diff --git a/config/alfresco/bootstrap/categories.xml b/config/alfresco/bootstrap/categories.xml
index 8ec179e3c2..0217be1f89 100644
--- a/config/alfresco/bootstrap/categories.xml
+++ b/config/alfresco/bootstrap/categories.xml
@@ -1,17 +1,11 @@
 <view:view xmlns:view="http://www.alfresco.org/view/repository/1.0"
            xmlns:sys="http://www.alfresco.org/model/system/1.0"
            xmlns:cm="http://www.alfresco.org/model/content/1.0">
-
+   
 	<cm:category_root view:childName="cm:categoryRoot">
-        <view:acl>
-            <view:ace view:access="ALLOWED">
-                <view:authority>guest</view:authority>
-                <view:permission>Read</view:permission>
-            </view:ace>
-        </view:acl>
 		<cm:name>categories</cm:name>
 		<cm:categories>
-
+         
 			<!-- Software Document Classification -->
 			<cm:category view:childName="cm:generalclassifiable">
                 <cm:name>General</cm:name>
@@ -1118,5 +1112,4 @@
 		</cm:categories>
 	</cm:category_root>
 
-</view:view>
-
+</view:view>
\ No newline at end of file
diff --git a/config/alfresco/bootstrap/spaces.xml b/config/alfresco/bootstrap/spaces.xml
index 8cdcfa3fc5..4c58133b02 100644
--- a/config/alfresco/bootstrap/spaces.xml
+++ b/config/alfresco/bootstrap/spaces.xml
@@ -1,10 +1,9 @@
 <view:view xmlns:view="http://www.alfresco.org/view/repository/1.0"
-	xmlns:cm="http://www.alfresco.org/model/content/1.0"
-	xmlns:app="http://www.alfresco.org/model/application/1.0">
+	        xmlns:cm="http://www.alfresco.org/model/content/1.0"
+	        xmlns:app="http://www.alfresco.org/model/application/1.0">
 	
 	<!-- NOTE: all replaced properties referenced from repository.properties file must also be
-	
-	mapped in the bootstrap-context.xml spacesBootstrap/configuration section -->
+	     mapped in the bootstrap-context.xml spacesBootstrap/configuration section -->
 	<cm:folder view:childName="${spaces.company_home.childname}">
 		<view:acl view:inherit="false">
 			<view:ace view:access="ALLOWED">
diff --git a/config/alfresco/bootstrap/system.xml b/config/alfresco/bootstrap/system.xml
index ef5def063b..018740746d 100644
--- a/config/alfresco/bootstrap/system.xml
+++ b/config/alfresco/bootstrap/system.xml
@@ -2,18 +2,32 @@
            xmlns:cm="http://www.alfresco.org/model/content/1.0"
            xmlns:sys="http://www.alfresco.org/model/system/1.0"
            xmlns:app="http://www.alfresco.org/model/application/1.0">
-
+    
     <view:reference view:pathref="${bootstrap.location.path}">
         <!-- Apply Read access to Everyone on root node of Spaces Store -->
         <view:acl>
-        <view:ace view:access="ALLOWED">
-            <view:authority>GROUP_EVERYONE</view:authority>
-            <view:permission>Read</view:permission>
+            <view:ace view:access="ALLOWED">
+                <view:authority>GROUP_EVERYONE</view:authority>
+                <view:permission>Read</view:permission>
+            </view:ace>
+        </view:acl>
+        <!-- Apply Read access to Guest on root node of Spaces Store -->
+        <view:acl>
+            <view:ace view:access="ALLOWED">
+                <view:authority>guest</view:authority>
+                <view:permission>Read</view:permission>
             </view:ace>
         </view:acl>
     </view:reference>
-               
+    
     <sys:container view:childName="${system.system_container.childname}">
+        <!-- Apply Read access to Everyone on sys:system node -->
+        <view:acl view:inherit="false">
+            <view:ace view:access="ALLOWED">
+                <view:authority>GROUP_EVERYONE</view:authority>
+                <view:permission>Read</view:permission>
+            </view:ace>
+		  </view:acl>
         <sys:children>
             <sys:container view:childName="${system.people_container.childname}">
                 <sys:children>
diff --git a/config/alfresco/messages/patch-service.properties b/config/alfresco/messages/patch-service.properties
index e61f33dc0a..3523dbb3e3 100644
--- a/config/alfresco/messages/patch-service.properties
+++ b/config/alfresco/messages/patch-service.properties
@@ -230,4 +230,7 @@ patch.migrateVersionStore.result=Migrated version store. Created {0} version his
 patch.inviteEmailTemplate.description=Adds invite email template to invite space
 
