cacls - change file and folder permissions


G

Guest

Greetings!
Win XP Home sp2 all current updates
1 drive, no partitions, NTFS
My son, a novice hacker, has created his own login.
He ran the DOS utility "cacls" to create a more secure personal environment.
One year latter, that is today, I cannot open random files spread thru my
dir structure. It seems he has viewed these random files and I have read
only permissions. He has gained ownership to only certain files. I maintain
one computer with 4 users. We all share the same login except for the
hacker. The simple solution is to remove the hacker’s login but I fear I
need his login for this fix.

I notice in my login the file properties only have the 'general' heading for
these affected files and 'general', 'custom', and 'summary' for all normal
files.
His login has 'general', 'custom', and 'summary' for these affected files.
He is the owner.

The directory properties are 'read only' I de-select the 'read only' and
apply
XP replies - error applying attributes - only to the affected files

I ran the - cacls c:\path\filename /t /e /g 'login name' :f
article 288292
Is my syntax correct, I did not get bounced or errors in the DOS utility.
Article 309531 tells me to run the cacls on the "system volume information"
I am reluctant.

XP home has simple file sharing enabled by default. Article 307874 explains
how to disable simplified sharing but it does not apply to XP Home.

Sorry, my post is becoming long winded
Problem 2
Article 308418 (set, view, change, or remove file folder permissions)
I found I could not run safe mode to explore this solution.
During the safe mode startup, a full screen of system 32 kernel device
drivers scrolls by and stops on 'D346bus.sys'. I am asked to esc to stop or
let it load.
Esc loops back to the boot options where safe mode was started.
Letting the driver pass freezes the screen of the loading device drivers.

I checked 'msinfo32' and found 'D346bus.sys' is started and running during
normal login. Looking for the problem "not able to run safe mode" is not a
valid search starting point.

If I haven’t over-stayed my welcome, please enlighten my challenge with your
knowledge.

Regards,
Lee
 
Ad

Advertisements

G

Guest

CACLS is difficult to use, but it will allow the default admin to take
ownership of anything. Assuming you still have access to the system's defailt
"Administrator" account, you can use cacls to reverse the hack.

162786 - Undocumented CACLS Group Permissions Capabilities:
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q162786

I think you will find that access to the Permissions settings are also going
to be available when you logon as default "Administrator". This is certanly
an easier way to do it. Rightclick a file, Properties, Sharing tab,
Permissions button.
 
G

Guest

Mark,
Thank you

cacls thru my default admin file structure did not solve the problem
cacls thru the hackers login and sub directory structure did solve the problem

thanks again for this great forum

Regards,
Lee
 
Ad

Advertisements


Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top