Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Commmand line Windows ACLs - copy inheritance, remove group and add another group

Posted on 2010-09-17
6
1,567 Views
Last Modified: 2013-12-04
I'm in need of a simple way of setting the following on a folder. The procedure I use in the GUI is as follows::

- Stop inheritance but copy all the rights
- Remove "Users" group
- Add "Z USERS" to the ACL with everything but full control

I know xcopy can copy permissions but that proved to break very easily as it copy some unwanted ACLs from the source as well and these can be removed as the entire ACL is marked as inherited.

I would much prefer to use something that comes with XP/w2k3 or the resources kits as I have a batch script that does everything but this part.
0
Comment
Question by:saL1Las
  • 4
  • 2
6 Comments
 
LVL 3

Expert Comment

by:latchways
ID: 33700136
Check out CACLS.exe http://ss64.com/nt/cacls.html 
0
 
LVL 3

Author Comment

by:saL1Las
ID: 33700195
I have tried CACLS and XACLS but have not been able to get them to do what I am after - I feel I missed something but any idea on the switches?
0
 
LVL 3

Accepted Solution

by:
latchways earned 200 total points
ID: 33700352
Try XCACLS.vbs http://support.microsoft.com/kb/825751 

with

xcacls.vbs <foldername> /T /E /I REMOVE /R "domain.com\domain users" /G "domain.com\z users":M
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 3

Author Comment

by:saL1Las
ID: 33700434
Very close...but there was a typo.

xcacls.vbs <foldername> /T /E /I COPY /R "domain.com\domain users" /G "domain.com\z users":M

Should be copy and not remove.

Let me quickly throw this into a batch script and see if this works...I didn't realize there was VBS of xcacls but so long as I can integrate it into my current do it all batch script, I'm sorted.
0
 
LVL 3

Author Comment

by:saL1Las
ID: 33700652
I've tested it in my master script and for those who'd like to know please do the following:

Please xcacls.exe and XACLS.vbs on a file share that can be accessed and in the same folder.

To copy inheritance, remove specific permission and then add your own with all but full access:

cscript "\\myserver\myshare\myfolder\xcacls.vbs" <foldername> /T /E /I COPY /R "domain.com\domain users" /G "domain.com\z users":M

If you want to be explicity, replace the M at the end with one of the following:
F  Full control
M  Modify
X  read & eXecute
L  List folder contents
R  Read
W  Write

Alternatively, if you want to keep the inheritance as is and just add a security group, change copy to enable:

cscript "\\myserver\myshare\myfolder\xcacls.vbs" <foldername> /T /E /I ENABLE /R "domain.com\domain users" /G "domain.com\z users":M

You can add /Q to the end of either of the above to suppress all the text.

If you need to check for more options

cscript "\\myserver\myshare\myfolder\xcacls.vbs" /?

Sorted!
0
 
LVL 3

Author Closing Comment

by:saL1Las
ID: 33700668
See my last post for full solution.
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Migrate data to new Mac OS X server 3 88
Concurrent Sessions 6 41
Botnet detection help me please 21 133
Enterprise Mode 4 46
Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question