 patch.calendarModelNamespacePatch.description=Update the Calendar model namespace URI and reindex all calendar objects.
-patch.calendarModelNamespacePatch.result=Updated the Calendar model namespace URI to http://www.alfresco.org/model/calendar and reindexed {0} calendar objects.
\ No newline at end of file
+patch.calendarModelNamespacePatch.result=Updated the Calendar model namespace URI to http://www.alfresco.org/model/calendar and reindexed {0} calendar objects.
+
+patch.spacesStoreGuestPermission.description=Sets READ permissions for GUEST on root node of the SpacesStore.
+patch.spacesStoreGuestPermission.result=Granted READ permissions for GUEST on root node of the SpacesStore.
diff --git a/config/alfresco/patch/patch-services-context.xml b/config/alfresco/patch/patch-services-context.xml
index e0bac97291..3c48f650e6 100644
--- a/config/alfresco/patch/patch-services-context.xml
+++ b/config/alfresco/patch/patch-services-context.xml
@@ -1410,17 +1410,6 @@
             <ref bean="aclDaoComponent" />
         </property>
     </bean>
-	
-    <bean id="patch.db-V2.1-AuditPathIndex" class="org.alfresco.repo.admin.patch.impl.SchemaUpgradeScriptPatch" parent="basePatch">
-        <property name="id"><value>patch.db-V2.1-AuditPathIndex</value></property>
-        <property name="description"><value>patch.schemaUpgradeScript.description</value></property>
-        <property name="fixesFromSchema"><value>0</value></property>
-        <property name="fixesToSchema"><value>132</value></property>
-        <property name="targetSchema"><value>133</value></property>
-        <property name="scriptUrl">
-            <value>classpath:alfresco/dbscripts/upgrade/2.2/${db.script.dialect}/AlfrescoSchemaUpdate-2.1-AuditPathIndex.sql</value>
-        </property>
-    </bean>
 
     <bean id="patch.db-V3.0-0-CreateActivitiesExtras" class="org.alfresco.repo.admin.patch.impl.SchemaUpgradeScriptPatch" parent="basePatch">
         <property name="id"><value>patch.db-V3.0-0-CreateActivitiesExtras</value></property>
@@ -1546,4 +1535,34 @@
             <ref bean="qnameDAO" />
         </property>
     </bean>
-</beans>
\ No newline at end of file
+	
+    <bean id="patch.db-V2.1-AuditPathIndex" class="org.alfresco.repo.admin.patch.impl.SchemaUpgradeScriptPatch" parent="basePatch">
+        <property name="id"><value>patch.db-V2.1-AuditPathIndex</value></property>
+        <property name="description"><value>patch.schemaUpgradeScript.description</value></property>
+        <property name="fixesFromSchema"><value>0</value></property>
+        <property name="fixesToSchema"><value>132</value></property>
+        <property name="targetSchema"><value>133</value></property>
+        <property name="scriptUrl">
+            <value>classpath:alfresco/dbscripts/upgrade/2.2/${db.script.dialect}/AlfrescoSchemaUpdate-2.1-AuditPathIndex.sql</value>
+        </property>
+    </bean>
+    
+    <bean id="patch.spacesStoreGuestPermission" class="org.alfresco.repo.admin.patch.impl.SpacesStoreGuestPermissionPatch" parent="basePatch" >
+        <property name="id"><value>patch.spacesStoreGuestPermission</value></property>
+        <property name="description"><value>patch.spacesStoreGuestPermission.description</value></property>
+        <property name="fixesFromSchema"><value>0</value></property>
+        <property name="fixesToSchema"><value>133</value></property>
+        <property name="targetSchema"><value>134</value></property>
+        <property name="permissionService">
+            <ref bean="permissionService"/>
+        </property>
+        <property name="importerBootstrap">
+            <ref bean="spacesBootstrap" />
+        </property>
+        <property name="dependsOn">
+            <list>
+                <ref bean="patch.updateGuestPermission" />
+            </list>
+        </property>
+    </bean>
+</beans>
diff --git a/config/alfresco/version.properties b/config/alfresco/version.properties
index 30c5b72aaa..aa01ee725f 100644
--- a/config/alfresco/version.properties
+++ b/config/alfresco/version.properties
@@ -19,5 +19,4 @@ version.build=@build-number@
 
