Several users in the help forum wondered how to set ACL properties in windows, by means of a script.
For those who dont know what ACL is :
Well there are serveral ways of doing this. But one easy going is this using the SetACL COM Object.Access Control List. An Access Control List is a list attached to an object such as a file, printer, AD object, ... . It consists of control expressions, each of which grants or denies some ability to a particular user or group of users or object.
More info : http://www.pluralsight.com/wiki/default.as...edSecurity.html
SetACL in Windows
This also comes along with a commandline tool.
This is a quick example on how to get started.
AutoIt
;SetACL $ACCESS Modes Const $DENY_ACCESS = 3 Const $GRANT_ACCESS = 1 Const $REVOKE_ACCESS = 4 Const $SET_ACCESS = 2 Const $SET_AUDIT_FAILURE = 6 Const $SET_AUDIT_SUCCESS = 5 ;SetACL Actions Const $ACTN_ADDACE = 1 Const $ACTN_CLEARDACL = 16 Const $ACTN_CLEARSACL = 32 Const $ACTN_COPYDOMAIN = 1024 Const $ACTN_COPYTRUSTEE = 1024 Const $ACTN_DOMAIN = 8192 Const $ACTN_LIST = 2 Const $ACTN_REMOVEDOMAIN = 512 Const $ACTN_REMOVETRUSTEE = 512 Const $ACTN_REPLACEDOMAIN = 256 Const $ACTN_REPLACETRUSTEE = 256 Const $ACTN_RESETCHILDPERMS = 128 Const $ACTN_RESTORE = 2048 Const $ACTN_SETGROUP = 8 Const $ACTN_SETINHFROMPAR = 64 Const $ACTN_SETOWNER = 4 Const $ACTN_TRUSTEE = 4096 ;SetACL Inheritance Values Const $INHPARCOPY = 2 Const $INHPARNOCHANGE = 0 Const $INHPARNOCOPY = 4 Const $INHPARYES = 1 ;SetACL $LIST Formats Const $LIST_CSV = 1 Const $LIST_SDDL = 0 Const $LIST_TAB = 2 ;SetACL $LIST Names Const $LIST_NAME = 1 Const $LIST_NAME_SID = 3 Const $LIST_SID = 2 ;SetACL Recursion Const $RECURSE_CONT = 2 Const $RECURSE_CONT_OBJ = 6 Const $RECURSE_NO = 1 Const $RECURSE_OBJ = 4 ;SetACL Return COdes Const $RTN_ERR_ADD_ACE = 32 Const $RTN_ERR_CONVERT_SD = 27 Const $RTN_ERR_COPY_ACL = 31 Const $RTN_ERR_CREATE_SD = 45 Const $RTN_ERR_DEL_ACE = 30 Const $RTN_ERR_DIS_PRIV = 13 Const $RTN_ERR_EN_PRIV = 12 Const $RTN_ERR_FINDFILE = 16 Const $RTN_ERR_GENERAL = 2 Const $RTN_ERR_GET_SD_CONTROL = 17 Const $RTN_ERR_GETSECINFO = 5 Const $RTN_ERR_IGNORED = 44 Const $RTN_ERR_INTERNAL = 18 Const $RTN_ERR_INV_DIR_PERMS = 7 Const $RTN_ERR_INV_DOMAIN = 43 Const $RTN_ERR_INV_PRN_PERMS = 8 Const $RTN_ERR_INV_REG_PERMS = 9 Const $RTN_ERR_INV_SHR_PERMS = 11 Const $RTN_ERR_INV_SVC_PERMS = 10 Const $RTN_ERR_INVALID_SD = 38 Const $RTN_ERR_LIST_ACL = 28 Const $RTN_ERR_LIST_FAIL = 15 Const $RTN_ERR_LIST_OPTIONS = 26 Const $RTN_ERR_LOOKUP_SID = 6 Const $RTN_ERR_LOOP_ACL = 29 Const $RTN_ERR_NO_LOGFILE = 33 Const $RTN_ERR_NO_NOTIFY = 14 Const $RTN_ERR_OBJECT_NOT_SET = 4 Const $RTN_ERR_OPEN_LOGFILE = 34 Const $RTN_ERR_OS_NOT_SUPPORTED = 37 Const $RTN_ERR_OUT_OF_MEMORY = 46 Const $RTN_ERR_PARAMS = 3 Const $RTN_ERR_PREPARE = 24 Const $RTN_ERR_READ_LOGFILE = 35 Const $RTN_ERR_REG_CONNECT = 21 Const $RTN_ERR_REG_ENUM = 23 Const $RTN_ERR_REG_OPEN = 22 Const $RTN_ERR_REG_PATH = 20 Const $RTN_ERR_SET_SD_DACL = 39 Const $RTN_ERR_SET_SD_GROUP = 42 Const $RTN_ERR_SET_SD_OWNER = 41 Const $RTN_ERR_SET_SD_SACL = 40 Const $RTN_ERR_SETENTRIESINACL = 19 Const $RTN_ERR_SETSECINFO = 25 Const $RTN_ERR_WRITE_LOGFILE = 36 Const $RTN_ERR_OK = 0 Const $RTN_ERR_USAGE = 1 ;SetACL $SD Info Const $ACL_DACL = 1 Const $ACL_SACL = 2 Const $SD_GROUP = 8 Const $SD_OWNER = 4 ;SetACL $OBJECT Types Const $SE_FILE_OBJECT = 1 Const $SE_LMSHARE = 5 Const $SE_PRINTER = 3 Const $SE_REGISTRY_KEY = 4 Const $SE_SERVICE = 2 $strFileName = "C:TmpResults1.txt" $strUsername = "Users" $strPermission = "change" $SetACL1 = ObjCreate("SetACL.SetACLCtrl.1") If IsObj($SetACL1) then With $SetACL1 $nError = .SetObject($strFileName, $SE_FILE_OBJECT) $nError = .SetAction($ACTN_ADDACE) $nError = .ADDACE($strUsername, 0, $strPermission, $INHPARNOCHANGE, 0, $GRANT_ACCESS, $ACL_DACL) $nError = .Run Endwith Else Msgbox(0,"Error","No Object Found") EndIf
An other tool is ofcourse the famous MS CACLS
Enjoy !!
regards
ptrex
Edited by ptrex, 14 September 2012 - 09:36 AM.
