maml:para>
<maml:para>DomainName\ObjectName (example: Domain1\User1)</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:ui>Advanced</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Click to select advanced search options. For more information about advanced search options, see <maml:navigationLink><maml:linkText>Select Users, Computers, or Groups Dialog Box - Advanced Page</maml:linkText><maml:uri href="mshelp://windows/?id=de9eb804-154e-4c4f-9d21-81f992b97562"></maml:uri></maml:navigationLink>.</maml:para>
</maml:entry></maml:row>
</maml:table>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>User Rights and Privileges</maml:title><maml:introduction>
<maml:para></maml:para>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title>
<maml:introduction>
<maml:para>User rights grant specific privileges and logon rights to users and groups in your computing environment. Administrators can assign specific rights to group accounts or to individual user accounts. These rights authorize users to perform specific actions, such as logging on to a system interactively or backing up files and directories. </maml:para>
<maml:para>To ease the task of user account administration, you should assign privileges primarily to group accounts, rather than to individual user accounts. When you assign privileges to a group account, users are automatically assigned those privileges when they become a member of that group. This method of administering privileges is far easier than assigning individual privileges to each user account when the account is created.</maml:para>
<maml:para> The following table lists and describes the privileges that can be granted to a user.</maml:para>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Privilege</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Description</maml:para>
</maml:entry><maml:entry>
<maml:para>Default setting</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Act as part of the operating system</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Allows a process to impersonate any user without authentication. The process can therefore gain access to the same local resources as that user.</maml:para>
<maml:para>Processes that require this privilege should use the Local System account, which already includes this privilege, rather than using a separate user account with this privilege specially assigned. You do not need to assign this privilege to users unless your organization uses servers running Windows 2000 or Windows NT 4.0 and uses applications that exchange passwords in plaintext.</maml:para>
</maml:entry><maml:entry>
<maml:para>Local System</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Add workstations to a domain</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Determines which groups or users can add workstations to a domain.</maml:para>
<maml:para>This user right is valid only on domain controllers. By default, any authenticated user has this right and can create up to 10 computer accounts in the domain.</maml:para>
<maml:para>Adding a computer account to the domain allows the computer to recognize accounts and groups that exist in Active Directory Domain Services (AD DS).</maml:para>
</maml:entry><maml:entry>
<maml:para>Domain controllers: Authenticated Users</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Adjust memory quotas for a process</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Determines who can change the maximum memory that can be consumed by a process. </maml:para>
<maml:para>This user right is defined in the Default Domain Controller Group Policy object (GPO) and in the local security policy of workstations and servers.</maml:para>
</maml:entry><maml:entry>
<maml:para>Administrators</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Back up files and directories</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Determines which users can bypass file and directory, registry, and other persistent object permissions for the purposes of backing up the system. </maml:para>
</maml:entry><maml:entry>
<maml:para>Administrators and Backup Operators</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Bypass traverse checking</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Determines which users can traverse directory trees even though the user may not have permissions on the traversed directory. This privilege does not allow the user to list the contents of a directory, only to traverse directories. </maml:para>
<maml:para>This user right is defined in the Default Domain Controller GPO and in the local security policy of workstations and servers.</maml:para>
</maml:entry><maml:entry>
<maml:para>Workstations and servers: Administrators, Backup Operators, Power Users, Users, and Everyone</maml:para>
<maml:para>Domain controllers: Administrators and Authenticated Users</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Change the system time</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Determines which users and groups can change the time and date on the internal clock of the computer. Users that are assigned this user right can affect the appearance of event logs. If the system time is changed, events that are logged will reflect this new time, not the actual time that the events occurred. </maml:para>
<maml:para>This user right is defined in the Default Domain Controller GPO and in the local security policy of workstations and servers.</maml:para>
</maml:entry><maml:entry>
<maml:para>Workstations and servers: Administrators and Power Users</maml:para>
<maml:para>Domain controllers: Administrators and Server Operators</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Create a pagefile</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Allows the user to create and change the size of a paging file. This is done by specifying a paging file size for a particular drive under <maml:ui>Performance Options</maml:ui> on the <maml:ui>Advanced</maml:ui> tab of <maml:ui>System properties</maml:ui>.</maml:para>
</maml:entry><maml:entry>
<maml:para>Administrators</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Create a token object</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Allows a process to create a token that it can then use to get access to any local resources when the process uses <maml:phrase>NtCreateToken()</maml:phrase> or other token-creation APIs.</maml:para>
<maml:para>Processes requiring this privilege should use the Local System account, which already includes this privilege, rather than using a separate user account with this privilege specially assigned.</maml:para>
</maml:entry><maml:entry>
<maml:para>No one</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Create global objects</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Determines which accounts can create global objects in a Terminal Services or Remote Desktop Services session. </maml:para>
</maml:entry><maml:entry>
<maml:para>Administrators and Local System</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Create permanent shared objects</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Allows a process to create a directory object in the operating system's object manager. This privilege is useful to kernel-mode components that extend the object namespace. Components that are running in kernel mode already have this privilege inherently; it is not necessary to assign them the privilege.</maml:para>
</maml:entry><maml:entry>
<maml:para>No one</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Debug programs</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Determines which users can attach a debugger to any process or to the kernel. Developers who are debugging their own applications do not need to be assigned this user right. Developers who are debugging new system components do need to be assigned this user right. This user right provides complete access to sensitive and critical operating system components.</maml:para>
</maml:entry><maml:entry>
<maml:para>Administrators and Local System</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Enable computer and user accounts to be trusted for delegation</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Determines which users can set the <maml:ui>Trusted for Delegation</maml:ui> setting on a user or computer object.</maml:para>
<maml:para>The user or object that is granted this privilege must have write access to the account control flags on the user or computer object. A server process running on a computer (or under a user context) that is trusted for delegation can access resources on another computer by using the delegated credentials of a client, as long as the account of the client does not have the <maml:ui>Account cannot be delegated</maml:ui> account control flag set. </maml:para>
<maml:para>This user right is defined in the Default Domain Controller GPO and in the local security policy of workstations and servers.</maml:para>
</maml:entry><maml:entry>
<maml:para>Domain controllers: Administrators</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Force shutdown from a remote system</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Determines which users are allowed to shut down a computer from a remote location on the network. Misuse of this user right can result in a denial of service.</maml:para>
<maml:para>This user right is defined in the Default Domain Controller GPO and in the local security policy of workstations and servers.</maml:para>
</maml:entry><maml:entry>
<maml:para>Workstations and servers: Administrators</maml:para>
<maml:para>Domain controllers: Administrators and Server Operators</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Generate security audits</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Determines which accounts can be used by a process to add entries to the security log. The security log is used to trace unauthorized system access. Misuse of this user right can result in the generation of many auditing events, potentially hiding evidence of an attack or causing a denial of service if the <maml:ui>Audit: Shut down system immediately if unable to log security audits</maml:ui> security policy setting is enabled. For more information, see <maml:navigationLink><maml:linkText>Audit: Shut down system immediately if unable to log security audits</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=136299"></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?LinkId=136299).</maml:para>
</maml:entry><maml:entry>
<maml:para>Local System</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Impersonate a client after authentication</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Determines which accounts are allowed to impersonate other accounts. </maml:para>
</maml:entry><maml:entry>
<maml:para>Administrators and Service</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Increase scheduling priority</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Determines which accounts can use a process with Write property access to another process to increase the execution priority assigned to the other process. A user with this privilege can change the scheduling priority of a process through the Task Manager user interface.</maml:para>
</maml:entry><maml:entry>
<maml:para>Administrators</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Load and unload device drivers</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Determines which users can dynamically load and unload device drivers or other code into kernel mode. This user right does not apply to Plug and Play device drivers. Because device drivers run as trusted (or highly privileged) programs,you should not assign this privilege to other users. Instead, use the <maml:phrase>StartService()</maml:phrase> API.</maml:para>
</maml:entry><maml:entry>
<maml:para>Administrators</maml:para></maml:entry>
</maml:row>
<maml:row>
<maml:entry>
<maml:para>Lock pages in memory</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Determines which accounts can use a process to keep data in physical memory, which prevents the system from paging the data to virtual memory on disk. Exercising this privilege could significantly affect system performance by decreasing the amount of available random access memory (RAM). </maml:para>
</maml:entry><maml:entry>
<maml:para>None; certain system processes have the privilege inherently</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Manage auditing and security log</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Determines which users can specify object access auditing options for individual resources, such as files, Active Directory objects, and registry keys.</maml:para>
<maml:para>This security setting does not allow a user to enable file and object access auditing. For such auditing to be enabled, the Audit object access setting in Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policies must be configured. For more information, see <maml:navigationLink><maml:linkText>Audit object access</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=136283"></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?LinkId=136283). </maml:para>
<maml:para>You can view audited events in the Security log of the Event Viewer. A user with this privilege can also view and clear the Security log.</maml:para>
</maml:entry><maml:entry>
<maml:para>Administrators</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Modify firmware environment values</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Determines who can modify firmware environment values. Firmware environment variables are settings stored in the nonvolatile RAM of non-x86-based computers. The effect of the setting depends on the processor.</maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>On x86-based computers, the only firmware environment value that can be modified by assigning this user right is the <maml:ui>Last Known Good Configuration</maml:ui> setting, which should only be modified by the system. </maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>On Itanium-based computers, boot information is stored in nonvolatile RAM. Users must be assigned this user right to run Bootcfg.exe and to change the <maml:ui>Default Operating System</maml:ui> setting on <maml:ui>Startup and Recovery</maml:ui> in <maml:ui>System properties</maml:ui>. </maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>On all computers, this user right is required to install or upgrade Windows. </maml:para>
</maml:listItem>
</maml:list>
</maml:entry><maml:entry>
<maml:para>Administrators and Local System</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Profile a single process</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Determines which users can use performance monitoring tools to monitor the performance of nonsystem processes.</maml:para>
</maml:entry><maml:entry>
<maml:para>Administrators, Power Users, and Local System</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Profile system performance</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Determines which users can use performance monitoring tools to monitor the performance of system processes.</maml:para>
</maml:entry><maml:entry>
<maml:para>Administrators and Local System</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Remove computer from docking station</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Determines whether a user can undock a portable computer from its docking station without logging on. </maml:para>
<maml:para>If this policy is enabled, the user must log on before removing the portable computer from its docking station. If this policy is disabled, the user may remove the portable computer from its docking station without logging on.</maml:para>
</maml:entry><maml:entry>
<maml:para>Disabled</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Replace a process level token</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Determines which user accounts can initiate a process to replace the default token associated with a started subprocess. </maml:para>
<maml:para>This user right is defined in the Default Domain Controller GPO and in the local security policy of workstations and servers.</maml:para>
</maml:entry><maml:entry>
<maml:para>Local Service and Network Service</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Restore files and directories</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Determines which users can bypass file, directory, registry, and other persistent objects permissions when restoring backed up files and directories and determines which users can set any valid security principal as the owner of an object.</maml:para>
<maml:para>Specifically, this user right is similar to granting the following permissions to a user or group on all files and folders on the system:</maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>Traverse Folder/Execute File</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Write</maml:para>
</maml:listItem>
</maml:list>
</maml:entry><maml:entry><maml:para>Workstations and servers: Administrators, and Backup Operators</maml:para><maml:para>Domain controllers: Administrators, Backup Operators, and Server Operators</maml:para></maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Shut down the system</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Determines which users who are logged on locally to the computer can shut down the operating system by using the <maml:ui>Shut Down</maml:ui> command. Misuse of this user right can result in a denial of service.</maml:para>
</maml:entry><maml:entry><maml:para>Workstations: Administrators, Backup Operators, Power Users, and Users</maml:para><maml:para>Servers: Administrators, Backup Operators, and Power Users</maml:para><maml:para>Domain controllers: Account Operators, Administrators, Backup Operators, Server Operators, and Print Operators</maml:para></maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Synchronize directory service data</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Determines which users and groups have the authority to synchronize all directory service data. This is also known as Active Directory synchronization.</maml:para>
</maml:entry><maml:entry>
<maml:para>None</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Take ownership of files or other objects</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Determines which users can take ownership of any securable object in the system, including Active Directory objects, files and folders, printers, registry keys, processes, and threads.</maml:para>
</maml:entry><maml:entry><maml:para>Administrators</maml:para></maml:entry></maml:row>
</maml:table>
