Me, myself & IT

General Failure, Colonel Error, Major Mishap, Commander Havoc, Captain Mayhem, Private Snafu and other (Un)lucky Fellows

Purpose
Reason
Trivia
Mishap № 1: Demonstration; Fix
Mishap № 2: Demonstration

Purpose

Reason

Trivia

Who the f*ck is General Failure, and why is he reading my hard disk?

Mishap № 1

With Windows Vista^® Microsoft^® introduced the directory %SystemDrive%\ProgramData\ alias %ProgramData%\ and moved the directory with the shared Start Menu from its previous, properly protected location %ALLUSERSPROFILE%\Start Menu\ to %ProgramData%\Microsoft\Windows\Start Menu\.

Before this relocation only members of the BUILTIN\Administrators group had write and delete access to files and subdirectories beneath %ALLUSERSPROFILE%\ and therefore the shared Start Menu too – afterwards the DACL of the directory %ProgramData%\Microsoft\Windows\Start Menu\ contains at least one inherit-only ACE (A;OICIIO;DTSD;;;S-1-5-21-‹digits›-‹digits›-‹digits›-1000) which grants at least the first local user account created during setup DELETE and FILE_DELETE_CHILD access to all files and subdirectories underneath: since almost 19 (in words: nineteen) years at least one unprivileged user can delete the shared Start Menu completely, thus affecting all users of a machine!

Demonstration

Perform one of the following simple steps and the optional destructive last one to show the mishap!

Logon to the first user account created during Windows setup and start the Command Processor Cmd.exe unelevated, then execute the following command lines:

ICACLs.exe "%ProgramData%\Microsoft\Windows\Start Menu" /Q
ICACLs.exe "%ProgramData%\Microsoft\Windows\Start Menu\*" /C /Q
IF NOT DEFINED MISHAP (
ICACLs.exe "%ProgramData%\Microsoft\Windows\Start Menu\desktop.ini" /C /Q /T | Find.exe "%USERDOMAIN%\%USERNAME%"
ICACLs.exe "%ProgramData%\Microsoft\Windows\Start Menu\*.lnk" /C /Q /T | Find.exe "%USERDOMAIN%\%USERNAME%"
) ELSE (
ICACLs.exe "%ProgramData%\Microsoft\Windows\Start Menu\desktop.ini" /C /Q /T | FindStr.exe /B /C:"%ProgramData%"
ICACLs.exe "%ProgramData%\Microsoft\Windows\Start Menu\*.lnk" /C /Q /T | FindStr.exe /B /C:"%ProgramData%"
)

Note: the command lines can be copied and pasted as block into a Command Processor window.

Note: both branches of the IF (…) ELSE (…) statement yield the same output!

C:\ProgramData\Microsoft\Windows\Start Menu AMNESIAC\Stefan:(OI)(CI)(IO)(DE,DC)
                                            AMNESIAC\Administrator:(OI)(CI)(IO)(DE,DC)
                                            NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)
                                            BUILTIN\Administrators:(I)(OI)(CI)(F)
                                            BUILTIN\Users:(I)(OI)(CI)(RX)
                                            Everyone:(I)(OI)(CI)(RX)

Successfully processed 1 files; Failed processing 0 files

C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk AMNESIAC\Stefan:(I)(DE,DC)
                                                                 AMNESIAC\Administrator:(I)(DE,DC)
                                                                 NT AUTHORITY\SYSTEM:(I)(F)
                                                                 BUILTIN\Administrators:(I)(F)
                                                                 BUILTIN\Users:(I)(RX)
                                                                 Everyone:(I)(RX)

C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini AMNESIAC\Stefan:(I)(DE,DC)
                                                        AMNESIAC\Administrator:(I)(DE,DC)
                                                        NT AUTHORITY\SYSTEM:(I)(F)
                                                        BUILTIN\Administrators:(I)(F)
                                                        BUILTIN\Users:(I)(RX)
                                                        Everyone:(I)(RX)

