Difference between revisions of "Windows/SetACL"
Jump to navigation
Jump to search
(Created page with "{{DISPLAYTITLE:SetACL on Windows}} [http://helgeklein.com SetACL] is a very powerful commandline tool that can help automate some of the more tedious permission setting tasks on ...") |
|||
| Line 21: | Line 21: | ||
<span class="highlight">-actn setprot -op "dacl:<span class="input">np</span>;sacl:nc"</span> |
<span class="highlight">-actn setprot -op "dacl:<span class="input">np</span>;sacl:nc"</span> |
||
== References == |
== References == |
||
* [http://helgeklein.com/setacl/documentation/command-line-version-setacl-exe/ SetACL documentation] |
|||
* [http://support.microsoft.com/kb/243330/en-us Microsoft KB for well-known security identifiers] |
* [http://support.microsoft.com/kb/243330/en-us Microsoft KB for well-known security identifiers] |
||
Revision as of 21:23, 17 June 2012
SetACL is a very powerful commandline tool that can help automate some of the more tedious permission setting tasks on Windows.
Windows ACLs are quite a bit more sophisticated than the Unix implementations I have come across so far. So SetACL is not for the faint of heart. Since I don't use it on a regular basis I forget most of the stuff until the next time. This document should help list some of the pain.
Howto
Inheritance of directories
Take away inheritance, don't copy permission
Make sure there are non inherited users already present or do add them like on the last line.
SetACL -on "<Path>" -ot file -actn setprot -op "dacl:p_nc;sacl:nc" -actn ace -ace "n:domain\user;p:full"
Take away inheritance, copy permission
SetACL -on "<Path>" -ot file -actn setprot -op "dacl:p_c;sacl:nc"
Inherit from parent
SetACL -on "<Path>" -ot file -actn setprot -op "dacl:np;sacl:nc"