<maml:para> Some privileges can override permissions set on an object. For example, a user logged on to a domain account as a member of the Backup Operators group has the right to perform backup operations for all domain servers. However, this requires the ability to read all files on those servers, even files on which their owners have set permissions that explicitly deny access to all users, including members of the Backup Operators group. A user right—in this case, the right to perform a backup—takes precedence over all file and directory permissions. For more information, see <maml:navigationLink><maml:linkText>Backup and Recovery</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkID=131606"></maml:uri></maml:navigationLink> (http://go.microsoft.com/fwlink/?LinkID=131606).</maml:para>
<maml:alertSet class="note"><maml:title>Note </maml:title><maml:para>At a command prompt, you can type <maml:phrase>whoami /priv</maml:phrase> to see your privileges.</maml:para></maml:alertSet>
</maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>How Inheritance Affects File and Folder Permissions</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title>
<maml:introduction>
<maml:para>After you set permissions on a parent folder, new files and subfolders that are created in the folder inherit these permissions. If you do not want new files and subfolders to inherit permissions, select <maml:ui>This folder only</maml:ui> in the <maml:ui>Apply onto</maml:ui> box when you set up special permissions for the parent folder. Special permissions are accessible through the <maml:ui>Permissions</maml:ui> tab. If you want to prevent only certain files or subfolders from inheriting permissions, right-click the file or subfolder, click <maml:ui>Properties</maml:ui>, click the <maml:ui>Security</maml:ui> tab, click <maml:ui>Advanced</maml:ui>, and then clear the <maml:ui>Include inheritable permissions from this object's parent</maml:ui> check box.</maml:para>
<maml:para>If the <maml:ui>Allow</maml:ui> or <maml:ui>Deny</maml:ui> check boxes associated with each permission appear shaded, the file or folder has inherited permissions from the parent folder. There are three ways to make changes to inherited permissions: </maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>Select the opposite permission (<maml:ui>Allow</maml:ui> or <maml:ui>Deny</maml:ui>) to override the inherited permission.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Clear the <maml:ui>Include inheritable permissions from this object's parent</maml:ui> check box. You can then make changes to the permissions or remove the user or group from the permissions list. However, the file or folder will no longer inherit permissions from the parent folder. </maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Make the changes to the parent folder, and then the file or folder will inherit these permissions. </maml:para>
</maml:listItem>
</maml:list>
<maml:para>In most cases, <maml:ui>Deny</maml:ui> overrides <maml:ui>Allow</maml:ui> unless a folder is inheriting conflicting settings from different parents. In that case, the setting inherited from the parent closest to the object in the subtree will have precedence.</maml:para>
</maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Set, View, Change, or Remove Permissions on an Object</maml:title><maml:introduction>
<maml:para>Permissions on objects can be modified or viewed by using the access control user interface.</maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Set, View, Change, or Remove Permissions on Files and Folders</maml:linkText><maml:uri href="mshelp://windows/?id=66aa4130-5b9b-433c-aacc-14d874c5fe01"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>View Effective Permissions on Files and Folders</maml:linkText><maml:uri href="mshelp://windows/?id=72f8fa57-8cd1-46ae-923a-657a01937941"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Set, View, Change, or Remove Special Permissions</maml:linkText><maml:uri href="mshelp://windows/?id=ea0a7b99-df60-4ca6-91ee-3e39af57836f"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Set Permissions on a Shared Resource</maml:linkText><maml:uri href="mshelp://windows/?id=fc747cd7-e7ca-4544-b485-3c40230d848c"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>View the Security Log</maml:title><maml:introduction>
<maml:para>The Security log records each event as defined by the audit policies you set on each object.</maml:para>
<maml:procedure><maml:title>To view the Security log</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open Event Viewer.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, open <maml:ui>Global Logs</maml:ui>, and then click <maml:ui>Security</maml:ui>. The results pane lists individual security events.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If you want to see more details about a specific event, in the results pane, double-click the event.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
<maml:para><maml:phrase>Additional considerations</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>To open Event Viewer, click <maml:ui>Start</maml:ui>, click <maml:ui>Control Panel</maml:ui>, click <maml:ui>System and Maintenance</maml:ui>, double-click <maml:ui>Administrative Tools</maml:ui>, and then double-click <maml:ui>Event Viewer</maml:ui>. </maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>If your computer is connected to a network, network policy settings might also prevent you from completing this procedure.</maml:para>
</maml:listItem>
</maml:list>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para><maml:list class="unordered"><maml:listItem><maml:para><maml:navigationLink><maml:linkText>Managing Security Auditing</maml:linkText><maml:uri href="mshelp://windows/?id=7b0de306-9880-42ac-861e-e24a0a44398e"></maml:uri></maml:navigationLink></maml:para></maml:listItem></maml:list></maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Define or Modify Auditing Policy Settings for an Event Category</maml:title><maml:introduction>
<maml:para>By defining auditing settings for specific event categories, you can create an auditing policy that suits the security needs of your organization. On member servers and workstations that are joined to a domain, auditing settings for the event categories are undefined by default. On domain controllers, auditing is turned on by default. For more information and a list of event categories, see <maml:navigationLink><maml:linkText>Audit Policies</maml:linkText><maml:uri href="mshelp://windows/?id=6076bede-08b6-49ac-84fa-f357e341ad96"></maml:uri></maml:navigationLink>.</maml:para>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title>
<maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>For your local computer</maml:linkText><maml:uri href="mshelp://windows/?id=c2afe41c-b845-4623-a445-be6ad0a92ab4#BKMK_1"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>For a domain or organizational unit, when you are on a member server or on a workstation that is joined to a domain</maml:linkText><maml:uri href="mshelp://windows/?id=c2afe41c-b845-4623-a445-be6ad0a92ab4#BKMK_2"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section address="BKMK_1"><maml:title></maml:title><maml:introduction>
<maml:para>Local <maml:phrase>Administrators</maml:phrase> is the minimum group membership required to complete this procedure. </maml:para>
<maml:procedure><maml:title>To define or modify auditing policy settings for an event category for your local computer</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open the Local Security Policy snap-in, and select <maml:ui>Local Policies</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, click <maml:ui>Audit Policy</maml:ui>.</maml:para>
<maml:para><maml:phrase>Where?</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>Security Settings/Local Policies/Audit Policy</maml:para>
</maml:listItem>
</maml:list>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the results pane, double-click an event category that you want to change the auditing policy settings for.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Do one or both of the following, and then click <maml:ui>OK</maml:ui>.</maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>To audit successful attempts, select the <maml:ui>Success </maml:ui>check box.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>To audit unsuccessful attempts, select the <maml:ui>Failure </maml:ui>check box.</maml:para>
</maml:listItem>
</maml:list>
</maml:section></maml:sections></maml:step></maml:procedure>
<maml:para><maml:phrase>Additional considerations</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>To open the Local Security Policy snap-in, click <maml:ui>Start</maml:ui>, point to <maml:ui>Administrative Tools</maml:ui>, and then click <maml:ui>Local Security Policy</maml:ui>. </maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
<maml:section address="BKMK_2"><maml:title></maml:title><maml:introduction>
<maml:para><maml:phrase>Domain Admins</maml:phrase> is the minimum group membership required to complete this procedure.</maml:para>
<maml:procedure><maml:title>To define or modify auditing policy settings for an event category for a domain or organizational unit, when you are on a member server or on a workstation that is joined to a domain</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If the Group Policy Management Console (GPMC) is not installed, open <maml:ui>Server Manager</maml:ui>, and under <maml:ui>Features Summary</maml:ui>, click <maml:ui>Add Features</maml:ui>. Select the <maml:ui>Group Policy Management </maml:ui>check box, click <maml:ui>Next</maml:ui>, and then click <maml:ui>Install</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>After the <maml:ui>Installation Results </maml:ui>page shows that the installation of the GPMC was successful, click <maml:ui>Close</maml:ui>. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>Start</maml:ui>, point to <maml:ui>Administrative Tools</maml:ui>, and then click <maml:ui>Group Policy Management</maml:ui>. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, double-click <maml:ui>Group Policy objects</maml:ui> in the forest and domain containing the <maml:ui>Default Domain Policy</maml:ui> Group Policy object (GPO) that you want to edit.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Right-click the <maml:ui>Default Domain Policy</maml:ui> GPO, and then click <maml:ui>Edit</maml:ui>. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the GPMC, go to <maml:ui>Computer Configuration</maml:ui>, <maml:ui>Windows Settings</maml:ui>, <maml:ui>Security Settings</maml:ui>, and then click <maml:ui>Audit Policy</maml:ui>. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the results pane, double-click an event category that you want to change the auditing policy settings for.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If you are defining auditing policy settings for this event category for the first time, select the <maml:ui>Define these policy settings</maml:ui> check box.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Do one or both of the following, and then click <maml:ui>OK</maml:ui>. </maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>To audit successful attempts, select the <maml:ui>Success</maml:ui> check box.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>To audit unsuccessful attempts, select the <maml:ui>Failure</maml:ui> check box.</maml:para>
</maml:listItem>
</maml:list>
</maml:section></maml:sections></maml:step></maml:procedure>
<maml:para><maml:phrase>Additional considerations</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>To open the Microsoft Management Console through the Windows interface, click <maml:ui>Start</maml:ui>, click in the <maml:ui>Start Search</maml:ui> text box, type <maml:ui>mmc</maml:ui>, and then press ENTER.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>To audit object access, enable auditing of the object access event category by following the steps above. Then, enable auditing on the specific object. </maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>After your audit policy is configured, events will be recorded in the Security log. Open the Security log to view these events.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>The default auditing policy setting for domain controllers is <maml:ui>No Auditing</maml:ui>. This means that even if auditing is enabled in the domain, the domain controllers do not inherit auditing policy locally. If you want domain auditing policy to apply to domain controllers, you must modify this policy setting.</maml:para>
</maml:listItem>
</maml:list>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para><maml:list class="unordered"><maml:listItem><maml:para><maml:navigationLink><maml:linkText>Managing Security Auditing</maml:linkText><maml:uri href="mshelp://windows/?id=7b0de306-9880-42ac-861e-e24a0a44398e"></maml:uri></maml:navigationLink></maml:para></maml:listItem></maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>User Interface: Access Control</maml:title><maml:introduction>
<maml:list class="unordered"><maml:listItem><maml:para><maml:navigationLink><maml:linkText>Security Settings Property Page</maml:linkText><maml:uri href="mshelp://windows/?id=74879417-e006-4295-9d09-f9d339305957"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Select Users, Computers, or Groups Dialog Box</maml:linkText><maml:uri href="mshelp://windows/?id=7ea10cbc-874f-4083-90e5-1b7363f8fe9f"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Object Types Dialog Box</maml:linkText><maml:uri href="mshelp://windows/?id=714fe1cc-dd0a-47f2-b86c-a593c00f8dc3"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Select Users, Computers, or Groups Dialog Box - Advanced Page</maml:linkText><maml:uri href="mshelp://windows/?id=de9eb804-154e-4c4f-9d21-81f992b97562"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Permission Entry Dialog Box</maml:linkText><maml:uri href="mshelp://windows/?id=4a9b1c9c-8649-4857-8715-b50c3ece6a87"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Advanced Security Settings Properties Page - Auditing Tab</maml:linkText><maml:uri href="mshelp://windows/?id=49645c80-bcfd-4483-a815-73047bb3d868"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Advanced Security Settings Properties Page - Owner Tab</maml:linkText><maml:uri href="mshelp://windows/?id=066cf7b1-0e68-40bb-b889-6268f1308575"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Advanced Security Settings Properties Page - Permissions Tab</maml:linkText><maml:uri href="mshelp://windows/?id=63909479-3669-48af-942d-ea29c74cfa7d"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Auditing Entry Dialog Box</maml:linkText><maml:uri href="mshelp://windows/?id=ef763292-21dc-42bb-92f7-2dc30f115fac"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>File and Folder Permissions</maml:title><maml:introduction>
<maml:para>The following table lists the access limitations for each set of special NTFS permissions.</maml:para>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Special permissions </maml:para>
</maml:entry>
<maml:entry>
<maml:para>Full Control</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Modify</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Read & Execute</maml:para>
</maml:entry>
<maml:entry>
<maml:para>List Folder Contents (folders only)</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Read</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Write</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Traverse Folder/Execute File</maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>List Folder/Read Data</maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Read Attributes</maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Read Extended Attributes</maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Create Files/Write Data</maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Create Folders/Append Data</maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Write Attributes</maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Write Extended Attributes</maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Delete Subfolders and Files</maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Delete</maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Read Permissions</maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Change Permissions</maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Take Ownership</maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Synchronize</maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry>
<maml:entry>
<maml:para>x</maml:para>
</maml:entry></maml:row>
</maml:table>
<maml:alertSet class="important"><maml:title>Important </maml:title>
<maml:para>Groups or users granted Full Control permission on a folder can delete any files in that folder regardless of the permissions protecting the file.</maml:para>
</maml:alertSet>
<maml:para><maml:phrase>Additional considerations</maml:phrase></maml:para>
<maml:list class="unordered"><maml:listItem><maml:para>Although List Folder Contents and Read & Execute appear to have the same special permissions, these permissions are inherited differently. List Folder Contents is inherited by folders but not files, and it should only appear when you view folder permissions. Read & Execute is inherited by both files and folders and is always present when you view file or folder permissions.</maml:para></maml:listItem>
<maml:listItem><maml:para>In this version of Windows, the Everyone group does not include the Anonymous Logon group by default, so permissions applied to the Everyone group do not affect the Anonymous Logon group.</maml:para></maml:listItem></maml:list>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para><maml:list class="unordered"><maml:listItem><maml:para><maml:navigationLink><maml:linkText>Managing Permissions</maml:linkText><maml:uri href="mshelp://windows/?id=24cb5900-6f96-4fd0-bb0c-e3456e1e5f0c"></maml:uri></maml:navigationLink></maml:para></maml:listItem></maml:list></maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Managing Object Ownership</maml:title><maml:introduction>
<maml:para>Every object has an owner, whether the object is in an NTFS volume or in Active Directory Domain Services (AD DS). The owner controls how permissions are set on the object and to whom permissions are granted.</maml:para>
<maml:alertSet class="important"><maml:title>Important </maml:title>
<maml:para>An administrator who needs to repair or change permissions on a file must begin by taking ownership of the file.</maml:para>
</maml:alertSet>
<maml:para>By default, the owner is the entity that created the object. The owner can always change permissions on an object, even when the owner is denied all access to the object.</maml:para>
<maml:para>Ownership can be taken by:</maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>An administrator. By default, the Administrators group is given the <maml:ui>Take ownership of files or other objects </maml:ui>user right.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Any user or group who has the Take Ownership permission on the object.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>A user who has the <maml:ui>Restore files and directories</maml:ui> user right.</maml:para>
