ceebster Posted April 13, 2010 Posted April 13, 2010 Hi Guys I will be using CACLS to assign some permissions to new folders i am creating. Is there any was that CACLS can remove what current permissions are on the folder and then only assign new ones i put in my CACLS script? Thanks Chris
sparkeh Posted April 13, 2010 Posted April 13, 2010 (edited) I believe CACLS replaces the current permissions with those you assign. The /e option edits the permissions. This article should help Edit: actually this one is better. Edited April 13, 2010 by sparkeh
srochford Posted April 13, 2010 Posted April 13, 2010 Watch out for the fact that CACLS without the /e switch will prompt for every change (because it's making possibly disastrous changes - eg remove system permissions from the Windows directory and Windows might not work as well as it should ...) You might want to look at xcacls (How to use Xcacls.exe to modify NTFS permissions) which has a /y switch
JJonas Posted April 22, 2010 Posted April 22, 2010 Im trying to change permissions to a program(screen tinter lite) via CACLS. I want to get my students to do it automatically when they log on. I have assigned the relevant CACLS command to a student logon script but it looks as if they are getting an access denied error when it runs. I was under the impression that logon scripts ran with an elevated level of privillages. How should I go about making this permissions change?
_Adam_ Posted April 23, 2010 Posted April 23, 2010 I use icacls over cacls. icacls /reset /T - clear all permissions other than inheritance icacls /inheritance:r - clear inheritance ACEs
srochford Posted April 24, 2010 Posted April 24, 2010 Logon scripts run in the security context of the user so you can't change permissions unless the student already has full control on the folder or can take ownership and then change permissions. There are ways in which you can effectively do a "runas" in a login script and then make changes but I think it's easier to put permission changes in a machine startup script (if it's a local set of permissions that need changes) or to run it directly on the server (if it's changes on things like home folders)
srochford Posted April 24, 2010 Posted April 24, 2010 Logon scripts run in the security context of the user so you can't change permissions unless the student already has full control on the folder or can take ownership and then change permissions. (This applies if you're using cacls, xcacls, icacls or any other tool) There are ways in which you can effectively do a "runas" in a login script and then make changes but I think it's easier to put permission changes in a machine startup script (if it's a local set of permissions that need changes) or to run it directly on the server (if it's changes on things like home folders)
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now