Volumes without ACL control (Windows)

Module: Object Integrity

Supported Platforms: Windows 2000, Windows 2003, Windows 2008, Windows Vista, Windows XP

This check lists all volumes, including FAT volumes, with file systems that do not have file allocation table ACL support. These volumes are inherently insecure. Use the name list to exclude volume names such as MYDISK, file systems such as HPFS, or root directories such as C:\ from this check.

The following table lists the error message for the check.

Table: Error message for Volumes without ACL control

Message String ID and Category

Platform and Message Numeric ID

Message Title and Description

Additional Information

String ID: ESM_NOACL

Category: Policy Compliance

  • Windows 2000 (106231)

  • Windows 2003 (206231)

  • Windows 2008 (249231)

  • Windows Vista (229231)

  • Windows XP (201231)

Title: Volume with file system that does not support ACLs

Description:The volume has a file system that does not support persistent ACLs. There is little or no control over who can access these files. You should convert all volumes with FAT file systems to NTFS. The name list can be used to exclude volume names such as MYDISK, file systems such as HPFS, or root directories such as C:\ from this check.

Severity: yellow-1

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [File system: %s; volume name: %s]