NTFS
Full Name
Windows NT File System
Context
NTFS has been a part of Windows NT since it was first released as NT 3.1.
Streams
NTFS has enabled multiple streams from an early release, but the Windows File Explorer has never managed any stream but the default stream called ":$DATA". All of the others are considered to be "Alternate Data Streams".
Security
icacls Displays or modifies discretionary access control lists (DACLs) on specified files, and applies stored DACLs to files in specified directories.
Integrity
The NTFS file system objects and registry keys are not automatically labeled when they are created. These objects do not have mandatory labels after upgrade from a previous version of Windows to Windows Vista. Files on non-NTFS file systems (CDFS or FAT32) that do not have security descriptors are not securable objects and do not have an integrity level. Every security descriptor must have an implicit mandatory label. Processes with a subject integrity level at or above medium create files and registry keys without an explicit label. As a consequence, the file system and registry objects that are created by a high or system integrity level process have an implicit medium label.[1]
PowerShell
Install-Module -Name NTFSSecurity Import-Module NTFSSecurity
- How to Manage NTFS Permissions with PowerShell?
- Unblock-File with PowerShell Internally, the Unblock-File cmdlet removes the Zone.Identifier alternate data stream, which has a ZoneId=3 to indicate that it was downloaded from the internet.
- This example shows how the Clear-Content cmdlet clears the content from an alternate data stream while leaving the stream intact. The first command uses the Get-Content cmdlet to get the content of the Zone.Identifier stream in the Copy-Script.ps1 file, which was downloaded from the internet. The second command uses the Clear-Content cmdlet to clear the content. The third command repeats the first command. It verifies that the content is cleared, but the stream remains. If the stream were deleted, the command would generate an error. You can use a method like this one to clear the content of an alternate data stream. However, it is not the recommended way to eliminate security checks that block files that are downloaded from the Internet. If you verify that a downloaded file is safe, use the Unblock-File cmdlet.
Get-Content C:\Test\Copy-Script.ps1 -Stream Zone.Identifier [ZoneTransfer] ZoneId=3 Clear-Content C:\Test\Copy-Script.ps1 -Stream Zone.Identifier Get-Content C:\Test\Copy-Script.ps1 -Stream Zone.Identifier
References
- ↑ Windows Integrity Mechanism Design (2007-07-05) Out of date, but still the best explanation https://learn.microsoft.com/en-us/previous-versions/dotnet/articles/bb625963(v=msdn.10)
