Re: Replacing an ACE in an ACL?

From: Jean-Paul F. Otin (
Date: 01/07/03

From: "Jean-Paul F. Otin" <>
Date: Tue, 07 Jan 2003 10:30:27 -0500

I think what Pieter wants is to replace the "Everyone" group every place it appears in the file
system ACLs (all files and directories) with the "User" group and use the same ACLs. I'd also like
to know if that can be done "automatically" from the command line.

Right now, the only solution I can find is partial. It involves adding the SYSTEM and
Administrators with Full Control, then adding Users with Read/Execute, and finally, deleting the
Everyone group. This involves giving too much privileges to the Users group in some areas of the
file system, such as at the root (C:\).

Jean-Paul F. Otin               Applied Secure Systems Engineering
Internet:     The MITRE Corporation
Voice:    781 271 8331      202 Burlington Road, M/S S124
Fax:      781 271 3816       Bedford, MA 01730-1420
Jason Stanley wrote:
> The /P switch will replace a specified users rights with cacls.
> "Pieter" <> wrote in message
> > I want to replace the group 'everyone' into 'users' for all ACLs of files
> and
> > directories on the C drive. It is to much work and it is asking for errors
> to
> > do it with the explorer. The utilities CACLS and XCACLS can not 'replace'.
> > - Is there a utility which can replace ACEs in ACLs?
> > - Are there (system-) functions in e.g. perl or other popular program
> > interpreter to retrieve ACLs from objects so that I can program an ACE
> > replacement myself?
> >
> > Thanks in advance, Pieter
> Opinions expressed here are my own and may not represent those of my employer.