C:\ProgramData\Microsoft\Windows\Start Menu\Programs AMNESIAC\Stefan:(I)(OI)(CI)(DE,DC)
                                                     AMNESIAC\Administrator:(I)(OI)(CI)(DE,DC)
                                                     NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)
                                                     BUILTIN\Administrators:(I)(OI)(CI)(F)
                                                     BUILTIN\Users:(I)(OI)(CI)(RX)
                                                     Everyone:(I)(OI)(CI)(RX)

C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk AMNESIAC\Stefan:(I)(DE,DC)
                                                               AMNESIAC\Administrator:(I)(DE,DC)
                                                               NT AUTHORITY\SYSTEM:(I)(F)
                                                               BUILTIN\Administrators:(I)(F)
                                                               BUILTIN\Users:(I)(RX)
                                                               Everyone:(I)(RX)

Successfully processed 4 files; Failed processing 0 files

C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\desktop.ini AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\desktop.ini AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\desktop.ini AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\desktop.ini AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Virtual PC\desktop.ini AMNESIAC\Stefan:(I)(DE,DC)

C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Calendar.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\DisplaySwitch.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Registry Editor.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Management.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\IIS Manager.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Microsoft .NET Framework 2.0 Configuration.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Scan Management.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Application Verifier\Application Verifier.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Application Verifier (x64)\Application Verifier (x64).lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debugging Tools for Windows (x64)\Debugging Help.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debugging Tools for Windows (x64)\Global Flags.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debugging Tools for Windows (x64)\Release Notes.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debugging Tools for Windows (x64)\Uninstall Debugging Tools for Windows (x64).lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debugging Tools for Windows (x64)\WinDbg.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debugging Tools for Windows (x86)\Debugging Help.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debugging Tools for Windows (x86)\Global Flags.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debugging Tools for Windows (x86)\Release Notes.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debugging Tools for Windows (x86)\Uninstall Debugging Tools for Windows (x86).lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debugging Tools for Windows (x86)\WinDbg.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\GameExplorer.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows SDK v7.1\Release Notes.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows SDK v7.1\Samples Directory.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows SDK v7.1\Samples Reference.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows SDK v7.1\Tools Reference.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows SDK v7.1\Windows SDK 7.1 Command Prompt.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows SDK v7.1\Tools\Accessible Event Watcher (x64).lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows SDK v7.1\Tools\GUID Generator.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows SDK v7.1\Tools\Inspect Objects (x64).lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows SDK v7.1\Tools\Manifest_Generator (x64).lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows SDK v7.1\Tools\OLE-COM Object Viewer (x64).lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows SDK v7.1\Tools\WinDiff (x64).lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows SDK v7.1\Tools\Windows Troubleshooting Pack Designer.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows SDK v7.1\Visual Studio Registration\Windows SDK Configuration Tool.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Virtual PC\Virtual Machines.lnk AMNESIAC\Stefan:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Virtual PC\Virtual Windows XP.lnk AMNESIAC\Stefan:(I)(DE,DC)

OUCH¹: on Windows 7 all subdirectories, shortcuts and desktop.ini files of the shared Start Menu are not properly protected – the unprivileged primary user is able to remove them all!

On Windows 10 and Windows 11 run the following alternative command line instead:

ICACLs.exe "%ProgramData%\Microsoft\Windows\Start Menu" /C /Q /T | FindStr.exe /L "%ProgramData% (DE,DC)"

