So when one mounts an NTFS volume in macOS or Linux via various options such as Paragon or ntfs-3g, it is easy to access user's folders and so forth since the ACLs are not preserved so as to prevent access.
Is there a way to mount volumes within Windows itself that will disallow ACLs so as to allow the same behavior that one would experience on a Unix system?
Windows PE appears to ignore ACLs.
If you can run Windows PE or Hirens BootCD on another PC (physical or virtual) with the disk in question attached to it then share it on the network and then map a network drive on a client PC. This method has some downsides like inconvenience of dealing with second OS and bottlenecks associated with networking stack. But it is free.
Commands you may find useful on Windows PE:
Disable firewall:
wpeutil DisableFirewall
Share the drive (be mindful of permissions if on non-private physical network):
net share sharename=c:\ /grant:everyone,full
If this is a regular thing then you might want to edit your WindowsPE boot.wim file using DISM and add the two commands to a [image_root]\windows\system32\startnet.cmd file.
NTFS Access Control is handled in a different way to Unix/HFS methods. HFS, being essentially FAT32 + B-trees stores them completely separately as metadata like references, so it is easy for the filesystem to modify one without touching the other.
NTFS ACL data is closely connected to NTFS itself, as the access tokens passed around by the actual driver to connect data fragments and metadata is encrypted with code directly from the ACL list. I'm not working for MS security but apparently it helps down the line as this encryption is able to be used as a cross check for file integrity/bit rot. This is one of the reasons NTFS is more secure against bit rot and silent data corruption compared to HFS. In being able to change the data, you break the ACL and vice versa, so the only way you can mount the drive is read-only. This is also why Tuxera/NTFS3G etc etc don't want to mount a dirty or hibernated drive... Microsoft tie both of those states into the same key handling system.
The easy way to do this is to create a new user group for your planned usage now, added to the Admin group of the system Admin from your prior Windows ACL group. Use the Runas command from an elevated command prompt to open the application of your choice (copy it's location string from an explorer window then manually add the program's name .exe) and set up it's scheduled behaviours then save it there.
You can use a shortcut for this as well, and set it to always run as that user in it's properties dialog. If you wish to make the user unable to update modified times you can also restrict the update ability granularly now by disabling said user's write privilege to files.
There is no general method for Windows to ignore permissions, except by resetting ownership and permissions for all files. When shuttling between computers, this is not an acceptable solution.
The problem arrives when a user account is created on one computer, so has no equivalent on the other computer. The other computer will then call it "Unknown Account" and will assign it some arbitrary and very limited permissions.
One solution is to only use an account that is common to all Windows computers, for example the built-in Administrator account. This account is disabled in Windows 7 and onward, for good security reasons, so this solution is not advised.
To totally avoid such permissions problems, you could use a disk format that has no permissions, instead of NTFS.
One such format is the old FAT32 which lacks totally the notions of security and permissions. Its disadvantage is that it is limited to files of size up to 4GB. Its advantage is that it's universally supported on all versions of Windows, Mac, Linux, game consoles, and practically anywhere else.
If the 4GB limitation is unacceptable, the exFAT format is basically FAT64. Its disadvantage is that it's proprietary and requires licensing from Microsoft. It works with all versions of Windows from XP Service Pack 3 and above (and/or on installation of Windows XP Update KB955704) and on modern versions of Mac OS X, but requires additional software on Linux.
Using EaseUS Partition Master, you can access NTFS drives through the "explore partition" feature and bypass all filesystem security, short of encryption.
You can also explore Linux partitions like Ext2,3,4 btrfs, xfs, etc.
All from within Windows. Even a WinPE system.
