LinkBack URL
About LinkBacksHi Guys
I will be using CACLS to assign some permissions to new folders i am creating.
Is there any was that CACLS can remove what current permissions are on the folder and then only assign new ones i put in my CACLS script?
Thanks
Chris
Hi Guys
I will be using CACLS to assign some permissions to new folders i am creating.
Is there any was that CACLS can remove what current permissions are on the folder and then only assign new ones i put in my CACLS script?
Thanks
Chris
I believe CACLS replaces the current permissions with those you assign. The /e option edits the permissions.
This article should help
Edit: actually this one is better.
Last edited by sparkeh; 13th April 2010 at 11:25 AM.
Watch out for the fact that CACLS without the /e switch will prompt for every change (because it's making possibly disastrous changes - eg remove system permissions from the Windows directory and Windows might not work as well as it should ...)
You might want to look at xcacls (How to use Xcacls.exe to modify NTFS permissions) which has a /y switch
Im trying to change permissions to a program(screen tinter lite) via CACLS. I want to get my students to do it automatically when they log on. I have assigned the relevant CACLS command to a student logon script but it looks as if they are getting an access denied error when it runs. I was under the impression that logon scripts ran with an elevated level of privillages. How should I go about making this permissions change?
I use icacls over cacls.
icacls <path> /reset /T - clear all permissions other than inheritance
icacls <path> /inheritance:r - clear inheritance ACEs
Logon scripts run in the security context of the user so you can't change permissions unless the student already has full control on the folder or can take ownership and then change permissions.
There are ways in which you can effectively do a "runas" in a login script and then make changes but I think it's easier to put permission changes in a machine startup script (if it's a local set of permissions that need changes) or to run it directly on the server (if it's changes on things like home folders)
Logon scripts run in the security context of the user so you can't change permissions unless the student already has full control on the folder or can take ownership and then change permissions. (This applies if you're using cacls, xcacls, icacls or any other tool)
There are ways in which you can effectively do a "runas" in a login script and then make changes but I think it's easier to put permission changes in a machine startup script (if it's a local set of permissions that need changes) or to run it directly on the server (if it's changes on things like home folders)
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