C:\ProgramData\Microsoft\Windows\Start Menu S-1-5-21-1717989741-1660040995-2455016376-1002:(OI)(CI)(IO)(DE,DC)
                                            S-1-5-21-1717989741-1660040995-2455016376-1000:(OI)(CI)(IO)(DE,DC)
                                            MISHAP\Administrator:(OI)(CI)(IO)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                        S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
                                                        MISHAP\Administrator:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(OI)(CI)(DE,DC)
                                                     S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(OI)(CI)(DE,DC)
                                                     MISHAP\Administrator:(I)(OI)(CI)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(OI)(CI)(DE,DC)
                                                                   S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(OI)(CI)(DE,DC)
                                                                   MISHAP\Administrator:(I)(OI)(CI)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Desktop.ini S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                               S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
                                                                               MISHAP\Administrator:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(OI)(CI)(DE,DC)
                                                                 S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(OI)(CI)(DE,DC)
                                                                 MISHAP\Administrator:(I)(OI)(CI)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                             S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
                                                                             MISHAP\Administrator:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                               S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
                                                                                               MISHAP\Administrator:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                    S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
                                                                                    MISHAP\Administrator:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(OI)(CI)(DE,DC)
                                                                              S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(OI)(CI)(DE,DC)
                                                                              MISHAP\Administrator:(I)(OI)(CI)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                                S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
                                                                                                MISHAP\Administrator:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\desktop.ini S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                          S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
                                                                                          MISHAP\Administrator:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player Legacy.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                                 S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
                                                                                                 MISHAP\Administrator:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(OI)(CI)(DE,DC)
                                                                          S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(OI)(CI)(DE,DC)
                                                                          MISHAP\Administrator:(I)(OI)(CI)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                                 S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
                                                                                                 MISHAP\Administrator:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                                  S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
                                                                                                  MISHAP\Administrator:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                      S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
                                                                                      MISHAP\Administrator:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                     S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
                                                                                     MISHAP\Administrator:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                           S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
                                                                                           MISHAP\Administrator:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                           S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
                                                                                           MISHAP\Administrator:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                              S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
                                                                                              MISHAP\Administrator:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                                      S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
                                                                                                      MISHAP\Administrator:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                                         S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
                                                                                                         MISHAP\Administrator:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                                         S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
                                                                                                         MISHAP\Administrator:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                                  S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
                                                                                                  MISHAP\Administrator:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                               S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
                                                                                               MISHAP\Administrator:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\RecoveryDrive.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                            S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
                                                                                            MISHAP\Administrator:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Registry Editor.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                              S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
                                                                                              MISHAP\Administrator:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                               S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
                                                                                               MISHAP\Administrator:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                                                S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
                                                                                                                MISHAP\Administrator:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                       S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
                                                                                       MISHAP\Administrator:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                                   S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
                                                                                                   MISHAP\Administrator:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                                 S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
                                                                                                 MISHAP\Administrator:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                             S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
                                                                                             MISHAP\Administrator:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Defender Firewall with Advanced Security.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                                                               S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
                                                                                                                               MISHAP\Administrator:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                 S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
                                                                 MISHAP\Administrator:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(OI)(CI)(DE,DC)
                                                                 S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(OI)(CI)(DE,DC)
                                                                 MISHAP\Administrator:(I)(OI)(CI)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                             S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
                                                                             MISHAP\Administrator:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                        S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
                                                                        MISHAP\Administrator:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(OI)(CI)(DE,DC)
                                                             S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(OI)(CI)(DE,DC)
                                                             MISHAP\Administrator:(I)(OI)(CI)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                         S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
                                                                         MISHAP\Administrator:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(OI)(CI)(DE,DC)
                                                                  S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(OI)(CI)(DE,DC)
                                                                  MISHAP\Administrator:(I)(OI)(CI)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                              S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
                                                                              MISHAP\Administrator:(I)(DE,DC)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                   S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
                                                                                   MISHAP\Administrator:(I)(DE,DC)

OUCH²: on Windows 10 and Windows 11 the mishap got even worse – now multiple unprivileged users are able to remove the shared Start Menu completely!