</maml:listItem>
</maml:list>
<maml:para>Ownership can be transferred in the following ways:</maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>The current owner can grant the Take Ownership permission to another user if that user is a member of a group defined in the current owner's access token. The user must actually take ownership to complete the transfer.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>An administrator can take ownership.</maml:para>
</maml:listItem><maml:listItem><maml:para>A user who has the <maml:ui>Restore files and directories</maml:ui> user right can double-click <maml:ui>Other users and groups </maml:ui>and choose any user or group to assign ownership to. </maml:para></maml:listItem>
</maml:list>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Take Ownership of a File or Folder</maml:linkText><maml:uri href="mshelp://windows/?id=459c9959-d1d8-4b56-b1c3-a4474f728cea"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Select Users, Computers, or Groups Dialog Box - Advanced Page</maml:title><maml:introduction>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Item</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Details</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para><maml:ui>Object Types</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Click to choose the types of objects that you want to select. For more information about object types, see <maml:navigationLink><maml:linkText>Object Types Dialog Box</maml:linkText><maml:uri href="mshelp://windows/?id=714fe1cc-dd0a-47f2-b86c-a593c00f8dc3"></maml:uri></maml:navigationLink>.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:ui>Locations</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Click to define the root location from which to begin your search.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:ui>Columns</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Click to change the columns shown in the <maml:ui>Search results</maml:ui> list for this view.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:ui>Find Now</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Click to start your search. If you want to search for all objects specified in <maml:ui>Object types</maml:ui> and <maml:ui>Locations</maml:ui>, do not enter any search values, and then click <maml:ui>Find Now</maml:ui>. Note that this type of search could require significant network resources depending on the scope of the search. To minimize the impact on network resources, specify search values.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:ui>Stop</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Click to stop your search. Objects found up to the point of stopping the search will be displayed.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:ui>Name</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Lists the search variables used to find user, computer, or group names and provides a space for you to type the name of the query.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:ui>Description</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Lists the search variables used to find user, computer, or group descriptions and provides a space for you to type a description of the query.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:ui>Disabled accounts</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Specifies whether the search will include disabled accounts.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:ui>Non expiring password</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Specifies whether the search will include user accounts with non-expiring passwords.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:ui>Days since last logon</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Specifies the number of days that users within the specified query root last logged on to the domain.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:ui>Search results</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Lists the results of the search for user, computer, or group names by the columns you choose. </maml:para>
</maml:entry></maml:row><maml:row><maml:entry><maml:para><maml:ui>Columns</maml:ui></maml:para></maml:entry><maml:entry><maml:para>Allows you to add or remove types of information to be shown for your search results.</maml:para></maml:entry></maml:row>
</maml:table>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Checklist: Setting Access Controls on Objects</maml:title><maml:introduction>
<maml:para>Access control is the process of authorizing users, groups, and computers to access objects on the computer or network. You can accomplish the tasks in the following table by using the access control user interface.</maml:para>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Task</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Reference</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>View the effective permissions on and ownership of an object</maml:para>
</maml:entry>
<maml:entry>
<maml:para><maml:navigationLink><maml:linkText>View Effective Permissions on Files and Folders</maml:linkText><maml:uri href="mshelp://windows/?id=72f8fa57-8cd1-46ae-923a-657a01937941"></maml:uri></maml:navigationLink></maml:para>
<maml:para><maml:navigationLink><maml:linkText>Managing Object Ownership</maml:linkText><maml:uri href="mshelp://windows/?id=daa22437-b34b-4418-9196-5871dfbef2f5"></maml:uri></maml:navigationLink></maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Manage the permissions on an object</maml:para>
</maml:entry>
<maml:entry>
<maml:para><maml:navigationLink><maml:linkText>Managing Permissions</maml:linkText><maml:uri href="mshelp://windows/?id=24cb5900-6f96-4fd0-bb0c-e3456e1e5f0c"></maml:uri></maml:navigationLink></maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Take ownership of a file or folder </maml:para>
</maml:entry>
<maml:entry>
<maml:para><maml:navigationLink><maml:linkText>Take Ownership of a File or Folder</maml:linkText><maml:uri href="mshelp://windows/?id=459c9959-d1d8-4b56-b1c3-a4474f728cea"></maml:uri></maml:navigationLink></maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Manage the security auditing policy settings on an object</maml:para>
</maml:entry>
<maml:entry>
<maml:para><maml:navigationLink><maml:linkText>Managing Security Auditing</maml:linkText><maml:uri href="mshelp://windows/?id=7b0de306-9880-42ac-861e-e24a0a44398e"></maml:uri></maml:navigationLink></maml:para>
</maml:entry></maml:row>
</maml:table>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Set, View, Change, or Remove Special Permissions</maml:title><maml:introduction>
<maml:para>Each object has permissions associated with it that can restrict access. You can modify those special permissions to define the access on a particular object.</maml:para>
<maml:para>You must be the owner of the object or have been granted permission by the owner to complete this procedure. Review the details in "Additional considerations" in this topic.</maml:para>
<maml:procedure><maml:title>To set, view, change, or remove special permissions</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Right-click the object on which you want to set advanced or special permissions, click <maml:ui>Properties</maml:ui>, and then click the <maml:ui>Security </maml:ui>tab.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>Advanced</maml:ui>, and then click <maml:ui>Change Permissions</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the <maml:ui>Permissions</maml:ui> tab, do one of the following: </maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>Set special permissions for an additional group or user. </maml:para>
<maml:para>Click <maml:ui>Add</maml:ui>. In <maml:ui>Enter the object name to select (examples)</maml:ui>, type the name of the user or group, and then click <maml:ui>OK</maml:ui>.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>View or change special permissions for an existing group or user. </maml:para>
<maml:para>Click the name of the group or user, and then click <maml:ui>Edit</maml:ui>.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Remove an existing group or user and its special permissions. </maml:para>
<maml:para>Click the name of the group or user, and then click <maml:ui>Remove</maml:ui>. If the <maml:ui>Remove </maml:ui>button is unavailable, clear the <maml:ui>Include inheritable permissions from this object's parent </maml:ui>check box, and then click <maml:ui>Remove</maml:ui>.</maml:para>
</maml:listItem>
</maml:list><maml:alertSet class="caution"><maml:title>Caution </maml:title>
<maml:para>If you select the <maml:ui>Replace all child object permissions with inheritable permissions from this object</maml:ui> check box, then all subfolders and files will have all of their permission entries reset to those inheritable from this parent object. </maml:para>
</maml:alertSet>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Permissions</maml:ui> box, select or clear the appropriate <maml:ui>Allow </maml:ui>or <maml:ui>Deny </maml:ui>check boxes.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Apply onto </maml:ui>box, click the folders or subfolders you want these permissions to be applied to.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>To configure security so that the subfolders and files will not inherit these permissions, clear the <maml:ui>Apply these permissions to objects and/or containers within this container only</maml:ui> check box.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>OK</maml:ui>, and then, in <maml:ui>Advanced Security Settings for <ObjectName></maml:ui>, click <maml:ui>OK</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
<maml:para><maml:phrase>Additional considerations</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>Groups or users that have been granted Full Control permission for a folder can delete files and subfolders within that folder, regardless of the permissions that protect the files and subfolders.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Performing this procedure might require you to elevate permissions through User Account Control.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>To open Windows Explorer, click <maml:ui>Start</maml:ui>, point to <maml:ui>All Programs</maml:ui>, click <maml:ui>Accessories</maml:ui>, and then click <maml:ui>Windows Explorer</maml:ui>.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>The Everyone group no longer includes the Anonymous Logon permission.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>If you clear the <maml:ui>Include inheritable permissions from this object's parent</maml:ui> check box, then this file or folder will not inherit permission entries from the parent object.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>You can set NTFS permissions only on drives formatted to use NTFS.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>If the check boxes under <maml:ui>Permissions</maml:ui> are shaded, the permissions are inherited from the parent folder.</maml:para>
</maml:listItem>
</maml:list>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Determine Where to Apply Permissions</maml:linkText><maml:uri href="mshelp://windows/?id=6e91ebf8-2a9a-4e49-9d75-632d56470ac0"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>How Effective Permissions Are Determined</maml:title><maml:introduction>
<maml:para>Each object has a set of effective permissions associated with it. The <maml:ui>Effective Permissions</maml:ui> tab of the <maml:ui>Advanced Security Settings</maml:ui> property page lists the permissions that would be granted to the selected group or user based solely on the permissions granted directly through group membership. If you want to find out what permissions a user or group has on an object, you can use the <maml:navigationLink><maml:linkText>Effective Permissions Tool</maml:linkText><maml:uri href="mshelp://windows/?id=ebfa5c70-6870-4101-839c-dc20ff4ab45c#BKMK_1"></maml:uri></maml:navigationLink>.</maml:para>
</maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>Factors that are used to determine effective permissions</maml:title><maml:introduction>
<maml:para>The following are used to determine effective permissions:</maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>Global group membership</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Local group membership</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Local permissions</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Local privileges</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Universal group membership</maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section><maml:section>
<maml:title>Factors that are not used to determine effective permissions</maml:title><maml:introduction>
<maml:para>The following well-known security identifiers (SIDs) are not used to determine effective permissions:</maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>Anonymous Logon</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Batch, Creator Group</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Dialup</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Enterprise Domain Controllers</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Interactive</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Network</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Proxy</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Restricted</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Remote</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Service</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>System</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Terminal Server User</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Other Organization</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>This Organization</maml:para>
</maml:listItem>
</maml:list>
<maml:para>Also, share permissions are not part of the effective permissions calculation. Access to shares can be denied through share permissions even when access is allowed through NTFS permissions.</maml:para>
</maml:introduction></maml:section><maml:section>
<maml:title>Factors that are not used for objects that are accessed remotely</maml:title><maml:introduction>
<maml:para>The following are not used to determine effective permissions for objects that are accessed remotely:</maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>Local group membership</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Local privileges</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Share permissions</maml:para>
</maml:listItem>
</maml:list>
<maml:para>Effective permissions are based on a local evaluation of the user's group membership, user privileges, and permissions. If the resource being queried is on a remote computer, the effective permissions displayed will not include permissions granted or denied to the user through the use of a local group on the remote computer.</maml:para>
</maml:introduction></maml:section><maml:section>
<maml:title>Retrieving effective permissions</maml:title><maml:introduction>
<maml:para>Accurate retrieval of the above information requires permission to read the membership information. If the specified user or group is a domain object, you must have permission to read the object's group information about the domain. </maml:para>
<maml:alertSet class="important"><maml:title>Important </maml:title><maml:alert>When you use the <maml:ui>Effective Permissions</maml:ui> tab to determine the permissions that a user has for certain resources in a domain, the results that are displayed in the user interface may be inconsistent with the actual permissions of the user for that resource. This problem occurs when one of the following conditions is true: </maml:alert><maml:alert>To avoid this problem, always check effective permissions locally on a computer that hosts the resource, and make sure that the administrative user account used to run the tool is in the same domain as the resource.</maml:alert></maml:alertSet>
<maml:para>Here are some relevant default domain permissions:</maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>Domain administrators have permission to read membership information about all objects. </maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>Local administrators on a workstation or stand-alone server cannot read membership information for a domain user.</maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section><maml:section address="BKMK_1">
<maml:title>Effective Permissions tool</maml:title><maml:introduction>
<maml:para>If you want to find out what permissions a user or group has on an object, you can use the Effective Permissions tool. It calculates the permissions that are granted to the specified user or group. The calculation includes the permissions in effect from group membership and any permissions inherited from the parent object. It looks up all domain and local groups in which the user or group is a member.</maml:para>
<maml:para>The Everyone group will always be included, as long as the selected user or group is not a member of the Anonymous Logon group.</maml:para>
<maml:alertSet class="important"><maml:title>Important </maml:title><maml:alert>The Effective Permissions tool only produces an approximation of the permissions that a user has. The actual permissions the user has may be different because permissions can be granted or denied based on how a user logs on. This logon-specific information cannot be determined by the Effective Permissions tool if the user is not logged on; therefore, the effective permissions it displays reflect only those permissions specified by the user or group and not the permissions specified by the logon. </maml:alert><maml:alert>For example, if a user is connected to this computer through a shared folder, then the logon for that user is marked as a network logon. Permissions can be granted or denied to the Network well-known SID, which the connected user receives, so a user has different permissions when logged on locally than when logged on over a network. </maml:alert><maml:alert>For information about granting access for effective permissions, see article 331951 in the Microsoft Knowledge Base (<maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=63270</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=63270"></maml:uri></maml:navigationLink>).</maml:alert></maml:alertSet>
<maml:para>For information about using the Effective Permissions tool, see <maml:navigationLink><maml:linkText>View Effective Permissions on Files and Folders</maml:linkText><maml:uri href="mshelp://windows/?id=72f8fa57-8cd1-46ae-923a-657a01937941"></maml:uri></maml:navigationLink>.</maml:para>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Managing Permissions</maml:linkText><maml:uri href="mshelp://windows/?id=24cb5900-6f96-4fd0-bb0c-e3456e1e5f0c"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Auditing Entry Dialog Box</maml:title><maml:introduction>
