Re: Replacing an ACE in an ACL?
From: Jean-Paul F. Otin (firstname.lastname@example.org)
- Next message: Kevin: "System Lifeguard"
- Previous message: Mark Langdon: "Re: Add workstations to domain"
- In reply to: Jason Stanley: "Re: Replacing an ACE in an ACL?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Jean-Paul F. Otin" <email@example.com> Date: Tue, 07 Jan 2003 10:30:27 -0500
I think what Pieter wants is to replace the "Everyone" group every place it appears in the file
system ACLs (all files and directories) with the "User" group and use the same ACLs. I'd also like
to know if that can be done "automatically" from the command line.
Right now, the only solution I can find is partial. It involves adding the SYSTEM and
Administrators with Full Control, then adding Users with Read/Execute, and finally, deleting the
Everyone group. This involves giving too much privileges to the Users group in some areas of the
file system, such as at the root (C:\).
-- Jean-Paul F. Otin Applied Secure Systems Engineering Internet: firstname.lastname@example.org The MITRE Corporation Voice: 781 271 8331 202 Burlington Road, M/S S124 Fax: 781 271 3816 Bedford, MA 01730-1420 Jason Stanley wrote: > The /P switch will replace a specified users rights with cacls. > > "Pieter" <email@example.com> wrote in message > news:3E036651.DBA2545C@chello.nl... > > I want to replace the group 'everyone' into 'users' for all ACLs of files > and > > directories on the C drive. It is to much work and it is asking for errors > to > > do it with the explorer. The utilities CACLS and XCACLS can not 'replace'. > > - Is there a utility which can replace ACEs in ACLs? > > - Are there (system-) functions in e.g. perl or other popular program > > interpreter to retrieve ACLs from objects so that I can program an ACE > > replacement myself? > > > > Thanks in advance, Pieter > > Opinions expressed here are my own and may not represent those of my employer.