(Optional) Clobber the shared Start Menu:

IF DEFINED MISHAP (
ERASE /A:HS /Q /S "%ProgramData%\Microsoft\Windows\Start Menu\desktop.ini"
ERASE /Q /S "%ProgramData%\Microsoft\Windows\Start Menu\*.lnk"
) ELSE (
RMDIR /Q /S "%ProgramData%\Microsoft\Windows\Start Menu"
)

Fix

Remove the dangerous inherit-only ACE (A;OICIIO;DTSD;;;S-1-5-21-‹digits›-‹digits›-‹digits›-1000) for the primary local user account and the superfluous ACE (A;OICIIO;DTSD;;;LA) for the local Administrator account!

Logon to the first user account created during Windows setup and start the Command Processor Cmd.exe elevated, then execute the following command lines:

ICACLs.exe "%ProgramData%\Microsoft\Windows\Start Menu" /Q /Remove:g "%USERDOMAIN%\%USERNAME%" /Remove:g "%USERDOMAIN%\Administrator"
ICACLs.exe "%ProgramData%\Microsoft\Windows\Start Menu\desktop.ini" /C /Q /Remove:g "%USERDOMAIN%\%USERNAME%" /Remove:g "%USERDOMAIN%\Administrator" /T
ICACLs.exe "%ProgramData%\Microsoft\Windows\Start Menu\*.lnk" /C /Q /Remove:g "%USERDOMAIN%\%USERNAME%" /Remove:g "%USERDOMAIN%\Administrator" /T

Successfully processed 1 files; Failed processing 0 files
Successfully processed 11 files; Failed processing 0 files
Successfully processed 90 files; Failed processing 0 files

Mishap № 2

Since Windows Vista the directory %SystemRoot%\WinSxS\ is used as repository and staging store for almost all components of Windows NT.

To protect its integrity only the (virtual) user account NT SERVICE\TrustedInstaller with security identifier S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464 should have write and delete access there.

Due to braindead implementation of the Component Based Servicing introduced with Windows Vista, files from the repository are installed via reflection, i.e. as hard links instead of true copies – modifications of installed files, for example shortcuts in the shared Start Menu, also change the repository.

Demonstration

Perform the following simple step and the optional destructive one to show the mishap!

Logon to one of the user accounts created during the setup of Windows 10 or Windows 11 and start the Command Processor Cmd.exe unelevated, then execute the following command line:

ICACLs.exe "%SystemRoot%\WinSxS\*.lnk" /C /Q /T | Find.exe "(DE,DC)"

