SetACL on Windows

From braindump
Jump to navigation Jump to search

SetACL is a very powerful commandline tool that can help automate some of the more tedious permission setting tasks on Windows.

Windows ACLs are quite a bit more sophisticated than the Unix implementations I have come across so far. So SetACL is not for the faint of heart. Since I don't use it on a regular basis I forget most of the stuff until the next time. This document should help list some of the pain.

Howto

Inheritance of directories

Take away inheritance, don't copy permission

Make sure there are non inherited users already present or do add them like on the last line. 

SetACL -on "<Path>" 
       -ot file 
       -actn setprot -op "dacl:p_nc;sacl:nc"
       -actn ace -ace "n:domain\user;p:full"

Take away inheritance, copy permission

SetACL -on "<Path>" 
       -ot file 
       -actn setprot -op "dacl:p_c;sacl:nc"

Inherit from parent

SetACL -on "<Path>" 
       -ot file 
       -actn setprot -op "dacl:np;sacl:nc"

References

Retrieved from "https://braindump.bun.ch/index.php?title=Windows/SetACL&oldid=682"