Hi,

I have a group of PCs that I want to apply NTFS security via secedit. I know the group name and individuals that I want to giver permissions to.

During testing I noticed that my INF file has the local SID of the user I was giving permission to. This SID will be different on other boxes so I can't see this working on them.

How do I get the INF file to give permissions to a user name or group on different local machines (no AD or workgroup)?

[Unicode]
Unicode=yes
[Registry Values]
[File Security]
"%SystemDrive%\folder0\a",0,"D:PAR(A;OICI;FA;;;BA)(A;OICIIO;FA;;;CO)(A;OICI;0x1301bf;;;S-1-5-21-515967899-2049760794-682003330-1005)(A;OICI;FA;;;SY)(A;OICI;0x1200a9;;;BU)"


thanks for reading.

stunty
0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.

Answers

0
Not really an answer, but an alternative concept... have you thought of using SetACL rather than secedit? I have used SetACL with success when deploying software where the current user needs access to a folder within %ProgramFiles%.

Just another thought.
Answered 02/17/2010 by: riversidekid
Senior Yellow Belt

Please log in to comment
0
Thanks for the suggestion.

Still looking for method to do this with standard windows technologies.
I could write a script or program to do this but want to do it like others would.

Other ideas?

SM
Answered 02/17/2010 by: Stuntman
Senior Yellow Belt

Please log in to comment
Answer this question or Comment on this question for clarity