 # Schema number
 
-<<<<<<< .working
-version.schema=133
+version.schema=134
diff --git a/source/java/org/alfresco/repo/admin/patch/impl/SpacesStoreGuestPermissionPatch.java b/source/java/org/alfresco/repo/admin/patch/impl/SpacesStoreGuestPermissionPatch.java
new file mode 100644
index 0000000000..95056c4da5
--- /dev/null
+++ b/source/java/org/alfresco/repo/admin/patch/impl/SpacesStoreGuestPermissionPatch.java
@@ -0,0 +1,116 @@
+/*
+ * Copyright (C) 2005-2007 Alfresco Software Limited.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+ * As a special exception to the terms and conditions of version 2.0 of 
+ * the GPL, you may redistribute this Program in connection with Free/Libre 
+ * and Open Source Software ("FLOSS") applications as described in Alfresco's 
+ * FLOSS exception.  You should have recieved a copy of the text describing 
+ * the FLOSS exception, and it is also available here: 
+ * http://www.alfresco.com/legal/licensing"
+ */
+package org.alfresco.repo.admin.patch.impl;
+
+import java.util.List;
+
+import org.alfresco.i18n.I18NUtil;
+import org.alfresco.model.ContentModel;
+import org.alfresco.repo.admin.patch.AbstractPatch;
+import org.alfresco.repo.importer.ImporterBootstrap;
+import org.alfresco.service.cmr.admin.PatchException;
+import org.alfresco.service.cmr.repository.ChildAssociationRef;
+import org.alfresco.service.cmr.repository.NodeRef;
+import org.alfresco.service.cmr.repository.StoreRef;
+import org.alfresco.service.cmr.security.PermissionService;
+import org.alfresco.service.namespace.QName;
+import org.alfresco.service.namespace.RegexQNamePattern;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+/**
+ * Grant <b>Read</b> permission to <b>Guest</b> in <b>SpacesStore</b> root node.
+ * Fix for bug ETWOONE-163.
+ * <p>
+ * [KR] Now correctly applies modified permissions to immediate child nodes of the
+ * root node:
+ * <p>
+ * sys:system - Changed inherit=false, Added GROUP_EVERYONE=READ (to disallow guest)
+ * cm:categoryRoot - Removed guest=READ (as already inherits)
+ * 
+ * @author Arseny Kovalchuk
+ * @author kevinr
+ */
+public class SpacesStoreGuestPermissionPatch extends AbstractPatch
+{
+    private static Log logger = LogFactory.getLog(SpacesStoreGuestPermissionPatch.class);
+    
+    private static final String MSG_RESULT = "patch.spacesStoreGuestPermission.result";
+    
+    private PermissionService permissionService;
+    private ImporterBootstrap importerBootstrap;
+    
+    
+    public void setPermissionService(PermissionService permissionService)
+    {
+        this.permissionService = permissionService;
+    }
+    
+    public void setImporterBootstrap(ImporterBootstrap importerBootstrap)
+    {
+        this.importerBootstrap = importerBootstrap;
+    }
+
+    
+    @Override
+    protected String applyInternal() throws Exception
+    {
+        StoreRef store = importerBootstrap.getStoreRef();
+        if (store == null)
+        {
+            throw new PatchException("Bootstrap store has not been set");
+        }
+        
+        NodeRef rootRef = nodeService.getRootNode(store);
+        if (logger.isDebugEnabled())
+        {
+            logger.debug("Store Ref:" + store + " NodeRef: " + rootRef);
+        }
+        permissionService.setPermission(
+                rootRef, PermissionService.GUEST_AUTHORITY, PermissionService.READ, true);
+        
+        String sysQName = importerBootstrap.getConfiguration().getProperty("system.system_container.childname");
+        String catQName = "cm:categoryRoot";
+        List<ChildAssociationRef> refs = nodeService.getChildAssocs(
+                rootRef, ContentModel.ASSOC_CHILDREN, RegexQNamePattern.MATCH_ALL);
+        for (ChildAssociationRef ref : refs)
+        {
+            if (ref.getQName().equals(QName.createQName(sysQName, namespaceService)))
+            {
+                // found sys:system node
+                permissionService.setInheritParentPermissions(ref.getChildRef(), false);
+                permissionService.setPermission(
+                        ref.getChildRef(), PermissionService.ALL_AUTHORITIES, PermissionService.READ, true);
+            }
+            else if (ref.getQName().equals(QName.createQName(catQName, namespaceService)))
+            {
+                // found cm:categoryRoot node
+                permissionService.clearPermission(ref.getChildRef(), PermissionService.GUEST_AUTHORITY);
+            }
+        }
+        
+        return I18NUtil.getMessage(MSG_RESULT);
+    }
+}
\ No newline at end of file