<maml:para>Each object has a set of security information, or security descriptor, attached to it. Part of the security descriptor specifies the groups or users that can access an object and the types of access (permissions) that are granted to those groups or users. This part of the security descriptor is known as a discretionary access control list (DACL).</maml:para>
<maml:para>A security descriptor for an object also contains auditing information. This auditing information is known as a system access control list (SACL). More specifically, a SACL specifies the following: </maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>The group or user accounts to audit when they access the object.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>The operations to be audited for each group or user; for example, modifying a file.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>A Success or Failure attribute for each access event, based on the permissions that are granted to each group and user in the object's DACL.</maml:para>
</maml:listItem>
</maml:list>
<maml:para>You can apply auditing to an object, and any child objects can inherit the auditing. For example, if you want to audit failed access to a folder, this auditing event can be inherited by all files within the folder. </maml:para>
<maml:para>To audit files and folders, you must be logged on as a member of the Administrators group.</maml:para>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Item</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Description</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para><maml:ui>Apply onto</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>The object or all the parent and child relationships of that object. You can also apply the auditing entries to objects or containers within the container.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:ui>Access</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>The type of access permitted as listed by each individual permission.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:ui>Successful</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Apply onto this object when accessed successfully for each individual permission.</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para><maml:ui>Failed</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Apply onto this object when access fails for each individual permission.</maml:para>
</maml:entry></maml:row>
</maml:table>
<maml:para><maml:phrase>Additional references</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Audit Policies</maml:linkText><maml:uri href="mshelp://windows/?id=6076bede-08b6-49ac-84fa-f357e341ad96"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Define or Modify Auditing Policy Settings for an Event Category</maml:linkText><maml:uri href="mshelp://windows/?id=c2afe41c-b845-4623-a445-be6ad0a92ab4"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>View the Security Log</maml:linkText><maml:uri href="mshelp://windows/?id=b709a6a7-632d-4a29-8f84-3d7c6971ec5f"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Set Permissions on a Shared Resource</maml:title><maml:introduction>
<maml:para>A shared resource is a resource that is made available to network users, such as folders, files, printers, and named pipes. It can also refer to a resource on a server that is available to network users. When you share a resource, you use share permissions instead of NTFS permissions. </maml:para>
<maml:alertSet class="important"><maml:title>Important </maml:title>
<maml:para>Share permissions apply only to users who gain access to the resource over the network. They do not apply to users who log on locally, such as on a terminal server. To restrict access to objects for users who log on locally, set NTFS permissions on the <maml:ui>Security</maml:ui> tab of the object's <maml:ui>Properties</maml:ui> page. </maml:para>
</maml:alertSet>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title>
<maml:introduction>
<maml:para>There are two methods to set permissions on a shared resource, depending on the resource type.</maml:para>
<maml:procedure><maml:title>To use the File Sharing wizard to set permissions on a file or folder</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Right-click the file or folder, and then click <maml:ui>Share</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Complete the File Sharing wizard to select the user and group to share the file or folder with and to set permissions on the file or folder for each user or group.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
<maml:procedure><maml:title>To use Windows Explorer to set permissions on a resource</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open Windows Explorer.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Right-click the object, and click <maml:ui>Share</maml:ui> or <maml:ui>Properties</maml:ui>. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Click the <maml:ui>Sharing</maml:ui> tab, and then click <maml:ui>Advanced Sharing</maml:ui> to set permissions.</maml:para></maml:section></maml:sections></maml:step></maml:procedure>
<maml:para><maml:phrase>Additional considerations</maml:phrase></maml:para>
<maml:list class="unordered">
<maml:listItem>
<maml:para>To open Windows Explorer, click <maml:ui>Start</maml:ui>, point to <maml:ui>All Programs</maml:ui>, click <maml:ui>Accessories</maml:ui>, and then click <maml:ui>Windows Explorer</maml:ui>.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>You can use the File Sharing wizard to manage shared resources on both local and remote computers. With Windows Explorer and the command line, you can manage shared resources on your local computer only.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>When permissions have been assigned both to the shared resource and at the file system level, the more restrictive permission always applies.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>It is usually easier to assign permissions to groups and then add users to groups, rather than assigning identical permissions to individual users.</maml:para>
</maml:listItem>
<maml:listItem>
<maml:para>If you change permissions on special shared resources, such as ADMIN$, the default settings may be restored when the Server service is stopped and restarted or when the computer is restarted. Note that this does not apply to user-created shared resources whose share name ends in $. </maml:para>
</maml:listItem>
</maml:list><maml:para><maml:phrase>Additional references</maml:phrase></maml:para><maml:list class="unordered"><maml:listItem><maml:para><maml:navigationLink><maml:linkText>Set, View, Change, or Remove Permissions on an Object</maml:linkText><maml:uri href="mshelp://windows/?id=a513c103-5b10-46db-a939-018b47d37f15"></maml:uri></maml:navigationLink></maml:para></maml:listItem></maml:list>
</maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><?xml version="1.0" encoding="utf-8"?>
<HelpCollection Id="aclui" DTDVersion="1.0" FileVersion="" LangId="1033" Copyright="© 2005 Microsoft Corporation. All rights reserved." Title="Access Control" xmlns="http://schemas.microsoft.com/help/collection/2004/11">
<CompilerOptions CompileResult="H1S" CreateFullTextIndex="Yes" BreakerId="Microsoft.NLG.en.WordBreaker">
<IncludeFile File="aclui.H1F" />
</CompilerOptions>
<TOCDef File="aclui.H1T" Id="aclui_TOC" />
<VTopicDef File="aclui.H1V" />
<KeywordIndexDef File="aclui_AssetId.H1K" />
<KeywordIndexDef File="aclui_BestBet.H1K" />
<KeywordIndexDef File="aclui_LinkTerm.H1K" />
<KeywordIndexDef File="aclui_SubjectTerm.H1K" />
<ItemMoniker Name="!DefaultTOC" ProgId="HxDs.HxHierarchy" InitData="AnyString" />
<ItemMoniker Name="!DefaultFullTextSearch" ProgId="HxDs.HxFullTextSearch" InitData="AnyString" />
<ItemMoniker Name="!DefaultAssetIdIndex" ProgId="HxDs.HxIndex" InitData="AssetId" />
<ItemMoniker Name="!DefaultBestBetIndex" ProgId="HxDs.HxIndex" InitData="BestBet" />
<ItemMoniker Name="!DefaultAssociativeIndex" ProgId="HxDs.HxIndex" InitData="LinkTerm" />
<ItemMoniker Name="!DefaultKeywordIndex" ProgId="HxDs.HxIndex" InitData="SubjectTerm" />
</HelpCollection><?xml version="1.0" encoding="utf-8"?>
<HelpFileList xmlns="http://schemas.microsoft.com/help/filelist/2004/11">
<File Url="assets\066cf7b1-0e68-40bb-b889-6268f1308575.xml" />
<File Url="assets\2062f415-b057-4d7f-976a-aa598ff61cd7.xml" />
<File Url="assets\24cb5900-6f96-4fd0-bb0c-e3456e1e5f0c.xml" />
<File Url="assets\2cea42b8-ecb8-473c-9785-35d59350b2c6.xml" />
<File Url="assets\33049c64-45d1-4b9e-9bed-9bd57d35a131.xml" />
<File Url="assets\43111cad-938d-4a92-b67b-d45d54d827d1.xml" />
<File Url="assets\459c9959-d1d8-4b56-b1c3-a4474f728cea.xml" />
<File Url="assets\49645c80-bcfd-4483-a815-73047bb3d868.xml" />
<File Url="assets\4a9b1c9c-8649-4857-8715-b50c3ece6a87.xml" />
<File Url="assets\4e2dc3e0-7408-4d58-be7f-fbc367dd489b.xml" />
<File Url="assets\5aba2b2a-d3a5-4a69-b408-8dca63fe2346.xml" />
<File Url="assets\6076bede-08b6-49ac-84fa-f357e341ad96.xml" />
<File Url="assets\61bbaf37-c16c-4420-bc13-cac3db3b488a.xml" />
<File Url="assets\63909479-3669-48af-942d-ea29c74cfa7d.xml" />
<File Url="assets\66aa4130-5b9b-433c-aacc-14d874c5fe01.xml" />
<File Url="assets\6e91ebf8-2a9a-4e49-9d75-632d56470ac0.xml" />
<File Url="assets\6f5229e8-e1e2-4831-9317-c021a093fbf3.xml" />
<File Url="assets\714fe1cc-dd0a-47f2-b86c-a593c00f8dc3.xml" />
<File Url="assets\72f8fa57-8cd1-46ae-923a-657a01937941.xml" />
<File Url="assets\74879417-e006-4295-9d09-f9d339305957.xml" />
<File Url="assets\7b0de306-9880-42ac-861e-e24a0a44398e.xml" />
<File Url="assets\7ea10cbc-874f-4083-90e5-1b7363f8fe9f.xml" />
<File Url="assets\92af2cc8-0a54-4284-9c38-eaa1364b20ec.xml" />
<File Url="assets\a18e704c-d945-41f1-a450-32f528ff1f42.xml" />
<File Url="assets\a513c103-5b10-46db-a939-018b47d37f15.xml" />
<File Url="assets\b709a6a7-632d-4a29-8f84-3d7c6971ec5f.xml" />
<File Url="assets\c2afe41c-b845-4623-a445-be6ad0a92ab4.xml" />
<File Url="assets\c69245e2-2ed1-4b73-8b37-e6a15e51c176.xml" />
<File Url="assets\d5c47d5f-271d-4863-817c-a9cef4976c47.xml" />
<File Url="assets\daa22437-b34b-4418-9196-5871dfbef2f5.xml" />
<File Url="assets\de9eb804-154e-4c4f-9d21-81f992b97562.xml" />
<File Url="assets\e97dce40-e248-41dc-8663-01351360bfa7.xml" />
<File Url="assets\ea0a7b99-df60-4ca6-91ee-3e39af57836f.xml" />
<File Url="assets\ebfa5c70-6870-4101-839c-dc20ff4ab45c.xml" />
<File Url="assets\ef763292-21dc-42bb-92f7-2dc30f115fac.xml" />
<File Url="assets\fc747cd7-e7ca-4544-b485-3c40230d848c.xml" />
</HelpFileList><?xml version="1.0" encoding="utf-8"?>
<VTopicSet DTDVersion="1.0" xmlns="http://schemas.microsoft.com/help/vtopic/2004/11">
<Vtopic Url="assets\066cf7b1-0e68-40bb-b889-6268f1308575.xml" RLTitle="Advanced Security Settings Properties Page - Owner Tab">
<Attr Name="assetid" Value="066cf7b1-0e68-40bb-b889-6268f1308575" />
<Keyword Index="AssetId" Term="066cf7b1-0e68-40bb-b889-6268f1308575" />
<Keyword Index="AssetId" Term="066cf7b1-0e68-40bb-b889-6268f13085751033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="1784" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="zzpub_RM" Value="samans" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="066cf7b1-0e68-40bb-b889-6268f1308575" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\2062f415-b057-4d7f-976a-aa598ff61cd7.xml" RLTitle="Access Control">
<Attr Name="assetid" Value="2062f415-b057-4d7f-976a-aa598ff61cd7" />
<Keyword Index="AssetId" Term="2062f415-b057-4d7f-976a-aa598ff61cd7" />
<Keyword Index="AssetId" Term="2062f415-b057-4d7f-976a-aa598ff61cd71033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="1784" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="zzpub_RM" Value="samans" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="2062f415-b057-4d7f-976a-aa598ff61cd7" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\24cb5900-6f96-4fd0-bb0c-e3456e1e5f0c.xml" RLTitle="Managing Permissions">
<Attr Name="assetid" Value="24cb5900-6f96-4fd0-bb0c-e3456e1e5f0c" />
<Keyword Index="AssetId" Term="24cb5900-6f96-4fd0-bb0c-e3456e1e5f0c" />
<Keyword Index="AssetId" Term="24cb5900-6f96-4fd0-bb0c-e3456e1e5f0c1033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="1784" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="zzpub_RM" Value="samans" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="24cb5900-6f96-4fd0-bb0c-e3456e1e5f0c" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\2cea42b8-ecb8-473c-9785-35d59350b2c6.xml" RLTitle="Resources for Access Control">
<Attr Name="assetid" Value="2cea42b8-ecb8-473c-9785-35d59350b2c6" />
<Keyword Index="AssetId" Term="2cea42b8-ecb8-473c-9785-35d59350b2c6" />
<Keyword Index="AssetId" Term="2cea42b8-ecb8-473c-9785-35d59350b2c61033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="1784" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="zzpub_RM" Value="samans" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="2cea42b8-ecb8-473c-9785-35d59350b2c6" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\33049c64-45d1-4b9e-9bed-9bd57d35a131.xml" RLTitle="Apply or Modify Auditing Policy Settings for a Local File or Folder">
<Attr Name="assetid" Value="33049c64-45d1-4b9e-9bed-9bd57d35a131" />
<Keyword Index="AssetId" Term="33049c64-45d1-4b9e-9bed-9bd57d35a131" />
<Keyword Index="AssetId" Term="33049c64-45d1-4b9e-9bed-9bd57d35a1311033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="1784" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="zzpub_RM" Value="samans" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="33049c64-45d1-4b9e-9bed-9bd57d35a131" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\43111cad-938d-4a92-b67b-d45d54d827d1.xml" RLTitle="Inherited Permissions">
<Attr Name="assetid" Value="43111cad-938d-4a92-b67b-d45d54d827d1" />
<Keyword Index="AssetId" Term="43111cad-938d-4a92-b67b-d45d54d827d1" />
<Keyword Index="AssetId" Term="43111cad-938d-4a92-b67b-d45d54d827d11033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="1784" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="zzpub_RM" Value="samans" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="43111cad-938d-4a92-b67b-d45d54d827d1" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\459c9959-d1d8-4b56-b1c3-a4474f728cea.xml" RLTitle="Take Ownership of a File or Folder">
<Attr Name="assetid" Value="459c9959-d1d8-4b56-b1c3-a4474f728cea" />
<Keyword Index="AssetId" Term="459c9959-d1d8-4b56-b1c3-a4474f728cea" />
<Keyword Index="AssetId" Term="459c9959-d1d8-4b56-b1c3-a4474f728cea1033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="1784" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="zzpub_RM" Value="samans" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="459c9959-d1d8-4b56-b1c3-a4474f728cea" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\49645c80-bcfd-4483-a815-73047bb3d868.xml" RLTitle="Advanced Security Settings Properties Page - Auditing Tab">
<Attr Name="assetid" Value="49645c80-bcfd-4483-a815-73047bb3d868" />
<Keyword Index="AssetId" Term="49645c80-bcfd-4483-a815-73047bb3d868" />
<Keyword Index="AssetId" Term="49645c80-bcfd-4483-a815-73047bb3d8681033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="1784" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="zzpub_RM" Value="samans" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="49645c80-bcfd-4483-a815-73047bb3d868" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\4a9b1c9c-8649-4857-8715-b50c3ece6a87.xml" RLTitle="Permission Entry Dialog Box">
<Attr Name="assetid" Value="4a9b1c9c-8649-4857-8715-b50c3ece6a87" />
<Keyword Index="AssetId" Term="4a9b1c9c-8649-4857-8715-b50c3ece6a87" />
<Keyword Index="AssetId" Term="4a9b1c9c-8649-4857-8715-b50c3ece6a871033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="1784" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="zzpub_RM" Value="samans" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="4a9b1c9c-8649-4857-8715-b50c3ece6a87" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\4e2dc3e0-7408-4d58-be7f-fbc367dd489b.xml" RLTitle="Share and NTFS Permissions on a File Server">
<Attr Name="assetid" Value="4e2dc3e0-7408-4d58-be7f-fbc367dd489b" />
<Keyword Index="AssetId" Term="4e2dc3e0-7408-4d58-be7f-fbc367dd489b" />
<Keyword Index="AssetId" Term="4e2dc3e0-7408-4d58-be7f-fbc367dd489b1033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="1784" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="zzpub_RM" Value="samans" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="4e2dc3e0-7408-4d58-be7f-fbc367dd489b" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\5aba2b2a-d3a5-4a69-b408-8dca63fe2346.xml" RLTitle="Access Control Overview">
<Attr Name="assetid" Value="5aba2b2a-d3a5-4a69-b408-8dca63fe2346" />
<Keyword Index="AssetId" Term="5aba2b2a-d3a5-4a69-b408-8dca63fe2346" />
<Keyword Index="AssetId" Term="5aba2b2a-d3a5-4a69-b408-8dca63fe23461033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="1784" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="zzpub_RM" Value="samans" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="5aba2b2a-d3a5-4a69-b408-8dca63fe2346" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\6076bede-08b6-49ac-84fa-f357e341ad96.xml" RLTitle="Audit Policies">
<Attr Name="assetid" Value="6076bede-08b6-49ac-84fa-f357e341ad96" />
<Keyword Index="AssetId" Term="6076bede-08b6-49ac-84fa-f357e341ad96" />
<Keyword Index="AssetId" Term="6076bede-08b6-49ac-84fa-f357e341ad961033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="1784" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="zzpub_RM" Value="samans" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="6076bede-08b6-49ac-84fa-f357e341ad96" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\61bbaf37-c16c-4420-bc13-cac3db3b488a.xml" RLTitle="Understanding User Account Control">
<Attr Name="assetid" Value="61bbaf37-c16c-4420-bc13-cac3db3b488a" />
<Keyword Index="AssetId" Term="61bbaf37-c16c-4420-bc13-cac3db3b488a" />
<Keyword Index="AssetId" Term="61bbaf37-c16c-4420-bc13-cac3db3b488a1033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="1784" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="zzpub_RM" Value="samans" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="61bbaf37-c16c-4420-bc13-cac3db3b488a" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\63909479-3669-48af-942d-ea29c74cfa7d.xml" RLTitle="Advanced Security Settings Properties Page - Permissions Tab">
<Attr Name="assetid" Value="63909479-3669-48af-942d-ea29c74cfa7d" />
<Keyword Index="AssetId" Term="63909479-3669-48af-942d-ea29c74cfa7d" />
<Keyword Index="AssetId" Term="63909479-3669-48af-942d-ea29c74cfa7d1033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="1784" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="zzpub_RM" Value="samans" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="63909479-3669-48af-942d-ea29c74cfa7d" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\66aa4130-5b9b-433c-aacc-14d874c5fe01.xml" RLTitle="Set, View, Change, or Remove Permissions on Files and Folders">
