I have some performance counters that write to CSV files in the default location (%SYSTEMDRIVE%\Perflogs
).
The directories that it creates are "special." When I attempt to browse into them, explorer complains
I can click "Continue" and then I no longer have problems browsing into the directories with explorer.
However, if I attempt to access the directories via an unelevated cmd shell, I get ACCESS_DENIED. With an elevated cmd, I can access the data files without a problem.
icacls reports this about the directory (before I browse into it)
MEMTEST2_20190724-000004 NT AUTHORITY\SYSTEM:(OI)(CI)(F)
BUILTIN\Administrators:(OI)(CI)(F)
BUILTIN\Performance Log Users:(OI)(R)
The user I'm running as is already in Performance Log Users
.
- What is actually happening when I "permanently get access to this folder?"
- How is this directory actually secured against non-elevated access?
- Is there a good way to "unprotect" the directory without reconfiguring the performance counter to write to a different location?
- I read this answer, which describes how to create an event listener to unprotect the directory when the counter starts. Is there no other way?