Re: xcacls + subfolders and files only

From: frederic henry (frederichenry@hotmail.com)
Date: 12/09/02 

From: "frederic henry" <frederichenry@hotmail.com>
Date: Mon, 9 Dec 2002 11:52:56 -0800

not really.

that would work on directories that already have data in
them, but this is part of an automated process in which
the default perms. on homespace (created through active
directory) will be changed upon the creation of an account.

i've seen a few posts in older newsgroups around people
trying to do this, but apparently with little reply or
success.

the problem i'm trying to circumvent is that users have
figured out that they can add people to their homespace,
or remove admin. priviledges on them (big headache).

it's been affecting backup systems, account management and
the like.

if i can remove the user's ability to change perms. on the
root level of their homespace (to new and existing
accounts) then it would save hours of maintenance time.

fh.
>-----Original Message-----
>Well, I could be wrong, but does this do what you need?
I don't have the
>XCACLS documentation in front of me, but I would try
something like the
>following executed from the parent directory that
contains the target
>directory you are modifying:
>
>CACLS foldername /T /C /P user:perm [for subfolder
permissions]
>CACLS foldername /C /P user:perm [for root folder
permissions]
>
>
>
>
>"frederic henry" <frederichenry@hotmail.com> wrote in
message
>news:00a701c29fb0$b5202b40$d5f82ecf@TK2MSFTNGXA12...
>> i've tested with both cacls and xcacls and i can't
figure
>> out how to get the "only subfolders and files" option.
>>
>> basically, this is the perms. i need (i did this through
>> windows, then ran an xcacls on the directory - which
>> returned these results):
>>
>> <folder location> <domain name>\<username>:(special
>> access:) READ_CONTROL
>> SYNCHRONIZE
>> FILE_GENERIC_READ
>> FILE_GENERIC_EXECUTE
>> FILE_READ_DATA
>> FILE_WRITE_DATA
>> FILE_APPEND_DATA
>> FILE_READ_EA
>> FILE_EXECUTE
>> FILE_READ_ATTRIBUTES
>>
>> <domain name>\<username>:(OI)(CI)
(IO)F
>> BUILTIN\Administrators:(OI)(CI)F
>>
>> no matter what i've tried it always defaults to "files
>> only" or "this folder, subfolder and files".
>>
>> do you know the command line args. for these perms.?
>>
>> fh.
>>
>> >-----Original Message-----
>> >PS test using CACLS or XCACLS first. There are some
>> known issues. I am
>> >thinking here of the issue where the ACLs are
improperly
>> ordered after
>> >running CACLS, so that a user gets an error message the
>> first time accessing
>> >the folder and gets a dialog box with two buttons, one
of
>> which I believe
>> >resets the folder security to Everyone Full.
>> >
>> >
>> >"frederic henry" <frederichenry@hotmail.com> wrote in
>> message
>> >news:078301c29fa5$b3695480$d6f82ecf@TK2MSFTNGXA13...
>> >> (originally posted in access.security by mistake).
>> >>
>> >> hey,
>> >>
>> >> i'm having trouble trying to figure out how to grant
>> >> rights to "subfolder and files only" using xcacls.
>> >>
>> >> basically, i want users to have full control of all
>> >> folders/files in a specific directory, but not on the
>> >> root. easy enough to do with the acl/ace editor in
>> >> windows, but i need to do this on roughly 50,000+
>> >> directories, which is why i need to use xcacls.
>> >>
>> >> if anyone knows how to do this, or knows another
product
>> >> for this, any information would be appreciated.
thanks.
>> >>
>> >> fh.
>> >
>> >
>> >.
>> >
>
>
>.
>