• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 821
  • Last Modified:

Can Active Directory Global Groups be applied to the ACL using CACLS?

I'm running a batch file to launch CACLS to modify permissions.  Is it possible to apply Active Directory Global Groups to the ACL using CACLS?  User accounts are working fine in the script.  

The script appears to simply ignore the global groups.  The global groups do not have any spaces.

I have tried encasing the group name with quotes (").

I've tried using the domain name slash domain\groupname in the command line (with and without the quotes)  

I'm running out of ideas.  Thanks.
0
scuba101
Asked:
scuba101
1 Solution
 
SteveH_UKCommented:
Can you confirm that the groups in question are "security groups" and not "distribution groups" in Active Directory Users & Computers.  Distribution Groups cannot be used in ACLs, but Security Groups (Universal, Global and Local) can all be used in ACLs.

It is best practice to use domain local groups to assign security and global groups to represent groups of users.  You can then combine global groups into universal groups where they are needed to be collected as a set.

Also, be warned, CACLS and XCACLS are not great with permission inheritance.  You may want to look at Powershell:  http://www.microsoft.com/technet/technetmag/issues/2006/12/PowerShell/
0
 
Voo_pgCommented:
CACLS myfile.txt /E /G "Power Users":F

Yes, only security groups will work. The above command would give Power Users, Full Control of myfile.txt

What syntax have you been using?
0
 
scuba101Author Commented:
The problem I was having had to do with an inaccurate path - once I knew AD Global Groups worked, it narrowed down the search.  THanks.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now