<Attr Name="assetid" Value="66aa4130-5b9b-433c-aacc-14d874c5fe01" />
<Keyword Index="AssetId" Term="66aa4130-5b9b-433c-aacc-14d874c5fe01" />
<Keyword Index="AssetId" Term="66aa4130-5b9b-433c-aacc-14d874c5fe011033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="1784" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="zzpub_RM" Value="samans" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="66aa4130-5b9b-433c-aacc-14d874c5fe01" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\6e91ebf8-2a9a-4e49-9d75-632d56470ac0.xml" RLTitle="Determine Where to Apply Permissions">
<Attr Name="assetid" Value="6e91ebf8-2a9a-4e49-9d75-632d56470ac0" />
<Keyword Index="AssetId" Term="6e91ebf8-2a9a-4e49-9d75-632d56470ac0" />
<Keyword Index="AssetId" Term="6e91ebf8-2a9a-4e49-9d75-632d56470ac01033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="1784" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="zzpub_RM" Value="samans" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="6e91ebf8-2a9a-4e49-9d75-632d56470ac0" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\6f5229e8-e1e2-4831-9317-c021a093fbf3.xml" RLTitle="What Are Permissions?">
<Attr Name="assetid" Value="6f5229e8-e1e2-4831-9317-c021a093fbf3" />
<Keyword Index="AssetId" Term="6f5229e8-e1e2-4831-9317-c021a093fbf3" />
<Keyword Index="AssetId" Term="6f5229e8-e1e2-4831-9317-c021a093fbf31033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="1784" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="zzpub_RM" Value="samans" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="6f5229e8-e1e2-4831-9317-c021a093fbf3" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\714fe1cc-dd0a-47f2-b86c-a593c00f8dc3.xml" RLTitle="Object Types Dialog Box">
<Attr Name="assetid" Value="714fe1cc-dd0a-47f2-b86c-a593c00f8dc3" />
<Keyword Index="AssetId" Term="714fe1cc-dd0a-47f2-b86c-a593c00f8dc3" />
<Keyword Index="AssetId" Term="714fe1cc-dd0a-47f2-b86c-a593c00f8dc31033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="1784" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="zzpub_RM" Value="samans" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="714fe1cc-dd0a-47f2-b86c-a593c00f8dc3" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\72f8fa57-8cd1-46ae-923a-657a01937941.xml" RLTitle="View Effective Permissions on Files and Folders">
<Attr Name="assetid" Value="72f8fa57-8cd1-46ae-923a-657a01937941" />
<Keyword Index="AssetId" Term="72f8fa57-8cd1-46ae-923a-657a01937941" />
<Keyword Index="AssetId" Term="72f8fa57-8cd1-46ae-923a-657a019379411033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="1784" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="zzpub_RM" Value="samans" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="72f8fa57-8cd1-46ae-923a-657a01937941" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\74879417-e006-4295-9d09-f9d339305957.xml" RLTitle="Security Settings Property Page">
<Attr Name="assetid" Value="74879417-e006-4295-9d09-f9d339305957" />
<Keyword Index="AssetId" Term="74879417-e006-4295-9d09-f9d339305957" />
<Keyword Index="AssetId" Term="74879417-e006-4295-9d09-f9d3393059571033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="1784" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="zzpub_RM" Value="samans" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="74879417-e006-4295-9d09-f9d339305957" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\7b0de306-9880-42ac-861e-e24a0a44398e.xml" RLTitle="Managing Security Auditing">
<Attr Name="assetid" Value="7b0de306-9880-42ac-861e-e24a0a44398e" />
<Keyword Index="AssetId" Term="7b0de306-9880-42ac-861e-e24a0a44398e" />
<Keyword Index="AssetId" Term="7b0de306-9880-42ac-861e-e24a0a44398e1033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="1784" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="zzpub_RM" Value="samans" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="7b0de306-9880-42ac-861e-e24a0a44398e" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\7ea10cbc-874f-4083-90e5-1b7363f8fe9f.xml" RLTitle="Select Users, Computers, or Groups Dialog Box">
<Attr Name="assetid" Value="7ea10cbc-874f-4083-90e5-1b7363f8fe9f" />
<Keyword Index="AssetId" Term="7ea10cbc-874f-4083-90e5-1b7363f8fe9f" />
<Keyword Index="AssetId" Term="7ea10cbc-874f-4083-90e5-1b7363f8fe9f1033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="1784" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="zzpub_RM" Value="samans" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="7ea10cbc-874f-4083-90e5-1b7363f8fe9f" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\92af2cc8-0a54-4284-9c38-eaa1364b20ec.xml" RLTitle="User Rights and Privileges">
<Attr Name="assetid" Value="92af2cc8-0a54-4284-9c38-eaa1364b20ec" />
<Keyword Index="AssetId" Term="92af2cc8-0a54-4284-9c38-eaa1364b20ec" />
<Keyword Index="AssetId" Term="92af2cc8-0a54-4284-9c38-eaa1364b20ec1033" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERNOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISENOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDNOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="1784" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="zzpub_RM" Value="samans" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="92af2cc8-0a54-4284-9c38-eaa1364b20ec" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\a18e704c-d945-41f1-a450-32f528ff1f42.xml" RLTitle="How Inheritance Affects File and Folder Permissions">
<Attr Name="assetid" Value="a18e704c-d945-41f1-a450-32f528ff1f42" />
<Keyword Index="AssetId" Term="a18e704c-d945-41f1-a450-32f528ff1f42" />
<Keyword Index="AssetId" Term="a18e704c-d945-41f1-a450-32f528ff1f421033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERNOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISENOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDNOHVSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="1784" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="zzpub_RM" Value="samans" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="a18e704c-d945-41f1-a450-32f528ff1f42" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\a513c103-5b10-46db-a939-018b47d37f15.xml" RLTitle="Set, View, Change, or Remove Permissions on an Object">
<Attr Name="assetid" Value="a513c103-5b10-46db-a939-018b47d37f15" />
<Keyword Index="AssetId" Term="a513c103-5b10-46db-a939-018b47d37f15" />
<Keyword Index="AssetId" Term="a513c103-5b10-46db-a939-018b47d37f151033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="1784" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="zzpub_RM" Value="samans" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="a513c103-5b10-46db-a939-018b47d37f15" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\b709a6a7-632d-4a29-8f84-3d7c6971ec5f.xml" RLTitle="View the Security Log">
<Attr Name="assetid" Value="b709a6a7-632d-4a29-8f84-3d7c6971ec5f" />
<Keyword Index="AssetId" Term="b709a6a7-632d-4a29-8f84-3d7c6971ec5f" />
<Keyword Index="AssetId" Term="b709a6a7-632d-4a29-8f84-3d7c6971ec5f1033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="1784" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="zzpub_RM" Value="samans" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="b709a6a7-632d-4a29-8f84-3d7c6971ec5f" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\c2afe41c-b845-4623-a445-be6ad0a92ab4.xml" RLTitle="Define or Modify Auditing Policy Settings for an Event Category">
<Attr Name="assetid" Value="c2afe41c-b845-4623-a445-be6ad0a92ab4" />
<Keyword Index="AssetId" Term="c2afe41c-b845-4623-a445-be6ad0a92ab4" />
<Keyword Index="AssetId" Term="c2afe41c-b845-4623-a445-be6ad0a92ab41033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="1784" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="zzpub_RM" Value="samans" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="c2afe41c-b845-4623-a445-be6ad0a92ab4" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\c69245e2-2ed1-4b73-8b37-e6a15e51c176.xml" RLTitle="User Interface: Access Control">
<Attr Name="assetid" Value="c69245e2-2ed1-4b73-8b37-e6a15e51c176" />
<Keyword Index="AssetId" Term="c69245e2-2ed1-4b73-8b37-e6a15e51c176" />
<Keyword Index="AssetId" Term="c69245e2-2ed1-4b73-8b37-e6a15e51c1761033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="1784" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="zzpub_RM" Value="samans" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="c69245e2-2ed1-4b73-8b37-e6a15e51c176" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\d5c47d5f-271d-4863-817c-a9cef4976c47.xml" RLTitle="File and Folder Permissions">
<Attr Name="assetid" Value="d5c47d5f-271d-4863-817c-a9cef4976c47" />
<Keyword Index="AssetId" Term="d5c47d5f-271d-4863-817c-a9cef4976c47" />
<Keyword Index="AssetId" Term="d5c47d5f-271d-4863-817c-a9cef4976c471033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="1784" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="zzpub_RM" Value="samans" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="d5c47d5f-271d-4863-817c-a9cef4976c47" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\daa22437-b34b-4418-9196-5871dfbef2f5.xml" RLTitle="Managing Object Ownership">
<Attr Name="assetid" Value="daa22437-b34b-4418-9196-5871dfbef2f5" />
<Keyword Index="AssetId" Term="daa22437-b34b-4418-9196-5871dfbef2f5" />
<Keyword Index="AssetId" Term="daa22437-b34b-4418-9196-5871dfbef2f51033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="1784" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="zzpub_RM" Value="samans" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="daa22437-b34b-4418-9196-5871dfbef2f5" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\de9eb804-154e-4c4f-9d21-81f992b97562.xml" RLTitle="Select Users, Computers, or Groups Dialog Box - Advanced Page">
<Attr Name="assetid" Value="de9eb804-154e-4c4f-9d21-81f992b97562" />
<Keyword Index="AssetId" Term="de9eb804-154e-4c4f-9d21-81f992b97562" />
<Keyword Index="AssetId" Term="de9eb804-154e-4c4f-9d21-81f992b975621033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="1784" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="zzpub_RM" Value="samans" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="de9eb804-154e-4c4f-9d21-81f992b97562" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\e97dce40-e248-41dc-8663-01351360bfa7.xml" RLTitle="Checklist: Setting Access Controls on Objects">
<Attr Name="assetid" Value="e97dce40-e248-41dc-8663-01351360bfa7" />
<Keyword Index="AssetId" Term="e97dce40-e248-41dc-8663-01351360bfa7" />
<Keyword Index="AssetId" Term="e97dce40-e248-41dc-8663-01351360bfa71033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="1784" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="zzpub_RM" Value="samans" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="e97dce40-e248-41dc-8663-01351360bfa7" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\ea0a7b99-df60-4ca6-91ee-3e39af57836f.xml" RLTitle="Set, View, Change, or Remove Special Permissions">
<Attr Name="assetid" Value="ea0a7b99-df60-4ca6-91ee-3e39af57836f" />
<Keyword Index="AssetId" Term="ea0a7b99-df60-4ca6-91ee-3e39af57836f" />
<Keyword Index="AssetId" Term="ea0a7b99-df60-4ca6-91ee-3e39af57836f1033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="1784" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="zzpub_RM" Value="samans" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="ea0a7b99-df60-4ca6-91ee-3e39af57836f" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\ebfa5c70-6870-4101-839c-dc20ff4ab45c.xml" RLTitle="How Effective Permissions Are Determined">
<Attr Name="assetid" Value="ebfa5c70-6870-4101-839c-dc20ff4ab45c" />
<Keyword Index="AssetId" Term="ebfa5c70-6870-4101-839c-dc20ff4ab45c" />
<Keyword Index="AssetId" Term="ebfa5c70-6870-4101-839c-dc20ff4ab45c1033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="1784" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="zzpub_RM" Value="samans" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="ebfa5c70-6870-4101-839c-dc20ff4ab45c" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\ef763292-21dc-42bb-92f7-2dc30f115fac.xml" RLTitle="Auditing Entry Dialog Box">
<Attr Name="assetid" Value="ef763292-21dc-42bb-92f7-2dc30f115fac" />
<Keyword Index="AssetId" Term="ef763292-21dc-42bb-92f7-2dc30f115fac" />
<Keyword Index="AssetId" Term="ef763292-21dc-42bb-92f7-2dc30f115fac1033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="1784" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="zzpub_RM" Value="samans" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="ef763292-21dc-42bb-92f7-2dc30f115fac" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
<Vtopic Url="assets\fc747cd7-e7ca-4544-b485-3c40230d848c.xml" RLTitle="Set Permissions on a Shared Resource">
<Attr Name="assetid" Value="fc747cd7-e7ca-4544-b485-3c40230d848c" />
<Keyword Index="AssetId" Term="fc747cd7-e7ca-4544-b485-3c40230d848c" />
<Keyword Index="AssetId" Term="fc747cd7-e7ca-4544-b485-3c40230d848c1033" />
<Attr Name="appliesToProduct" Value="Windows 7" />
<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
<Attr Name="appliesToSite" Value="BWCOnly" />
<Attr Name="CommunityContent" Value="1" />
<Attr Name="WillHaveMamlFeed" Value="True" />
<Attr Name="zzpub_assetBug" Value="1784" />
<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
<Attr Name="zzpub_MTPSVersion" Value="11" />
<Attr Name="zzpub_RM" Value="samans" />
<Attr Name="Locale" Value="kbEnglish" />
<Attr Name="AssetID" Value="fc747cd7-e7ca-4544-b485-3c40230d848c" />
<Attr Name="TopicType" Value="kbArticle" />
</Vtopic>
</VTopicSet><?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE HelpTOC>
<HelpTOC xmlns="http://schemas.microsoft.com/help/toc/2004/11" DTDVersion="1.0" Id="aclui_TOC" FileVersion="" LangId="1033" ParentNodeIcon="Book" PluginStyle="Hierarchical">
<HelpTOCNode Url="mshelp://windows/?tocid=3d34c452-1a34-4bb2-b7d6-8c1057ba3cc1" Title="">
<HelpTOCNode Url="mshelp://windows/?id=2062f415-b057-4d7f-976a-aa598ff61cd7" Title="Access Control">
<HelpTOCNode Url="mshelp://windows/?id=5aba2b2a-d3a5-4a69-b408-8dca63fe2346" Title="Access Control Overview" />
<HelpTOCNode Url="mshelp://windows/?id=e97dce40-e248-41dc-8663-01351360bfa7" Title="Checklist: Setting Access Controls on Objects" />
<HelpTOCNode Url="mshelp://windows/?id=24cb5900-6f96-4fd0-bb0c-e3456e1e5f0c" Title="Managing Permissions">
<HelpTOCNode Url="mshelp://windows/?id=6f5229e8-e1e2-4831-9317-c021a093fbf3" Title="What Are Permissions?" />
<HelpTOCNode Url="mshelp://windows/?id=d5c47d5f-271d-4863-817c-a9cef4976c47" Title="File and Folder Permissions" />
<HelpTOCNode Url="mshelp://windows/?id=4e2dc3e0-7408-4d58-be7f-fbc367dd489b" Title="Share and NTFS Permissions on a File Server" />
<HelpTOCNode Url="mshelp://windows/?id=43111cad-938d-4a92-b67b-d45d54d827d1" Title="Inherited Permissions" />
<HelpTOCNode Url="mshelp://windows/?id=ebfa5c70-6870-4101-839c-dc20ff4ab45c" Title="How Effective Permissions Are Determined" />
<HelpTOCNode Url="mshelp://windows/?id=6e91ebf8-2a9a-4e49-9d75-632d56470ac0" Title="Determine Where to Apply Permissions" />
<HelpTOCNode Url="mshelp://windows/?id=a513c103-5b10-46db-a939-018b47d37f15" Title="Set, View, Change, or Remove Permissions on an Object">
<HelpTOCNode Url="mshelp://windows/?id=66aa4130-5b9b-433c-aacc-14d874c5fe01" Title="Set, View, Change, or Remove Permissions on Files and Folders" />
<HelpTOCNode Url="mshelp://windows/?id=72f8fa57-8cd1-46ae-923a-657a01937941" Title="View Effective Permissions on Files and Folders" />
<HelpTOCNode Url="mshelp://windows/?id=ea0a7b99-df60-4ca6-91ee-3e39af57836f" Title="Set, View, Change, or Remove Special Permissions" />
<HelpTOCNode Url="mshelp://windows/?id=fc747cd7-e7ca-4544-b485-3c40230d848c" Title="Set Permissions on a Shared Resource" />
</HelpTOCNode>
</HelpTOCNode>
<HelpTOCNode Url="mshelp://windows/?id=daa22437-b34b-4418-9196-5871dfbef2f5" Title="Managing Object Ownership">
<HelpTOCNode Url="mshelp://windows/?id=459c9959-d1d8-4b56-b1c3-a4474f728cea" Title="Take Ownership of a File or Folder" />
</HelpTOCNode>
<HelpTOCNode Url="mshelp://windows/?id=7b0de306-9880-42ac-861e-e24a0a44398e" Title="Managing Security Auditing">
<HelpTOCNode Url="mshelp://windows/?id=6076bede-08b6-49ac-84fa-f357e341ad96" Title="Audit Policies" />
<HelpTOCNode Url="mshelp://windows/?id=c2afe41c-b845-4623-a445-be6ad0a92ab4" Title="Define or Modify Auditing Policy Settings for an Event Category" />
<HelpTOCNode Url="mshelp://windows/?id=33049c64-45d1-4b9e-9bed-9bd57d35a131" Title="Apply or Modify Auditing Policy Settings for a Local File or Folder" />
<HelpTOCNode Url="mshelp://windows/?id=b709a6a7-632d-4a29-8f84-3d7c6971ec5f" Title="View the Security Log" />
</HelpTOCNode>
<HelpTOCNode Url="mshelp://windows/?id=61bbaf37-c16c-4420-bc13-cac3db3b488a" Title="Understanding User Account Control" />
<HelpTOCNode Url="mshelp://windows/?id=2cea42b8-ecb8-473c-9785-35d59350b2c6" Title="Resources for Access Control" />
<HelpTOCNode Url="mshelp://windows/?id=c69245e2-2ed1-4b73-8b37-e6a15e51c176" Title="User Interface: Access Control">
<HelpTOCNode Url="mshelp://windows/?id=74879417-e006-4295-9d09-f9d339305957" Title="Security Settings Property Page" />
<HelpTOCNode Url="mshelp://windows/?id=7ea10cbc-874f-4083-90e5-1b7363f8fe9f" Title="Select Users, Computers, or Groups Dialog Box" />
<HelpTOCNode Url="mshelp://windows/?id=714fe1cc-dd0a-47f2-b86c-a593c00f8dc3" Title="Object Types Dialog Box" />
<HelpTOCNode Url="mshelp://windows/?id=de9eb804-154e-4c4f-9d21-81f992b97562" Title="Select Users, Computers, or Groups Dialog Box - Advanced Page" />
<HelpTOCNode Url="mshelp://windows/?id=4a9b1c9c-8649-4857-8715-b50c3ece6a87" Title="Permission Entry Dialog Box" />
<HelpTOCNode Url="mshelp://windows/?id=49645c80-bcfd-4483-a815-73047bb3d868" Title="Advanced Security Settings Properties Page - Auditing Tab" />
<HelpTOCNode Url="mshelp://windows/?id=066cf7b1-0e68-40bb-b889-6268f1308575" Title="Advanced Security Settings Properties Page - Owner Tab" />
<HelpTOCNode Url="mshelp://windows/?id=63909479-3669-48af-942d-ea29c74cfa7d" Title="Advanced Security Settings Properties Page - Permissions Tab" />
<HelpTOCNode Url="mshelp://windows/?id=ef763292-21dc-42bb-92f7-2dc30f115fac" Title="Auditing Entry Dialog Box" />
</HelpTOCNode>
</HelpTOCNode>
</HelpTOCNode>
</HelpTOC><?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE HelpIndex>
<HelpIndex DTDVersion="1.0" Name="AssetId" /><?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE HelpIndex>
<HelpIndex DTDVersion="1.0" Name="BestBet" /><?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE HelpIndex>
<HelpIndex DTDVersion="1.0" Name="LinkTerm" /><?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE HelpIndex>
<HelpIndex DTDVersion="1.0" Name="SubjectTerm" /> uU�P!�V�U��?({ja%JTZ*I$e$$eҦUI$EaU{�#hVwP
o{}}.l <sc)nSؼbVZĨ
U4paZ#@]\
.f(+zHv#E���H�`
o
K+|
(.XGͿ
'x۟۷8
"F[w�WT*/Z
Ǟypĸܴ5v;pܺ
[A{lwkk}ውz>kM?_1/
__#.#}Okln5xm<'^e^ b>\>x6'o?}*q^3S|q?[<+.跍[~
s3C9;Uqyx˼bή_\wōo~5S<c
7+xm+?[Gu
>=vmGm6mv/mܶmvmO?9۶'[m?w fzl~?[ot#rNr_b?w}5oU&SWve9_w#^sn|o
Ǎ߾I?62N{8W
Я~8qޯMÚ :W~m Ç]C-
\%įRz_-xڂSμ-~?f|6 k>?
