Possible file security issues of IBM/Lenovo Windows XP

[Puppy]

It seems as all of IBM/Lenovo Windows XP preloads are extracted to FAT32 partition and converted to NTFS later. I noticed there is a difference in NTFS permissions for "All Users" folder. While on clean Windows XP installation the folder is read-only for members of Users group, ThinkPads have always set full permissions for Everyone. A malicious software running under limited account (Users) can easily modify some system-wide settings like startup programs for all users, including Administrators ! There is Microsoft KB article about it:

File security issues after converting FAT32 partitions to the NTFS file system
http://support.microsoft.com/kb/810142

Unfortunately there is not any solution you can easily apply. I'd expect a BAT file or any kind of script which would automatically correct this issue. I also tried to search IBM support with no luck. Has anyone tried to correct the permissions yourself ?

I'd consider it as serious security issue today.

[RealBlackStuff]

Have you tried Start/Run/secpol.msc to modify those settings?

[Puppy]

Local Security Policy is something different. This is purely incorrect file system permissions (files and folders) issue. I'm currently playing with a batch file using cacls.exe to correct it.

[ARD]

My All Users folder has the Read & Execute, List Folder Contents, and Read allowed permissions for the Everyone Group.
This OS install was directly from the Restore CD for my T43.
Maybe this has changed for newer models?