Re: XCACLS utility help

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 01/29/05 

Date: Fri, 28 Jan 2005 20:09:33 -0600

I never could quite get xcacls to work the way I wanted for special access.
Take a look at fileacl instead. It is available on Microsoft's website and
it is very powerful. Be sure to play around on a test machine first before
you go "live" and of could even then have a backup before starting. The link
below is to fileacl and explains a lot of what it can do. Also see the link
about xacls.vbs which is an update to xacls, though I have not used that
myself yet. --- Steve

http://www.gbordier.com/gbtools/fileacl.htm -- fileacl
http://support.microsoft.com/default.aspx?scid=kb;en-us;825751 -- xacls.vbs

"Mark B" <mark@mosaiccomputers.com.au> wrote in message
news:%23utBEDaBFHA.2076@TK2MSFTNGP15.phx.gbl...
> Hi all,
>
> I work in a school environment, and have taken over administration of the
> school's servers. I have just created over 1000 users and their
> assosciated home folders.
>
> I need to prevent users from deleting their own home folder
> (H:\<username>). By default, when the folder is created, the user has this
> right.
>
> Using XCACLS on a 2003 Server, what is the command to do this? I can ALLOW
> each user the "special access" to DELETE the folder, but am unsure of the
> switch to DENY the right. This is what I need to achieve:-
>
> Denying the users the right to delete their home folder (but not
> sub-folders), and
> removing the "allow inheritable permissions" on the folder.
>
> If I set the permissions using the GUI, and then run XCACLS, this is what
> is reported:-
>
> Processed directory FRED
>
> D:\Users\FRED MyServer\FRED:(DENY)(special access:)
> DELETE
>
> Builtin\Administrators:(OI)(CI)F
> MyServer\Fred:(OI)(CI)F
>
> I cannot seem to replicate that "DENY" part of the special access! What is
> the switch?!?!?
>
> Many thanks,
>
> Mark
>
>