k6jzʿ6zR�_x\}=
_Yw}-z$y9t}o+=]3|
q6
[5@t
tunCqnEEnȭ|#?H]%ܚ:[GB";znVl
QT
_Ri^.i
[ufskoS
<sWC ]:s<C][}D湞ѭusc6{c뾏tī{k
now%7\soZsurnis5n;ztonƭ͑][{}>v~k;W?;ko<0= ԧρ>uЅ>O=j}SGF짟zj{ҧ>uO>uO?gs{:?_|Nدgt]_6.{P^ڻg{m~q;=?;츝r^oR&{ Ե|.lmgm{ڝνfWK<}EgW/4|c] Ϻηߓ<B\BZXWj+:NZBS=\Bzιׅt5
muZo]/4Պ:^:j
MꯚjZjz
t./Փ4./Քٕ//Ֆt.]hWs'{]vvah. N;8\w"wlg;|^]|Ý
|h>w^;
{aW߷
8<㻟;c
~wǥ�
0}#
}
@C
s7l8<!1m[+Ë
͡57*Swo3
q'i_<7ۿ
?o<JYoR*'SJetOeR7S*=*S2=S*:TvJtOlR۞)R)r=S*r=*S=S*e{JTSlN)R)9R)r:TuJ||OR)r=S*:TJe|Te|JT
[LOʅlOʌN)R9wS*:TŧJf|T_OOʐ
OR')rS>S*r>*[SJe<vN)r6;TgR/)r;TVkʌN)R9S*evJOʼN)rs>S*e|JTsN)r>S*eoJRyߝS*2>*SJewN);TewJܣOR*S2>S*e}JT6|O)>S*r>*S&<TʅR S*eaJ),IcJ)r
FiFiFiFiFiFiFiFiFiFiFiFiFiFiFiFiFiFiFiFiFiFiFiFiFiFiFiFRyDCw37Cۛ7C77Cݛ36|
f|3F?oC7f)
o7CP3
^|
1n0ff3r|Do7ð34~
C70T~3
7Cf|3C
C7pfH,|3Oo!~3
(oÔ7pfNTo7ð3|
_7!ff
c2opHf3~
6o!fv^of3|
w<oaͰf3}bo7ápHf3,}
Hh!nNy_Qx^/ŋx/^x^/ŋx/^x^/ŋx/^x^/ŋx/^x^/ŋx/^x^/ŋx/^x^/ŋx/^x^/ŋx>^?e֊
ͼ='}_xwm?S_x6Du6) 曢37[ݴqխ7ayq=w,{I&W)|zo:O3w^;vlu`0
0`
`0
0`
`0
0`
`0
0`
`0
0`
`0
0`
`0
0`
`0
0`
`0
0`
`0
0`
`0
0`
.t$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$%$j111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111ab1F#Ĉ1b#Fb1F#Ĉ1b#Fb1F#Ĉ1b#Fb1F#Ĉ1b#Fb1F#Ĉ1b#Fb1F#Ĉ1b#Fb1F#Ĉ1b#Fb1F#Ĉ1b#Fb1F#Ĉ1bF?%fb?zF:s O7ԅą¸p.\
p\.
¸p.\
q͛
p\.
¸p.\
p\.
¸p¸p.\u6p.\
p\.
W=
Rgp\.
¸pN\l냮:WZp.\
p\.
¸p.\
p\.
Ȏ(;쎳>s_]vvڡd>v o>4wlGt>=w
Qw
wr<C;?}} <J�aG<#չ <@LHqpU\'~iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiqmV[[mVmV[[mVmV[[mVmV[[mVmV[[mVmV[[mVmV[[mVmV[[mVmV[[mVmV[[mVmV[[mVmV[[mVmV[[mVmV[Vθ4M4=Mpw4MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM4w
x[mVmV[[mVmV[[mVmV[յmkjjګjjګjjګjjګjjګjjګjjګjjګjjګjjګjjګjjګm\}44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44M lF7b[;qlMq;.\
gښjګjjګjjګjjګjjګjjګjjګjjګjjګjjګjjګjjګjjګjjګjjګjjګjjګjjګjjګjjګjjګjjڵwiiiiiiiiiiiiiiiiiiiiiiiu~iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiښiiiiiiiiiiiiiiiiiiiiiiiiiii{ iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiim4eM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44M>iiw= ~vO]('l;IF^]y0}ߣ?v;ǻ(ar?OHO6[~~;_Qn Y
w'v~
ޥ.-G}O
o
t_=qFC߯u(y NFu#>SrƺO.|"_;�p�wvK�]gul]pwU 3".k[
Յqt@Z*W=ϙ"C,*+w/3ٿ>KܝkA
G9x$!@PHqKIQXlZ&L,hRJLMESN*utĴM*"PWЫE[U
T!&TmPOWz\Qj7D
E$ . 8ϣׁa 1ڃl
L
ߜz_:n;s$s?ڥ](ї@z.5b rWz:꛳}"ꇯqB`oR}/F¯@Do#Vo4h�?y´C8
/gneg\ )c|i4 ,Kq;\Z
1bi2Xʡȓ]WEB&J^/Vlp
3<ݝL@炏fy
TF .kBs;nhe/Q:2ҕ_[i(uҚʤUdL#q$nQ
"=J2bvJ4"u*<R
rsڶ-]0[U̩w"
F
^!fT`Ftbkz+˹NTW_BS#
4#A=Y-ׇ?AX52_1�J0;IHh@$rڑ}\Ƶ:O_>|G&
p?p枞AF 4V0UOK,<]^xݳ.rDc/jJsQH;uH<=%NIe2gm
2#oqR3#
VP ;G<Do\*
.NhHhsu\Fo͇ƪ⓿0+8_WyPʄ>I:!'RM`
.zbs-W
?_CksʕUIZn$&
5L{
F10w`h�
<ܯkG/^~??f>>5W#"OAٶg?$5M
1$'
zd^`yYjf-۶˜l3"thĺ
N2T;D
n/ >əY^Six[՜B@DɌ$)|{^T[_o
<ڈf@eђtHj
z`=fLp;!&Fy�qjzϘa
ALK3
(U>t~Q:m`:5ϛ[.pB0q"43Ԍ*~cGUN3><C6OzKOcu!o
дG
0nڟpРVS6
1{rw>VB+]WFvr' f j{}Œ[=>ɝgfuK km{wh5wCzU r]M6y˝-V RWÈ_
:=
~f0n
3=oQy
>SAjtKh!k](=zHpv
y0PS)Ch
KIR!Nj
{`0⽣��+1# YɁykˎ-E-Qm$_`1
2
%Fwz8>N_>?>'+()"
QH:6YpnZ4
y<(9\rhHX5Mw8d,&kS"w4Zח=ĸZ%J/qK9h1ϗ?@
ML9ehGҡWs&+}\-.$
霏$'XƬDAerVߎ13<�>:lxf(�?Ӯik2b_vC�<X
64g=
JJnҲl[-3YY}
FKJ|A�j&X2Z@!<;FZpf;Ib+q
W
֡ ol}m8f$-
q>Bo7w{x
` J@g+
D[}1
&)*
lhqN\c
x
!pao.6`z6`$°DoaLX\0xAU4+d{PS<NH(
Ta8&g
@c0aSfw
l
@iEɍ:khXg($`
V
&к
L:\ewb`ZGPPWGe\#nfȠιCEIH�+IOJ?*OȰ1:$m2
O7"ގIJ!q7
z!7iSnKRo8:57 Ll(m
fJֆ`$e\4_ׄڤ'Y=e<+5g)jHL
W)0pKY
3� d{
z=^_)g^ 7MCK!;6cBQ
_ߛR[c
m6k|۠)JBwo#-OTHes+^M6|ah!
܊f/ MŨbc[d;^{CQE}t-x2yQ{=VіVU3,ԥȎX.FΝz) `6O
tWb^~((M/ |G|mVTr7MHk'ۣ~_JϷQX5J$be-
6
\_
lo L7g#M\ۮfqu'.yaPGXbHB_F5 E3Pk+e2t-VQ$X
.ۣSO
BpX[z
rt&�Q/EfjoX f4Z|##M3-@"Lj gWj3vqvUMU[k/ś�rkL n^31^LN?zkzbɜ)ܑT&Nפ/K!KZs|AVWp!O$tbN|%
u "sk1x?얉h S~䧴8_s"%@LI=xK;Y
@Sa�@
-17K$F}8
Xpj\S{@}5
Pd蚊du7G,j%^
hsp
W]rʶyXʗY+>M
$CC
qԤHto=
VZI` 2ȋ0Zzhòr)'pG"~slN
%
)`:Ӽn#uhMH}c=Oq=h1I$
`27T?2,eD
0^0A0:4)JS\]Kfkkhv+Wq>"Uj
zu75P1E^:ܨVK$[M \f74>Y
�
k
b/!fQWnA<Mn�[=PM㺒Td^-�h/
6ǂ^v6ij)`q
[yK[U
Rf=ߕ] Uk0Y&[P#�ylz}m
6yΑ⛬ƁxCL_>K?.xp)'l=,G&mƥ' ͅ^OQug}JV 6"D!:St~Ѧߖ34d
#S܉ͤPWV_`e3
A�Dٚb
.]҅HՃ'?a
\˝fU6 <cjM :ʟQV#[m
=x||i
c4i!=]F[HH5NF;}(PX5ewF0Օ<ʩ._
N?K-v~]
xC
{|4 dwxoYOZ:UGx@_u-t]
|gk_~ xk/֏0':O]v8
.}nsW;7Qfc'nQ8ni
T
#jN
Ҫ3~U伕E!pܽq]]/Գ0[cӯaC
2>=s
O
T |LSj._&ox
<5[v$|Jpk6F
~@O4S@bx
OFP
uNDW`k<hXbRAA/d%¢w?,HJi4n.'_ߕYj5ʄ
4tJw8WЉ@whэ
ٛdY%=>Mg<d܄Yjԉ(TS>
*LZz<Җɰ=##fst#si_7qv}' _6ZUGQ!Qc:T
sqU[sq~I`5PqM GȊocDZRJQmfРu ְ6ΰ]q]FE8Bkd3ĥ%MJ~p-5'$7
zSOyBm
M
,90>ޥVb,#`3mXq2m(Uu$a2Jg#
;B6,cľ'1H0կ};3L:[8DoAi<NձȾ};r5X+fĨU !gg@Ym254"OpT
h/
-/@
JqNA}®zǗm"#mϼF_\
6HJN,,׳n+DTҔkD99;p2y=1!ZkLFq8.W)6 yj'6}Ry~xo;
Ɠ{8*
B x耶fL%
EZU!XEN:
0V
.;&|CibdNb_]bŴ
Q95*vK 4q&"$xnjվO]V|`/oi@5 5(1^vFS dҐ5Sy.>iNYXtJCY Hu�'3kݣL}},_
z(j@o
>D^g4#w^y7=d+D /
J)td1۸Mos@$+jcUa(!U)Y[U3GD=_^
hzeVO!8G\ p)i L"DħA%X]LƌjKe;(^yQ)?S
Q�2Ju&rJȟZk k"}| (r_v{dOڢ`A.xNc�_a|$+i^'TЫ$
baŌYy R% ,ӊ
t$m* , %ٍ(dB6B>@?
l
N
:
&Oz@ĸ_1&9} {\|d7/]"P@36d/d?�Nb]챋.vb]v.b]챋.vb]l?��%ΐz
u
q
@a]6b.O
j^;5P:+냎EAgeFhɧJt}
vw
+t
,Cw6ПFA&
("}xs
,JGڰ
聀a0}#} %+U4[u1.2LuOv"PN#bHMZa&8rm\*CU|%bgv)]O<IFr̂ly8U>
X)̦s[6M<F
E=$~]|~exUv["0E̅z5
uE2p08[ϥ6I䛛c
l8 Z\7Bm?9jd~=
c2XI$j*b,n^RWf {�}C=[w,#Jw˺Ehs[Ds
-$ e-
)o;ن J4
KEǟchxlr亞7KwȆ<G/cP Gü'Gh-h51Yh`; .
nhIg.
N*&؉ъ6e0?ܵ)�
00RGa\OJ '2h!80X_^4
f@T6*d
r>
,@q!k/>8#m@'U$لQ )g CԉjԃE^
T[*a
zLiZZjQf5i0[eIl̅OQ[+䘯^(ÐՏ
M|{~Qtc2\q]1^e63q~ydYn
dp_wDlxeVz;O o/ё2v` ~ּ|)ħ
\˴\4]e62tji@bZ:rH
q�
M|<M=8<D[t@ϫG`<obAl
Lb(˟o?M)�dmH\z2wVfHn=mYQ_!$Z6*VZ
dKEб$FS{[�( 3cQh l|
p""kz_Yņ$ũ:.^'
~Y|0cg
JRgoY2T^@ˠ ܬz[Fz5IFR_]Z~<
%Hj+AU
%m_1֑4Պe6{5+y1
_:D*wbՊpG:9$It g
-S"^xpF
a?$Б%!}x In"
̎ _Nq2Gs\c9/||;{̯[
eúZ
NZRw
a[OVc^& !&Wʻ\❃(8dmM
4w-E1f Z�]eR8@QI.
P`.`$:4QsG_<mK�
57%
[.m03KQY ;uٶM.'|
[6km[#pr֣g͵Pb0$A-T,
PII<u <^
7Jp#CcozrZ9^k !2N&%zLb]-7,<uHBD6(2K&8|m;*
Dz%DuVS
ygH[-tb𥕱z
4ַ(?SVF[D`W⦐m$5TyYT,!ƹzXdMs}|Fd6?ctk}xF
G85c-V
(UE(@))8Թj|v$j"
.*yN1<`+t
"=Ru{ick!sB\hx ;p*
�kmܵ뱶B#|gTsU
YjضG
&O$lk[;Au
Ć&V9jE&kjaOVx;0X=$mA
pu;|:ztnx_g_)5GQQlRP,Tqs@XF 98
:2:fƵ2j.Z
7`Y%g:~D!
>
棢d`6W)'20)"h(16qpgYeUu[+F?v^
x#{Y@
š
4lFx0tٶV]+'u<EZvdTȈ\#!WoA2@w}IrDw\y)}e9&NJ3]wj]^&/pWr3g
{k{;/a(:{Aox߀09Lq0=c·�{II<F@߹�RPЈjs,NeQ(tC
1X[}
ۯ<
fUiS SwU8¡�v
ݨto
Pbek�<~\9+0J١a,昑%s*f^qkZժGE=\a]
hS&.9C
U"#QgOm4yva
}{iF-[
N *N#0 �8$vӁO*ͷ]L% |K
v"=LfNفehE玒<jo o&=ޓ[vح|[\kM
$B遈YezBJu`Rg_J
ߥliʟQ�Vfo
n/?0B"͋@wr||&n/i'A]xEWy^X6,Umq�l@Xǀ,4>
GKS^haSZ.ªkvG{F
M&*[R6`l
38
C`t9M|l
>ҽɲr{lѳum0^`f!
A$}ȬwM9
s0 pzufRQ$:m,DHcG[/6hE[TaI|D}=.6$zkz`-}e ^vvx߮thhBK}
1=
|D
"5
Vy
v4l
V
c[c:(
=О`z
~SB|
SUU
- مCtۅޓEuMra9
]1\쏁d:FEUa8_55i\u@5>{#>q_{Ap>壄1"* K2 ī CLn.
