Q327522 using XCACLS.EXE

[Mike]

Hello,

I'd like to automate the admin action required by Q327522 (327522 - MS02-064
Windows 2000 Default Permissions May Permit Trojan Horse Attack) by using
xcacls.exe from the command prompt. This is for our Win2000 machines. The
xcacls help is still a bit cryptic for me. I'm using xcacls.exe from WinXP
support.cab. Thanks in advance.

Mike

 

[Bill Stewart]

I'd like to automate the admin action required by Q327522 (327522 -
MS02-064 Windows 2000 Default Permissions May Permit Trojan Horse Attack)
by using xcacls.exe from the command prompt. This is for our Win2000
machines. The xcacls help is still a bit cryptic for me. I'm using
xcacls.exe from WinXP support.cab. Thanks in advance.

Hi Mike,

Q327522 mentions using a security template to accomplish this.

For more information about security templates, see
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sag_scetopnode.mspx

Regards,

Bill

 

[Mike]

Thanks Bill. Yes, secedit should also work nicely here.

Sometimes you just want to do everything from a command prompt. The output
for my system is:

C:\Documents and Settings\Admin\Desktop>xcacls c:\
c:\ BUILTIN\AdministratorsOI)(CI)F
CREATOR OWNEROI)(CI)(IO)F
Everyone:R
NT AUTHORITY\SYSTEMOI)(CI)F
BUILTIN\UsersOI)(CI)R
BUILTIN\UsersCI)(special access
SYNCHRONIZE
FILE_APPEND_DATA

BUILTIN\UsersOI)(CI)(IO)(special access
SYNCHRONIZE
FILE_WRITE_DATA

For more information about security templates, see

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sag_scetopnode.mspx