Article ID: 112132, created on Aug 29, 2011, last review on Jul 19, 2016

  • Applies to:
  • Operations Automation


Different folders on Windows Shared Hosting server (e.g. C:\Perl) are writable by scripts of customers' webspaces.

This is because root directories of all disk volumes have inheritable write access for group BUILTIN\Users by default. Some directories (e.g. Program Files, CustomerData) drop this permission, but some other (e.g. Perl) do not. All web scripts are executed under credentials of special users that are members of group BUILTIN\Users.


The issue has been fixed in scope of OA 5.5 update 4. To workaround the issue on earlier versions, please do the following steps:

  1. Open Windows Explorer (or My Computer).
  2. Right-click on local disk (C:) and select Properties.
  3. Select the Security tab and click the Advanced button.
  4. Remove two entries which allow write access for group Users (<LOCAL_COMPUTER>\Users):
    1. Remove permission Create Folders / Append Data applied to This folder and subfolders.
    2. Remove permission Create Files / Write Data applied to Subfolders only.
  5. Click the Apply button and close opened windows by clicking the Ok button.
  6. Repeat steps 1-5 for all other local disks.

Search Words

Scheduled Tasks running As Domain Administrators

%PATH% variable windows

customer's files were created in C:

Improper Customer Data Segregation

5356b422f65bdad1c3e9edca5d74a1ae caea8340e2d186a540518d08602aa065 e12cea1d47a3125d335d68e6d4e15e07

Email subscription for changes to this article
Save as PDF