| Home | Forums | Reviews | Articles | Register |
 |
| Thread Tools | Rate Thread |
|
Guest
Posts: n/a
|
I have been trying to use icacls to automate setting an deny write+delete for
Everyone to avoid modifying a "gold master" folder. Unfortunately I have been unable to get it to work. Here's what I did: I created one folder xxx and another yyy. Using the Security tab of the Properties dialog for xxx, I added an entry for everyone and checked deny for * Create files / write data * Create folders / append data * Write attributes * Write extented attributes * Delete subfolders and files * Delete This now works fine - I can browse into the xxx folder, list files but not change or delete stuff. Using icacls to list the ACL this comes out as: Everyone  OI)(CI)(DENY)(W,D,DC)BUILTIN\Administrators I)(F)BUILTIN\Administrators I)(OI)(CI)(IO)(F)NT AUTHORITY\SYSTEM I)(F)NT AUTHORITY\SYSTEM I)(OI)(CI)(IO)(F)BUILTIN\Users I)(OI)(CI)(RX)NT AUTHORITY\Authenticated Users I)(M)NT AUTHORITY\Authenticated Users I)(OI)(CI)(IO)(M)So then i used icacls on the yyy folder: icacls yyy /deny everyone OI)(CI)(W,D,DC)The folder security properties (GUI) look exactly like the one for xxx. icacls also reports back the exact same list. However: It does not work. I cannot open the folder in Explorer or CD into the folder on the command line. I have lost my read/list rights. So: there is something fishy with the GUI and icacls because if I use the old cacls I get an additional piece of information that I don't know how to interpret: xxx Everyone OI)(CI)(DENY)(special access DELETE FILE_WRITE_DATA FILE_APPEND_DATA FILE_WRITE_EA FILE_DELETE_CHILD FILE_WRITE_ATTRIBUTES yyy Everyone OI)(CI)(DENY)(special accessDELETE SYNCHRONIZE FILE_WRITE_DATA FILE_APPEND_DATA FILE_WRITE_EA FILE_DELETE_CHILD FILE_WRITE_ATTRIBUTES A-ha! Where did that deny: synchronize come from? Is that my problem? How do I get rid of it? Unfortunately I cannot use the old cacls as it has no deny mode to deny some partical rights for a user. Help. /Per |
|
|
|
|||
|
|
| |
|
Guest
Posts: n/a
|
|
|
|
|
||
|
| Thread Tools | |
| Rate This Thread | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| how should I setup workbook to acheive my desired results? | Martin ©¿©¬ @nohere.net | Microsoft Excel Misc | 0 | 19th Nov 2008 07:22 PM |
| Vista and icacls | Todd Hudson | Windows Vista General Discussion | 2 | 23rd Apr 2008 07:19 AM |
| Set rights with Icacls | =?Utf-8?B?QmVhdA==?= | Windows Vista Administration | 5 | 13th Jul 2007 03:05 PM |
| How to acheive this ? | Sriram | Windows XP Internet Explorer | 0 | 4th May 2006 01:48 PM |
| I need to acheive true automation | =?Utf-8?B?SmltIFJlbmRhbnQ=?= | Microsoft Access VBA Modules | 0 | 20th Aug 2004 01:43 PM |