C:\WINDOWS\WinSxS\amd64_eventviewersettings_31bf3856ad364e35_10.0.26100.1882_none_90964c57b3d34f63\Event Viewer.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                                                    S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
C:\Windows\WinSxS\amd64_eventviewersettings_31bf3856ad364e35_10.0.26100.1_none_f1eb80676c3fbe87\Event Viewer.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                                                 S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
C:\Windows\WinSxS\amd64_eventviewersettings_31bf3856ad364e35_10.0.26100.5074_none_90eba575b3937e62\Event Viewer.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                                                    S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
C:\WINDOWS\WinSxS\amd64_microsoft-windows-a..roblemstepsrecorder_31bf3856ad364e35_10.0.26100.4202_none_76c8e866faf07366\Steps Recorder.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                                                                           S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
C:\WINDOWS\WinSxS\amd64_microsoft-windows-a..roblemstepsrecorder_31bf3856ad364e35_10.0.26100.5074_none_76e55e9afada1d4e\Steps Recorder.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                                                                           S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
C:\WINDOWS\WinSxS\amd64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.26100.4202_none_4abe321a9b7601be\Task Manager.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                                                                      S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
C:\Windows\WinSxS\amd64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.26100.5074_none_4adaa84e9b5faba6\Task Manager.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                                                                      S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
C:\WINDOWS\WinSxS\amd64_microsoft-windows-c..s-admin-compsvclink_31bf3856ad364e35_10.0.26100.1882_none_6e30c61a8a994728\Component Services.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                                                                               S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
C:\Windows\WinSxS\amd64_microsoft-windows-c..s-admin-compsvclink_31bf3856ad364e35_10.0.26100.1_none_cf85fa2a4305b64c\Component Services.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                                                                            S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
C:\Windows\WinSxS\amd64_microsoft-windows-c..s-admin-compsvclink_31bf3856ad364e35_10.0.26100.5074_none_6e861f388a597627\Component Services.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                                                                               S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
C:\WINDOWS\WinSxS\amd64_microsoft-windows-c..termanagementsnapin_31bf3856ad364e35_10.0.26100.1882_none_e6b4947c26772596\Computer Management.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                                                                                S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
C:\Windows\WinSxS\amd64_microsoft-windows-c..termanagementsnapin_31bf3856ad364e35_10.0.26100.5074_none_e709ed9a26375495\Computer Management.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                                                                                S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
C:\WINDOWS\WinSxS\amd64_microsoft-windows-charmap_31bf3856ad364e35_10.0.26100.4202_none_8e3114995451d760\Character Map.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                                                           S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
C:\Windows\WinSxS\amd64_microsoft-windows-charmap_31bf3856ad364e35_10.0.26100.5074_none_8e4d8acd543b8148\Character Map.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                                                           S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
C:\WINDOWS\WinSxS\amd64_microsoft-windows-cleanmgr_31bf3856ad364e35_10.0.26100.4202_none_091b8d9c0d8281ab\Disk Cleanup.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                                                           S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
C:\Windows\WinSxS\amd64_microsoft-windows-cleanmgr_31bf3856ad364e35_10.0.26100.5074_none_093803d00d6c2b93\Disk Cleanup.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                                                           S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
C:\Windows\WinSxS\amd64_microsoft-windows-defrag-adminui_31bf3856ad364e35_10.0.26100.1_none_9609b71ef8d18dee\dfrgui.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                                                        S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
C:\WINDOWS\WinSxS\amd64_microsoft-windows-defrag-adminui_31bf3856ad364e35_10.0.26100.3323_none_34e47df340420efa\dfrgui.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                                                           S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
C:\Windows\WinSxS\amd64_microsoft-windows-defrag-adminui_31bf3856ad364e35_10.0.26100.5074_none_3509dc2d40254dc9\dfrgui.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                                                           S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
C:\WINDOWS\WinSxS\amd64_microsoft-windows-iscsi_initiator_ui_31bf3856ad364e35_10.0.26100.1882_none_73899f020c320a85\iSCSI Initiator.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                                                                        S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
C:\Windows\WinSxS\amd64_microsoft-windows-iscsi_initiator_ui_31bf3856ad364e35_10.0.26100.5074_none_73def8200bf23984\iSCSI Initiator.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                                                                        S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
