Solved

Can I use playfile with the newer tool ICACL? WHat would be the command?

Posted on 2016-11-08
12
122 Views
Last Modified: 2016-11-19
I had this question after viewing Newer Security translation tools alike subinacl for Windows 10.

Can I use playfile with the newer tool ICACL? WHat would be the command
0
Comment
Question by:creative555
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
  • 2
  • +1
12 Comments
 
LVL 70

Expert Comment

by:Qlemo
ID: 41879483
You should be able to create something similar with /Save and /Restore options. It will only work for files, though.
0
 
LVL 19

Expert Comment

by:Peter Hutchison
ID: 41879598
I use a new tool called Setacl.exe to replace Subinacl. You can get it from https://helgeklein.com/setacl/.
1
 

Author Comment

by:creative555
ID: 41879717
Does setacl works with Win 10? I have subinacle fail on Cortana folder all the time.

Below is where I need to add target user permissions:

This is from  Subinacle log.
+subkeyreg HKEY_USERS\S-1-5-21-727705047-903972831-1544914777-2009
/grant=S-1-5-21-3776012894-3702078199-3568858750-2039
+subkeyreg HKEY_USERS\S-1-5-21-727705047-903972831-1544914777-2009_Classes
/grant=S-1-5-21-3776012894-3702078199-3568858750-2039
+subkeyreg HKEY_USERS\S-1-5-21-727705047-903972831-1544914777-2009_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion
/replace=S-1-5-21-727705047-903972831-1544914777-2009=S-1-5-21-3776012894-3702078199-3568858750-2039
+keyreg HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3776012894-3702078199-3568858750-2039
/grant=S-1-5-21-3776012894-3702078199-3568858750-2039=QSCEYLDA
+subdirectories C:\Users\luca.dellamore
/grant=S-1-5-21-3776012894-3702078199-3568858750-2039
+subdirectories C:\Users\luca.dellamore\*.*
/grant=S-1-5-21-3776012894-3702078199-3568858750-2039

What command do you use with the setacle tool? Does it do files and registry?
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 

Author Comment

by:creative555
ID: 41879753
Actually, I have read the requirements for setacl and I didn't see Win 10 mentioned there. Did you test with Win 10 version?


System Requirements

SetACL works on all Windows NT based operating systems from Windows XP onwards. The newer, the better. This includes: Windows XP, Windows Server 2003 (R2), Windows Vista, Windows Server 2008, Windows 7 and Windows Server 2008 R2, Windows 8, Windows Server 2012.
0
 
LVL 55

Expert Comment

by:McKnife
ID: 41879988
Setacl works on win10.
Icacls does not work on folders, Qlemo? Here it does on folders but there are some effects that I find irregular, I will look into it again with more time.
0
 
LVL 70

Accepted Solution

by:
Qlemo earned 250 total points
ID: 41880016
icacls works on folders, MäckMesser, at least I never heard anything different. Anyway, it does not work here as registry permission changes are required too.
0
 
LVL 55

Assisted Solution

by:McKnife
McKnife earned 250 total points
ID: 41880024
Cool Emu, why call me McMesser? Election day humor?
Ok, right, it is about registry keys, but still, icacls works on folders, I used it with save and restore. But for the registry, he should look at setacls, right.
0
 

Author Comment

by:creative555
ID: 41880918
thank you so much! So I should try icacls for folders with save and restore. But for the registry, I should look at setacls, right?

 I am new to scripting.  Could you pls suggest the command/switches that I should be running since you used these tools before.

thanks again.


I wonder if we are dealing with file locked for exclusive access when subinacle hangs...What do you think? How does those tools deal with locked files?
0
 
LVL 55

Expert Comment

by:McKnife
ID: 41881042
To be honest: don't ask for other to give you switches. Learn it. Don't rely on others in these matters. It is very easy and well-documented.
"Locked"? There's no indication of that. Could simply be a bug.
0
 

Author Comment

by:creative555
ID: 41881237
good comment. Thank you so much! I will try out and let you know the resutls
0
 

Author Comment

by:creative555
ID: 41891896
Still trying out. Will have the results today or tomorrow :)
0
 

Author Closing Comment

by:creative555
ID: 41894400
thank you so much both! Yes. icacl worked!
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ready for our next Course of the Month? Here's what's on tap for June.
Here's a look at newsworthy articles and community happenings during the last month.
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question