Re: Replacing an ACE in an ACL?

From: Jean-Paul F. Otin (jpfo@mitre.org)
Date: 01/07/03


From: "Jean-Paul F. Otin" <jpfo@mitre.org>
Date: Tue, 07 Jan 2003 10:30:27 -0500


I think what Pieter wants is to replace the "Everyone" group every place it appears in the file
system ACLs (all files and directories) with the "User" group and use the same ACLs. I'd also like
to know if that can be done "automatically" from the command line.

Right now, the only solution I can find is partial. It involves adding the SYSTEM and
Administrators with Full Control, then adding Users with Read/Execute, and finally, deleting the
Everyone group. This involves giving too much privileges to the Users group in some areas of the
file system, such as at the root (C:\).
jp

--
Jean-Paul F. Otin               Applied Secure Systems Engineering
Internet: jpfo@mitre.org     The MITRE Corporation
Voice:    781 271 8331      202 Burlington Road, M/S S124
Fax:      781 271 3816       Bedford, MA 01730-1420
Jason Stanley wrote:
> The /P switch will replace a specified users rights with cacls.
>
> "Pieter" <welcome@chello.nl> wrote in message
> news:3E036651.DBA2545C@chello.nl...
> > I want to replace the group 'everyone' into 'users' for all ACLs of files
> and
> > directories on the C drive. It is to much work and it is asking for errors
> to
> > do it with the explorer. The utilities CACLS and XCACLS can not 'replace'.
> > - Is there a utility which can replace ACEs in ACLs?
> > - Are there (system-) functions in e.g. perl or other popular program
> > interpreter to retrieve ACLs from objects so that I can program an ACE
> > replacement myself?
> >
> > Thanks in advance, Pieter
>
> Opinions expressed here are my own and may not represent those of my employer.



Relevant Pages

  • Replacing an ACE in an ACL?
    ... The utilities CACLS and XCACLS can not 'replace'. ... Is there a utility which can replace ACEs in ACLs? ... Are there functions in e.g. perl or other popular program ...
    (comp.os.ms-windows.nt.admin.security)
  • Re: Output Varies from Show Access-List Command
    ... config. ... return path so that you don't need to specifically configure static ACEs ... ACLs from an access control server? ... access-group statement, we observed many many un-numbered ACEs ahead ...
    (comp.dcom.sys.cisco)
  • Re: Exch2003 - Add a public delegate?
    ... Can you describe the steps required and library dependencies? ... I'm already familiar with CDO and working with ACLs and ACEs. ... You'll need to learn how to use the directory features, work with ACLs and ACEs, and apply properties. ...
    (microsoft.public.exchange.development)
  • Re: Output Varies from Show Access-List Command
    ... config. ... return path so that you don't need to specifically configure static ACEs ... seeing entries such as those you've described when I use the show ... ACLs from an access control server? ...
    (comp.dcom.sys.cisco)
  • Re: Why do some folders/registry keys have 2 permissions instead of 1?
    ... define a "canonicalization" for the standard set of ... ACEs and header bits used for X and then provided a utility that would ... not rewrite the ACLs, and we are left to reinvent the wheel. ... Roger Abell ...
    (microsoft.public.win2000.general)