C:\Windows\WinSxS\amd64_microsoft-windows-m..-odbc-administrator_31bf3856ad364e35_10.0.26100.1_none_41438fbea643a6b2\ODBC Data Sources (64-bit).lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                                                                                    S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
C:\WINDOWS\WinSxS\amd64_microsoft-windows-m..-odbc-administrator_31bf3856ad364e35_10.0.26100.3323_none_e01e5692edb427be\ODBC Data Sources (64-bit).lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                                                                                       S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
C:\Windows\WinSxS\amd64_microsoft-windows-m..-odbc-administrator_31bf3856ad364e35_10.0.26100.5074_none_e043b4cced97668d\ODBC Data Sources (64-bit).lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                                                                                       S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
C:\WINDOWS\WinSxS\amd64_microsoft-windows-m..diagnostic-schedule_31bf3856ad364e35_10.0.26100.1882_none_2f75108d29d7afaa\Memory Diagnostics Tool.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                                                                                    S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
C:\Windows\WinSxS\amd64_microsoft-windows-m..diagnostic-schedule_31bf3856ad364e35_10.0.26100.1_none_90ca449ce2441ece\Memory Diagnostics Tool.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                                                                                 S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
C:\Windows\WinSxS\amd64_microsoft-windows-m..diagnostic-schedule_31bf3856ad364e35_10.0.26100.5074_none_2fca69ab2997dea9\Memory Diagnostics Tool.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                                                                                    S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
C:\WINDOWS\WinSxS\amd64_microsoft-windows-mediaplayer-shortcut_31bf3856ad364e35_10.0.26100.1882_none_4a6fe694fdd588e7\Windows Media Player Legacy.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                                                                                      S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
C:\WINDOWS\WinSxS\amd64_microsoft-windows-mediaplayer-shortcut_31bf3856ad364e35_10.0.26100.1_none_abc51aa4b641f80b\Windows Media Player Legacy.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                                                                                   S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
C:\WINDOWS\WinSxS\amd64_microsoft-windows-mediaplayer-shortcut_31bf3856ad364e35_10.0.26100.5074_none_4ac53fb2fd95b7e6\Windows Media Player Legacy.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                                                                                      S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
C:\WINDOWS\WinSxS\amd64_microsoft-windows-msconfig-exe_31bf3856ad364e35_10.0.26100.4202_none_765195be4db6c109\System Configuration.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                                                                       S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
C:\Windows\WinSxS\amd64_microsoft-windows-msconfig-exe_31bf3856ad364e35_10.0.26100.5074_none_766e0bf24da06af1\System Configuration.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                                                                       S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
C:\WINDOWS\WinSxS\amd64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_10.0.26100.4202_none_47b3be11a9a4f9b0\System Information.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                                                                     S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
C:\Windows\WinSxS\amd64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_10.0.26100.5074_none_47d03445a98ea398\System Information.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                                                                     S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
C:\WINDOWS\WinSxS\amd64_microsoft-windows-p..erandprintui-pmcppc_31bf3856ad364e35_10.0.26100.4202_none_a73f992730a85600\Print Management.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                                                                             S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
C:\Windows\WinSxS\amd64_microsoft-windows-p..erandprintui-pmcppc_31bf3856ad364e35_10.0.26100.5074_none_a75c0f5b3091ffe8\Print Management.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                                                                             S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
C:\WINDOWS\WinSxS\amd64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_10.0.26100.4202_none_37e1156650eaa088\Performance Monitor.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                                                                             S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
C:\WINDOWS\WinSxS\amd64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_10.0.26100.4202_none_37e1156650eaa088\Resource Monitor.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                                                                          S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
C:\Windows\WinSxS\amd64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_10.0.26100.5074_none_37fd8b9a50d44a70\Performance Monitor.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                                                                             S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
C:\Windows\WinSxS\amd64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_10.0.26100.5074_none_37fd8b9a50d44a70\Resource Monitor.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                                                                          S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
