SetACL on Windows

From braindump
Revision as of 21:21, 17 June 2012 by Uroesch (talk | contribs) (Created page with "{{DISPLAYTITLE:SetACL on Windows}} [http://helgeklein.com SetACL] is a very powerful commandline tool that can help automate some of the more tedious permission setting tasks on ...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

SetACL is a very powerful commandline tool that can help automate some of the more tedious permission setting tasks on Windows.

Windows ACLs are quite a bit more sophisticated than the Unix implementations I have come across so far. So SetACL is not for the faint of heart. Since I don't use it on a regular basis I forget most of the stuff until the next time. This document should help list some of the pain.

Howto

Inheritance of directories

Take away inheritance, don't copy permission

Make sure there are non inherited users already present or do add them like on the last line. 

SetACL -on "<Path>" 
       -ot file 
       -actn setprot -op "dacl:p_nc;sacl:nc"
       -actn ace -ace "n:domain\user;p:full"

Take away inheritance, copy permission

SetACL -on "<Path>" 
       -ot file 
       -actn setprot -op "dacl:p_c;sacl:nc"

Inherit from parent

SetACL -on "<Path>" 
       -ot file 
       -actn setprot -op "dacl:np;sacl:nc"

References

Retrieved from "https://braindump.bun.ch/index.php?title=Windows/SetACL&oldid=681"