Xܷ<OCf
=(M^$p=la=S}ƅ;Kd
LcG
7E:5T!1d{8^.
vI*)Gc#hFNK4_i}ƞ�
*4 ;tD�s`*sxMF%
Vܧ;ߓC`ǔftG̳
1_aɫ}
&_Va!`hߊoV
�&i9
EhIv?ZNjWdQaeuo\-+6_%3DZvE�о)zQ
tļqjMݪ_k'p97(2=E
a
[_jE(r6htaydnx$=R/[|Dtoe**ӮX59\uSO"wi)$ 0o13YtU
j
[~G6
a-
bd=^ntHz/oK\s.N
9od&
8dK S)�0l
XFZpahe}ږ\trQaGnCqqPCL)87/IZ>&mWŁq%Xm<5kk'*!(Yс',-!@"&I�yze`x-CS/Geqsa e
(IsO/D.HOҏH1Q
&CwB{n@eRuO
hv3mټތ#%Q2usAZ-O>v
GHNC BS-.9.Mpɬ0ʇDe*DL>^sRFUT5m.\y$uƣz
DZlȏD
V]_QhĞp%4pաA)L?^
Ժ\@0vrL<
_WvǗqg7:?IKb
&0ѵ mhELJĭ;T<1Ri0ѽ_J)&9jfy&6JqKGn
-X* fWLɴE~ L C*ӥO}zfZ5fr|~meS?°I vR//ū+!ʦ6ʓ"KSCg0 v ĸKGE
0br2βxW*<<2l*9,Y"'y J70$pq0n 0@信A!:5$ZyM\l
vv`yz[ 拁`=;<GjqܩVģGBeYIGzԮ{
8DȼkJx*ɥXpTƹ0&FaKXPje2oe�0eЂb^#;d]GiU;
ھګ2 P%ǂx喋#@nNǘy"Lj7
ps`hه mq}=aF)5
'>K{V
O
%~SŕPD{YckՌ
|Dd}Kl{sN.מr}z)n'gƵ_pu_=_w0rlnfX"Ok
I. /MT VD|I~RSݴKSa4pc*oZz
Ѥm,=v<lhF
fGj4"Y8!:*_'cegqsm`@Iiu&,p"4&6{c}Oʆ0X3
Fx-Ф%G6ɳ$@nVƄUZ
Rm>?ܰ
B`A=b
x+՜0v۬0լ@ͫM ~%ƜvnDo
{rL?
֩eJw\中?@5%IHjl^,-2%c
dY Uϙ p(E~u_ʰ`Uc]"pDK(ؗD
J/{U{G'~Hk�:jDB t
]̓[S*ɊX~N jC3+HLV?AobzxL2Aa:K%QL@j
q<9
,-7UN0E%ǃ4
R㦧U<.䰘R<B.UeU
W'Y>*^4H�~'W"`KQ|ԼR𥥡Eoxvyq_/�1 \[O%3
'?\
cyS
LtccSĨj:
ڂ6?YV_Gb`W�WB^ioV4X}*/*J!HY
s@
|8JOC1d 9!Qch-vxۛg,ph͏s$侐Twޟ
ԧ伪٧}y,t.
ues�'
4Ӟ^ސvW">e83ȓAԑO9J?}R|O:(w~F5~ :7n+|I;_Oᶼ?O
hK @%8(s n}M{y
p3^
)mGy_8 �EٜX+HLz*Gؑx40k2B<G3#LZ*
]CM%Kѐ9MӴdqpks|S1Tfr28 mYC+ܷ!q
H¬>9
}q3ĖFǍjrw<N<�Uh$8
.$g@;Ȝ:g zƏ[KVorp~F^ۑ2^O03TXVx;θ>d6:UhkXb{U9;!L|ᵞ
CaKA[ڧqɕIPùIᎪ"&i˱#8QMFߊ_&;G
'ѫ8|(-G;!=ay>G
'7pwUmfA} $FkflrKP
-V�^d >ECN
|5$s1x
G~g7=#ʆݡ[
leNRX );裱a~Od-W/t
V5aEE
7N
d%M[
VHX}:l~ƚ"窃TV6irPZmM<՚*Si1/v:Mtd[іpP̉tMKICy7?dU_h(81P
a(>ecǙ qDjךvyM(xGF+{6_5Zq׆lzͶ amШ~cWp!|
*4iucľ>=7ҫȖ8y'&pUM1ʪ65BTXٕUޝ ;{
&IOCe#b"$M_gPs6؆SK
{-S
|
-j$' M.jQt;TN
!4oA_5j�bnZ^
~0SJ=y*#.z�S
zp30tm[
}5$ *iU
`k*UJFzV:
[R-\Z@eg<p�Ǹ'`Jq]`K^\,c
io+4M
y[J�c[t<b~>MQ)lKib] ;:I
@ǣüof0zKKGwv|'
,]z/)f27n0e;ȰrRx8XH}K2$y
>JCgf.u$azqRJ=H`bdzrVBL|_ y擂X<IXQkLFͥ1:
4x6e%}
n.ҪVW[Ѓ仏7mju|~/<?w,
GYykj$~if:E Y$ <0uinhz2ڒAs͋&
֗_綥lH.ۼM`dKx"|
Lq[Ga
g,s'.�vr|@}E�<9P{NJ;\Y
-%=B
N�ho7 1
*ޜ
C vQC&~}f[2v#Ol|D|RӼI
U!708]J^'3
b*L t>/}|"n
;Rl/cUR-!U23`
qH@⫢F{ ԛi
5{7HuԠi1쵓"0#V?YçnkU`:# IO1Zab5eq]6b
;
=l^C
IBt6~?TfK\Mz/)6)t1M,Ozdui](R.9eկ*v SO�P<'n
[Gidt1Iޟ#Ŝ'S>5c`-" i!}\y,
{}>;
o
=ѫ|{Uey7yu9@.X&C['
>=uaU3Vǯ>|j|:'鱪~D+6ޢ"+
lܯl-ʚRZ2`؟s}+t9@U{p8678;|n8BU$
'
:'`E&twOYWH"[ix
&չٴ_NcpN$WeÐPbgHz"
R`C|m,^rJJX
Xu~깫 SFFxZ
lM ZA2~źݽU?x^vV
^ ;bZ肿+=I [Zi6;|?SSRt6][
]+Y{g]x6>EfYtٺJdAsDvƒ
?|d{nMVػβ1/IƞhTdXaϻPj/)>_~;ZTǷ#9CDi|yqQ40M%A\ޚ]q ўdmh.]
#
MlT Ȝ'hE}n/lX$'|
/
aCÊ<ϥ%}0XGɛqEnk3�Ύj axaü\^ʧhhbeρy@|%kC._Ga8(svakk8'$_KKˣk¶y͙[>_TT*SP6QN:OM% ȭH9
rxy@s!(;�*,H
`fb|1"-?d^}5
x
/ωc?[|3hwQ5tŽa):h\0"7 B8GN6Č!ZοZ99Yk@$LZ]Gj,߂Ep9-/hJƄN(w\yIޓyzNa>v!
s~)5#Zu?ɷ͠ 9|g騲jTO o>!Bʉ'6!]{[[eVܣkC-1ƎoQy-x1kB/ZE^;!#ԢdW sQIO;#x9;$j@-5g##%¢�>Izo!QLbR >OUH
@
x=hr, 6:JK96&U6jQv
C1(ǴZ.7d_*m)9
I*m|H:p~3�)(]#X[q~|3c
ݽ*S@ŝNeb5[|sW? ŅsW*IRl8BYHSgU{%Gm
a/)cL42[[eF1Ju:h)s\;#
eGFܴUoCh)q
ZA<$9tKz2ٌI3S;Y
~摓q<>Qt
w3_urV!iŷ~;xOGcu>p
R
jC@rJ
5ءOVV#ٿ%O9#-]
FVW~;+RՍTP%)
%ȥ2cImZo@W.se4nOWϋ9LzthXE@;d}>bVr<4 *
X5u1İb J*lC5WsD*Y%hrp %Bn3gk
M7QPV
ݒ|eժ4,v\VVr29"eZa+^h7u҈=<@
n?IQ8,5^E:!
MI]tә&k~:zOi{˟VpWH5rS{hLڭ%&ÆBM%UOuڸ)n<OGibFwz)`
W<Z:F#kя~!H yC
c30
̜|zQi7I]#kukYl^A
LhjMA.NK^E*Oה
gOeЌ.ة+r횆e4xgTQmGC~
-vaRZ`ȱrD;YՐx
,TQ PMK:aUcipB"utH~/3/?Ĺ4fN
w{u7ޓRgHyiY/lwϰ<}-S
.\WoؔNSl[\w ݼƷhRHa0mA ~+=6wg
tz!FxlP/
6,
G@:1Vʰ e0g#(R)P`0v$݂o)̖[-[q
jn=B,it?
K8)�19]!&EΌ>xYW]NF
!ǴʃT!J6oLN(q=Ͱ
ՙ[iQ-LIUKdodMm=ݶfWt/p
qI8 $Ǎ:)IMxKⷂy~`atyר�*̫ :]OƫHI iI9k.X nM*t5nB!?�
|
UZj 9
\MC0i!ֱbXjCTgTZd[
fqhWylt+|Oh3"\!bҳe)[�
77_AR
OzXkoWԵl7>\hJ.*$u}//'pJnϚ/
b} KӉy|jdnCNMz
9BG
%g8R
m_xl=@ݲ#,�_TV>P|Өȋ ޙq?BHJ10
^NRĮ/ !ׁJι
yUJJ Ik
wTүP=")JWОe γXSH54;3)efek
^�h=} �kUճ[:@SϺ}K X/60UmfH0 [)fe⊓qz
6$`
C9ՆB
Fpin$:FTX?MKD7h8LnݝF'+&Б\d/j7 a"?+'h`UgOWOwlKuJo9=m_DU+PR
r-
2�zͲ̼2h?ŝ*
mPpOU h|>1 'QA~$
=mGA郤w"e$[z[ДIT8(tح wvWm<LϔRD,ͧ DaGSRL!N/L
-ăMXi3\�ftc8
qYƛcM�
1Bi
@2TLONE
_"Y;>j�#
Ql
s$@>09< S3RbRLo99E&SH)>}\~j[F4C
h{TTÁE*6lw.p�k?ذ| wt:N `ͥ
a
P(LAd^Q|Ӎ͋Z˒u:5!Lٽ
c6J
X::!Ft#ײolY㘓B2χơ
T|BҌl($I!
M 2h (&w3% T_7�P}#wPB-;<xϰJ3&? 7pξp߹_{Ԗ2o.iCI9L~#<5UPb4Zn37
`U&M"
O_C-K[|1t*bxprMpFR+a1HajgLϞHZJ(Dq-]6v"m4i.=܌)tUbv@sT8NUn
N0
1ȁ}
ܐ>wS7\߀@`xZYI6!Ȅl˶C ,P3sG!{GZh˲$J_3T>"PܘvI
?pЍn|$ O=؟(!I:l4gFcL
X3�6}2�0(m;d'@(OzҬ:�R7(>U)
h==3b:1rkHFE~B\E.m&kPI䧖d ;
107
}
ByJF43U~nM~<
Tg
yo
<P̀
dMJdYHn
.*Kx"4LLYQ
zUn4$_cVv
D>@!Ӈ}ɴ bu!'wYZˍNalF)ei|D9K%M|lqh(1g>ɤXƳWS.{
%D3?!!cqR{+3DoԴY5(^G
t
4%6hf&D>2H{xDsGu(\'/b\^gkq(*O(Rԑd*H/HF}ݜm[蹿~Z_DsHn6i-淚L[C(V7ȼVd\H9JZZnhBQ
ޫ#k<t(wu|ř# Mg ��p58y
б
ޯy\^K$
A%DG50h^m
Ns�>g
mCj)
X쟌D8F+.Up%�-bRT˃̄ݍ`3
e
Bi8A
V+�xOb~dHbOԇ7
;!hn>
mHk
@Pſu)
bR
x yd*>%<
X*;y_d
*qIݠ~Ak{{nȋ=*=FX~-YVDNo%6CѼ닪l9+-)R=4
S(DtAYu}Gn&.L3raqK3I3vlYV^iGr^%qσGa/VZyYNAQOv=.wD'�B5y&G9'UM2
On9L.oݤ;5M/.;eը5ݘߛ
5&KJ/Ik_8:Nz]UO:ht҉Q[*6`w
/-_/E-x߭6aWEGN|A
ls
۶ua
@Ws+}!l!
لe iգz
J-
⅔%\RTMHQ�Vn|PD kq
Y|~=
FB^VI5`
jB=m'- j
+%}5-rlf ]HUF汎;sg?Apv1'?i
4x%N7Ca)klEȵƮ|t'2
SjsEh~1
j@
BҏZ/Rt#\|
cS٪89rEҮ&nU+DюYiH̅O0]W!^l9'HB@^|V�(O?p>\0aZ|.x8:(-Lnp!Vz3HC~yfԔn_g6QKu0zYF
\?!k"`5]ƚEI_tҐ
D;Q
nPrƻP?1t&ekCpw^>*\P2P[pqpR!tk/ "&P>ݵzYx4xu(|Iߙ_
;KQ V
>>
ضڌTvbֲRhL>jV.
o%,ek3Y>E6S~ҢYFlGn85O4'73 e3 rtBL䨭+ H.ۮMi`kFc(Ӏ
R*U[]KrlEESBRK> b߄݆/5oRn]iHe.r}lEʆuP\A
XHx$<-
lɫK'MI6S*)c
<!Gt1ZIB[fq#.t+7`\+MK
yO&.10XuXcŎ4Ok(&gUki<:ՙN%/)ɗt
qZYΏ+?|oΦ!8 O7w/ ;I8#ٜ*5g-t#9%#lqxW܋1c/Ǫ: Jd#[o Y=KQ7�?ԥ~ D4R;O$i=#
>
9,cg˙gʼ#8g=O*Ta0hEi
mh-`P\U^d}rK9{
%锘|yg@1i N
h>$D.ڙd:L֜s-P!%u"[ҫ=H{ft?oӂoK )'\
BJlZc+울QƎ;#@im WlA$2budiws~;Z9 č܈[*漌Kǫr$ޏ(?Hfx˾U}I՜5%fbh8KZ|yJr^@ !/*D\cV,ʛ;Obq[@OxJQ# "
pi}<
kk^
xH}N=4C<
x5zOر?Q
gNo-WiS\#gKIYF Mh^!&.A{=/Hw
-Fuȁ&cGԼ+ yˤO�J
7fmXzڂ-VwJ0X^߯$sxlKP8K,cG�V<JNl�|
8�XY7#fyR~!-mV+U >0G
xb/zsd'˙JE'xSD� /y jóqCVT'}s2+2:oHM
wT
jw)5\
pJV ->ŠnkxDO
@юor <f_a͆2'ܼ^e>K
,v90M UL+H%J>0#ɚ]+ -D!�M,2zĸ3 X_pk
Q0ÁwoE+."guS e= 1)tu}3(C
^,9Dݲ
=
5'ܔ
:
BdZHopht@lh?@z
?\)ƽ-5d1'*^(s۰v'>a3iƶ?xF2D8C4ezy2u?[]n5uKkUϒj+ouR!!˼s
C
S{m#W0~?
W.@Fn ?C`ꤥ6ꘞVj*CMcU@O9Z?J56V3|#;�_t2;ŖnjaDuj߅
,^kGczv'\0;@ȼf|Ԗq' /)$ζoة'\#Эu7
|\dR!o)
[(lnUȽHGvl*N
ʒ苉$oE@ƌt2ӵyJ%lY7^TJD�.
E-lŁ.fr4q6\H{k^
Y*z
hRgSxp7qe'%rOd
`p־nn�zE"�M}丩ǒYM,#K6f5$s:0lwLs{
`²6q]
Fգ[B
%d3
pwJtB.J\ԁ*.ΛzvEgӤ5A5c1ɾszy
1?
*52!�r9δ#Sμ\t89y]}?Zhv^m`
ݠ+J
آX$nQKΑP҆UhƢD5@U*~HtkYLhØVȝ|݈I0 J2g|*Ic�",0//H2
. _
%'ܫшq�vxP%ikJK')@<.]l~#!ivVs�B)С
arECQzP
*5<Na{AOX
Вev">[mp*3ϟly>kfbU>
kzcg�9/x6܍CIn"Hа?Ҏ3 SEw>[S>SVjІmg$
|)H5~l=Kp=;X^F
5˷zB`bS`^#p/\YvH胻'3:HMR+VlG@)(8}Q>sfW
wZ
15p]/!