C:\WINDOWS\WinSxS\amd64_microsoft-windows-recoverydrive_31bf3856ad364e35_10.0.26100.4343_none_c46322c03ba8c055\RecoveryDrive.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                                                                 S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
C:\Windows\WinSxS\amd64_microsoft-windows-recoverydrive_31bf3856ad364e35_10.0.26100.5074_none_c4867e803b8dcf4f\RecoveryDrive.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                                                                 S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
C:\WINDOWS\WinSxS\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_10.0.26100.4202_none_90060c9f8bcf570f\Registry Editor.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                                                                     S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
C:\Windows\WinSxS\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_10.0.26100.5074_none_902282d38bb900f7\Registry Editor.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                                                                     S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
C:\WINDOWS\WinSxS\amd64_microsoft-windows-s..ment-policytools-ex_31bf3856ad364e35_10.0.26100.1882_none_f4fdc9eef135ca34\Security Configuration Management.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                                                                                              S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
C:\Windows\WinSxS\amd64_microsoft-windows-s..ment-policytools-ex_31bf3856ad364e35_10.0.26100.1_none_5652fdfea9a23958\Security Configuration Management.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                                                                                           S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
C:\Windows\WinSxS\amd64_microsoft-windows-s..ment-policytools-ex_31bf3856ad364e35_10.0.26100.5074_none_f553230cf0f5f933\Security Configuration Management.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                                                                                              S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
C:\WINDOWS\WinSxS\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_10.0.26100.1882_none_6b0256f4f5db1044\services.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                                                             S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
C:\Windows\WinSxS\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_10.0.26100.1_none_cc578b04ae477f68\services.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                                                          S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
C:\Windows\WinSxS\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_10.0.26100.5074_none_6b57b012f59b3f43\services.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                                                             S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
C:\WINDOWS\WinSxS\amd64_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_10.0.26100.4202_none_e9b3a4cfd10e4076\Remote Desktop Connection.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                                                                                      S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
C:\WINDOWS\WinSxS\amd64_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_10.0.26100.5074_none_e9d01b03d0f7ea5e\Remote Desktop Connection.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                                                                                      S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
C:\WINDOWS\WinSxS\amd64_networking-mpssvc-shortcut_31bf3856ad364e35_10.0.26100.1882_none_20f5695abce558a4\Windows Defender Firewall with Advanced Security.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                                                                                               S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
C:\Windows\WinSxS\amd64_networking-mpssvc-shortcut_31bf3856ad364e35_10.0.26100.1_none_824a9d6a7551c7c8\Windows Defender Firewall with Advanced Security.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                                                                                            S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
C:\Windows\WinSxS\amd64_networking-mpssvc-shortcut_31bf3856ad364e35_10.0.26100.5074_none_214ac278bca587a3\Windows Defender Firewall with Advanced Security.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                                                                                               S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
C:\WINDOWS\WinSxS\amd64_taskschedulersettings_31bf3856ad364e35_10.0.26100.1882_none_e689781ab47d0fe7\Task Scheduler.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                                                        S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
C:\Windows\WinSxS\amd64_taskschedulersettings_31bf3856ad364e35_10.0.26100.1_none_47deac2a6ce97f0b\Task Scheduler.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                                                     S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
C:\Windows\WinSxS\amd64_taskschedulersettings_31bf3856ad364e35_10.0.26100.5074_none_e6ded138b43d3ee6\Task Scheduler.lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                                                        S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
C:\WINDOWS\WinSxS\wow64_microsoft-windows-m..-odbc-administrator_31bf3856ad364e35_10.0.26100.3624_none_ea527a59222d572d\ODBC Data Sources (32-bit).lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                                                                                       S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)
C:\Windows\WinSxS\wow64_microsoft-windows-m..-odbc-administrator_31bf3856ad364e35_10.0.26100.5074_none_ea985f1f21f82888\ODBC Data Sources (32-bit).lnk S-1-5-21-1717989741-1660040995-2455016376-1002:(I)(DE,DC)
                                                                                                                                                       S-1-5-21-1717989741-1660040995-2455016376-1000:(I)(DE,DC)

