Ok, I tried using the SUBINACL.EXE utility but I couldn't
get it to do what I needed to. Maybe i'm not using the
right syntax, I don't know. The problem is, I'm trying
to replace and remove ACL permissions on some of the
hives (such as removing the EVERYONE group and some
others), but my only options are to grant or deny.
For example, the HKEY_LOCAL_MACHINE key has
Administrators, System, Restricted and Power Users group
that have access to that particular hive. I need to
remove Restricted and Power Users and add Creator Owner
and Users, then set their permissions. Adding the two
groups isn't a problem, removing the other two is the
problem. Another thing I'm attempting to do is to enable
auditing on the registry hive. I can set it to audit
either successes or failures, but I can't do both at the
same time.
Is there another switch I need to throw to do everything
I need it to do or is there another utility out there
somewhere that i'll need to use? Thanks.
-----Original Message-----
It doesn't ship with the OS, but you can download
subinacl from Microsoft:
http://www.microsoft.com/downloads/details.aspx?
FamilyID=e8ba3e56-d8fe-4a91-93cf-
ed6985e3927b&displaylang=en
--
Drew Cooper [MSFT]
This posting is provided "AS IS" with no warranties, and
confers no rights.
It may be out there, but I forgot, is there a built- in
command-line utility that is available that will allow
me
to change permissions on hives and keys in the registry
of an XP machine, something on the line of the CACLS or
the XCACLS utility to change file ACLs? Thanks.
.