(L"W#BQjJvw# yF58
*z zfP֊~F6ķhd<M%,s;<J
cU#d4eT!ޚ+z^w@JH*J3jʹ0ٔ]MSbTd L)
Q'Ҕ#Sd9˶F=S }G#
v>|
UuvT"Û2t$k; ^0+,.7{lCʎP[b=o
Yh\
:yxܛ.b%.ץ;tS
A-bWڵ2#+wқX#Mǔ!E{yϬo;Y
J{~ ar_5la^yh0[_@4|pUܥs
.z jv{mAD᷄Ȥ촷~ XN>U>@hH6~ɱ*+Z Өyr>5L~|r6vh
ꦞMN#><YY NrR!kcl
&ҭ
�lf]A@q/'^ֲy~|N uR*f]*Ǭ?p;It\K-C^q`2}7&Ƒ8
Mvk= "D
\d~06;w9Nߝe(q%au7
ET7'{{�n`W,}Zx2bb^\#|N]
=q
D lsiRvgRC>I}*>skʨ\Stnz`onhUY+Y>#5
TR%
,RPhak'~VrЭx'?{kB#Ptyu֨7x
2c՚/+'hMt+#q ͩ'YdbduvKM$¥ۃ}u~9Q.+TȑꚒ
dmrO[#FI휦ƚhU%Afj0R93PcgA"PMi0
`Й2urݭB)SU3+ElsZ,,~|mivk4_sѯXjVZTŷg
Yaqa>t 4ԱȪkʨX{uksCY
Bƨ@ z73<`
Ү${Pl##GaۦAe
s5Tl)ReBjt0
>Al
UCHdZ7 YJH٦#xF%3kťZ״yczn4ai1
\KP
Tk~+?FquBVW
;ޔ
.$@D1FDXd
xz;896&7 6p--D#=&hNA�YvqHܧ(BRo Ilh8'jgE$`z(D2W
-YYlɐ*:V+LNX=8@j^6YϚ_3?L߶5؛KHØ%&
|9ijk@v#8`pZ<8|S1yM
P%R+pt6瀇?ܥ
oUMRD5
24>zյ
-K7pK>�&GK_%yLLϽX8m)ڕ3ו l^L}տZ4f~5
δ,8G8TZsB9i10rH@>Ryku=&
ʤ.2D[»Xq�x/f5
v97g7!B1fBJ
Hx�hkx
h,3VhA _߉d{&>mj&^^j^;aLhB
h'p2o]_+vGA2̲JBIgI*Z\B u3MVXf
HcU-XxpK{:wXg
j)p
^t?o~.(勣
ɞh?wqo
lJӾ L
l*.-)0\b,.a21b,ek:jL
"
I^!*dtG +o:81IQyl_6NE6dsA�ϤǸ
bu~ hͳ2x4~L(iuk6+-7TDqfHh+
]I$4
&~}Uvh,+
_ߐ|9?C*?T6rAyy
"LrAiGGJ`&Oatwl}5v(
JAMzEOן
Y٥|'1=^8c\`fD$jԴ̂:˪v#a
C^c@y3__g]t$Gctq6P4|s|D
2vB.|
+ӿOdQpn KN;I=.Gӌ�tw)͑=1
?ƎWg9yYI
zn<G.fBNH S ]
zYXyqkfRA =Vk>.B>UT
6`iH 5T$_eJB[deߦգ )ӨFE?wP߿EIwDu
K`5-,e7MQFz r�"Fe{arU:ظ>D5>3^SdCg5qxal!X 1OU
aV
ŸІQyITKN.edЏPkdUy
'ÖeN
̊Kn~dezAѣAN"�pB
Yi6T+ޣ_AdJ0@];*<ǿzk,
_I1b`@z*!
;kwNGN?b]v.b]챋.vb]п@
�k3_'uLd[MH,萗m=eݴU0qbn:
H�3LIqtFfǬ%~X,n7ԓ,'Xٔ|FP=3$YX<.H
(a|؈npΩcU*
Mu4h+j%bdЩkm>7(<J
ͳ#cMQAZRC-6ܬ#Zv0J!iUSwCfcgBضS}],
Dnl%?m8:o0H*E# w>?vRWTmKe4)A3
v@sf
v
Q4.x*, D
bZf:jygF&{7r
C,f#lV%
%=#R`LQ{
Sv1S QȦ!,!Z-fK
5DDLvA[:Ñ.QQG_W
ouҚJ桰pvi6le}Q;c5DĤ1Fķy#U(E?[pn2%ƞ
Q˺
EʌprnԀ
#κ.,^5; ۉͥqR
<S!DVKGpe-[*4<+(D-RӍVuu ԅԶ6t:QseKbjWؖyL42mNtm0~|7&ӝ۲Du2)"uV7KRK{3}
].dz
&9:=-:<l䤍8äKaPz&6UڐI55FΪ
^CoPdm&W
eyX떭.HۧG&KsTK"La!.~_@G-Oò'ZҔG!،
VUAiTyfeL(.աjUCx|PzKV;\CeAw4njc72
BN>纙]Lz
JF_#+K<jM!. -ռ1
=Bt` Uiāݪ
2)ZMFN2Fl
[NoP)۰pԫ$
a@ƈBܔd,nR1' AژKJ9
C%Ku0&o1AYE<6ÃϕLP9躍
yy9Є
[q'R9
VP ʠx4
gg>,cJAeڶW;UDuqWw5Z`D̜N
F
r
LǓ%.UM1\Q
ai!I$sO|9t``L\=n�HEJ#V
qG3TRr/>b{irc,ִ^N&6̞
idkCm#B(jְSM dqQg2(9〉]UlM�<Au
M(r qeORjbA+
)oS
4H
kɁ;KrTߓnrr2ę
AG֭FxvYmuHKD)l-D}RV갟cYMߜLJsʸVpRO !ކmT!۪4+9/7$W9m (DR--%J%vLujJoҖfIKysFlOpbHK0mu2,+(VkXe^QJjm[u`ϓ Yf<#
:bˮg
e۽fyܾCl9<8PJW1CОDv@˰%.
)6JlFm
5]ljgx
2m~ ڪ!isYcU{B`4/-6$.z+4dV =ke+GWz=\zLMܭ}B*c
TW"\M`s(.d75~dTquS#puXTud5՞RՕQYvtϋpD(t*)R XL?
R$daXZNYz*(mt! mT-PZ
g z?20
y!@l#vc5zԧGoѪJ*;U~ӧT<_Ǭdf/nP=/�
O}^iQދ
s6VQC�?
L 0Ǎd)�
Ȇr
i'{ljr<o~txs?,?yO�Jyn!.?Ȏ*_BH>B
ѢIS!sN(
- vΐ G̢M7y.NI;>Q
y"x=}.X=1`F
80zh- XYÜ7
wox0P^Ȗ`}B
PIsfOxo^
՟{!v~ ^~<7
/
:�g6AeZ<7
?ɰz]
y['O<tv~W
&
g%б@HɞnJAYkɎQ!} Cwӭ;V )ssY?/.4t
V?y n{JrfW}=QCs>.џnAZV(Q@>/B W@ر
E-ƒɓJп=َlx7"o7)F9ރvzGvA¿AfO;~z y?\~wQ[{ނyH
#i^}L:/pCzs&}~s.:<BG>Q}K>Xl߅]^tvч
R=+~_\nOBw_cw}&~
q;oD~}Q X܁kfV
D*MZ[2c
gH@ZGy.<,=݆
k"?
o9@Y/
7Ы`Mg
܅F )]'ٛٻtsu}
? |(hhtNMGo=v7/
-
`�(~t=hO
WjWElCz߅+j|vӗͷ{矦n/4ǖ|nT?Q
C9�Ẑ\-q
C|G=
o({7AFc Z<
~ h;vKJf}p$:
WwP\"&~DݵBMZ?(\D7F?q^hݛoQ|7pG7|4EaZMw}8 l:
4 >'Jݗ7?_7~qgAuovo;8~M
;!F5w8rOv1bnno
@ʷdzj\| ;P|.|Kw/7qk }Y<sGy(qNOo;gOv-
ԫ.S8VJ.#-n?vCMv Çw1>]Γ
nDOX%^٧EowzDLkPrwJȟh ᧻YSbfl/
l]DˁekqXF=c9W"=t?
�
,.cyj�<"O]
+7ia_El8
U�]zhco'0,8q_E=܆*RW{Ik,xT^4Z}HcFNB5J$N~KEvDܕw*
}k1տX"']%Z^{W9Uj^q{_Q1
{ ]qrOX:zoahN9v]Lx�Ikԟ1Y
w
=P@v.b_N`dN(|=o
0 ~G.b
ǀ 6@H%
f3Sw t}T?/NV+}MD+fc̱
l)R 4J+pA {zm'c]bz5.P5X粈{hEшN&TPJ.f`ZvbHe?^d./ҕN:.9t5lltsGzIHqȡT@'UcI
BR~A.l#ЀtWd,J}tK
ReTUe1G{*u|l ]pa@A dz
Q)�*
Ul�AvTP: ͐z{
lg}}?)#^fo}>*O?
ꁪK"_HOvW
;.к/_V@@,"l�� �UU�S3�E"�`��oEDOQQܻ<ϐX{UfH
YbZB$Mm.6
H-mY̒HM5M,. �H
]=k=j4(~^B#qp:n gK>J/7bW,EjhU
^t,)t%mIH9X@[c
�B��C#WTe�ylmmWg&fq
GENWv; B?s~b"Ɔ
'wha˪*HV"[FEփgzxR ڂO*oKW V�% bX[J+J8ЄK4O&K'ԮYkՊ2ɤV[K vn-%[I%
n^{d$(c%Z#w
IW{$ cNX>Cv!IRYړx
B
"6\\Ej3vsXAJ2E2(
)
%b4뒘fd*|Iy$G6 V /P_0O!{7
[EmʄPD~9KUZ &4_$z٧MQ
Cl
Njr=C_ȎDK@qrYiQU*O)O%B^a1x$b*r'ı,"F3[cB
ߨԈKwE
M"Oeəg X%!x(j+
/It&94&k{y<<Q/`fa""M,42/]zQ;8)k=zz3
CY}R9&y
{fd`iOmsmMx|PF'CQ&_"dTHf! V^'u'{)f8uRc
/t̛dz٤
Ӟ&PY|&?`&c%?OТ^auzN9|E2&V;`إD ^Nua NMk
|);"3
#mLzN
j|UT˪IrvNDyOȕ v%IÞY43 K,~y5a@6f&>E$ɐwzE{;O3*@YQCl
_I'9,_! Sc8_)Iht;jPvW&]l"Pe`#zi
67}SW?s
t97K5
n7|Yƃ9 YƼ
h{
0ic
jʠ
Rr>
hLO&$Ye҉(QA9P A/)2*%2ǩ1FĘ Ɔ2۵C&&%Yҵ報>Gʛpbѻ\G\nMC&&%VZ
;:~VKNpe&Z/iZ^j(H#5!0i+_̆)gvZAl1
ՃD&&4mBO\A) ZRqA5-Nf{ô^2/k|3{QE&4&<O
ExRҫݳӍQ AI^-
6eB@d{ΉDڤBV?i,GEɺqs&f!4&Q
A I]H֍cpƎQBߦ[&0Kn)Q%
&TKn):DMʗSMDPy/@`5FYy *Tn@
5+_5"%$jVmJԄ|I֬Y.+Q)D,
?G]`8${
6&
ufXDM*&iJoԄ|IPɉ/
Ւ[P/&Uߨ [K5+_@sMD(] [B$jVMD=Ъ?Q%4}l[`(������ 9,#ڂ(u,f^/TPBZ-e4ڄ+y&d׀]uFGn};rߩ
a{d
zsd'R~>|Xڻ1CB(eM$,2ûB;
5sx0yhQeM0BM,V
ʗٿe`oԇZ'k`#U6?Az8+Q-b6N>`2rȀvLK702ɘӘ&P0z
4,VB5hID{ZRؙlJr,C~iIQ
[
/%HW7
!'b0(o9
}ev
1ՂtoO175
y$놬Ϥ8̖ӆ&:ov~MMŻd�uHl}s0,^y;?潫pawdHr^
y`}7-ݞپeť
u?'?][g%1hK.{FhޮUCM4h)nݦ
66|p f|o38~(617ÇJ
͵:=6%3T`jأUP۰AM13XI^jQ]}u@VGa+
$!>Slog6>7zR8L<#=87F{7imמc8
{;c~f8vu͛k0OƦ4`)|eǚ"]ez(ka:Ϋ빯y>]h\Jf@)ܦ
Pz~K,5][]Ƣ@͙hI7cxˍu
*hoq
~nJp
#5&7&W`x?eQgwm7;kV8SI7tՍ-4 ,N'FeV
e7+
OT6*
G"z<zaׇ`$0^5̩(e#P3Tz]5f%^~5_Cn@ u
:NӑrT:'⋔K{0#uB¸]kY
VYOއyDy9.hh
\
]oف
ml
0%wXcrf
Su3khn{[a{&pqN+ܨg$v4}6;pú̀a꒺)&3֥
.j>bj}?JX_]8foS0byX3/4 {'r^p峥APm: +;{
:rш+ϕ5Ҫhb
ꪢpUWq:J
X
WSU7u*V瘿ZU%U\jJTժOZW[UJTժOZUq*UXz�A
Z+y>)VVqRUZJUUe*U\TRW�5iW]
i~5o}
n',
mx8Jp+vι&NB^
[lc7)
cvs5ppz^
ڛh[7R`u
J'F3NQlM35W(`Ɩ5
Sۢ
;BKaXQ*0hbF_UP_?
ȮJj>+u#. )lVIU/72/ BSH%* }n1tDsdKu
tU
bցCP#iUj,!eK>Sȉj_4箑f``R%q hFEW
Y^wr BT3hB7LC wi/phu?q[dce^
qs3H
3 1
-
=SnQn|WW:@ )rMf1U^_:UPx!*]Fp%"V}WV*L|w%xhvE[DʴRԱK]p
LGSu<3fFV*uʙ2cVnX[$Uv|SP8Z*tU#BXn]Bw6RN1O}6Z'vu9ȹ=&g;˹Z,<8e~ۭS\j9
LG.q˵z{Ozz"]Њȋxlf?%a8=+G e|+b/ۏxؚ\oi9\?~H?GqaCv]
pj?6n$7яu#]tnzӸ]k~kX?eȭ_S{V"?{Ɗ쑏ۯ|Oyz_6l|5{~
az
`ï?^Bj]#G}o! ^9H~3ˏ<} ,?p?|<$YKb߱r
l/
9s#
xE|KwcV+O1yy5|biBmgd@\oӔb-owx
?F+j?[
S>
tGX4TT5qЮ»B@,E(#
!mwP;Gy``#hY8ؚGkG`xʬEF-P#.*,GXq@*bd�E~zV
xnA5HeO!C!1>X;
> @^ͲaW(bda/Ap/q۞%aVZɼw[xv�
ّ0%E`b2%ɂaar\t&f1ȆQqp6.Ƈf'ܝ13~ݳ2O Nɝu4;W0ɮ8ʓnJY-3Hrُ+Kk77AkF
\z:g<YZ9!ǛR#1[GN
Ӈuu,wz\W9W)۽}rw?o7?pi}@ì%!thh!t5@k6ꑡCFӟ21@,֎3B?H:+0
h7jN,hkVd3e^k3wYN
p!xk
V,nXQa$\d`X("7lB#|loW^unPTug8AD/j~y)}~#k# R(Mj[[l7
uMQr%�������������������������������������������������������������#
�����������(�����������������������������������l(������Ha������x������������