OUCH: the unprivileged user accounts created during setup of Windows 10 and Windows 11 have DELETE and FILE_DELETE_CHILD access to multiple shortcuts stored underneath %SystemRoot%\WinSxS\!

(Optional) Delete the shortcuts in the repository:
```
ERASE /Q /S "%SystemRoot%\WinSxS\*.lnk"
```

Contact and Feedback

If you miss anything here, have additions, comments, corrections, criticism or questions, want to give feedback, hints or tipps, report broken links, bugs, deficiencies, errors, inaccuracies, misrepresentations, omissions, shortcomings, vulnerabilities or weaknesses, …: don’t hesitate to contact me and feel free to ask, comment, criticise, flame, notify or report!

Use the X.509 certificate to send S/MIME encrypted mail.

Note: email in weird format and without a proper sender name is likely to be discarded!

I dislike HTML (and even weirder formats too) in email, I prefer to receive plain text.
I also expect to see your full (real) name as sender, not your nickname.
I abhor top posts and expect inline quotes in replies.

Terms and Conditions

By using this site, you signify your agreement to these terms and conditions. If you do not agree to these terms and conditions, do not use this site!

The software and the documentation on this site are provided as is without any warranty, neither express nor implied.
In no event will the author be held liable for any damage(s) arising from the use of the software or the documentation.
Permission is granted to use the current version of the software and the current version of the documentation solely for personal private and non-commercial purposes.
An individuals use of the software or the documentation in his or her capacity or function as an agent, (independent) contractor, employee, member or officer of a business, corporation or organisation (commercial or non-commercial) does not qualify as personal private and non-commercial purpose.
Without written approval from the author the software or the documentation must not be used for a business, for commercial, corporate, governmental, military or organisational purposes of any kind, or in a commercial, corporate, governmental, military or organisational environment of any kind.
Redistribution of the software and the documentation is allowed only in unmodified form of its current version and free of charge.

Notification and Disclosure Policy

I detect bugs, weaknesses and (security) vulnerabilities in software quite often and (try to) report them to developers and vendors.

If you are a software developer or vendor but failed to provide an email address for reporting bugs, weaknesses and/or (security) vulnerabilities within your software and its documentation or failed to publish an email address on your web site I usually disclose the bugs, weaknesses and/or (security) vulnerabilities immediately.
If the email address provided within your software and its documentation or published on your web site is invalid or reports sent to this mailbox bounce I usually disclose the bugs, weaknesses and/or (security) vulnerabilities immediately.
If you receive a bug, weakness and/or (security) vulnerability report I expect at least an (immediate) acknowledgement of receipt and a qualified reply in the course of one week.
If you don’t acknowledge the receipt or don’t reply within one week I usually resend the notification once, eventually with Cc: to CERT/CC.
If you again don’t acknowledge the receipt or don’t reply within another week I usually disclose the bugs, weaknesses and/or (security) vulnerabilities then without further notice.
If you consider a bug, weakness and/or (security) vulnerability I reported to you not as (security) vulnerability I usually disclose it immediately.
If you decline to fix a bug, weakness and/or (security) vulnerability I reported to you I usually disclose it immediately.
I expect that you assign or request a CVE^® identifier for every security vulnerability I report to you and notify me when done.
I usually set a disclosure date 45 days after the initial bug, weakness and/or (security) vulnerability report.
If you can’t meet this initial deadline and need more time to provide a fix or inform your customers I will grant an extension of the initial deadline if you provide convincing arguments to me.
If the set deadline expires I usually disclose the bugs, weaknesses and/or (security) vulnerabilities then without further notice.
I expect regular progress and/or status updates every other week, especially if you can’t meet the (initial or extended) deadline.
If you don’t send progress and/or status updates on your own I will eventually request them from you.
If you don’t reply to a progress and/or status update request within one week I usually disclose the bugs, weaknesses and/or (security) vulnerabilities then without further notice.
I usually disclose the bugs, weaknesses and/or (security) vulnerabilities once you provide a fix or publish a (security) advisory or bulletin.

Data Protection Declaration

This web page records no (personal) data and stores no cookies in the web browser.

The web service is operated and provided by

Telekom Deutschland GmbH
Business Center
D-64306 Darmstadt
Germany
<‍hosting‍@‍telekom‍.‍de‍>
+49 800 5252033

The web service provider stores a session cookie in the web browser and records every visit of this web site with the following data in an access log on their server(s):

the (pseudonymised) IP address;
the date and time of the request;
the URL of the requested web page or file;
the Referer and User-Agent HTTP headers sent by the web browser;
the result (success or failure) of the request;
the amount of data received and sent.