SetACL on Windows
Jump to navigation
Jump to search
SetACL is a very powerful commandline tool that can help automate some of the more tedious permission setting tasks on Windows.
Windows ACLs are quite a bit more sophisticated than the Unix implementations I have come across so far. So SetACL is not for the faint of heart. Since I don't use it on a regular basis I forget most of the stuff until the next time. This document should help list some of the pain.
Howto
Inheritance of directories
Take away inheritance, don't copy permission
Make sure there are non inherited users already present or do add them like on the last line.
SetACL -on "<Path>" -ot file -actn setprot -op "dacl:p_nc;sacl:nc" -actn ace -ace "n:domain\user;p:full"
Take away inheritance, copy permission
SetACL -on "<Path>" -ot file -actn setprot -op "dacl:p_c;sacl:nc"
Inherit from parent
SetACL -on "<Path>" -ot file -actn setprot -op "dacl:np;sacl:nc"