Permission problems on C:\ with SetACL
Hallo there!
I have a problem with SetACL. I'm trying to set permissions for user at c:\, the syntax I'm using is:
SetACL.exe -on "C:" -ot file -actn ace -ace "n:user;p:Read_ex" but nothing happendes to the permissions.
When I'm doing it for exampla o´n C:\peogram files it works allright. Any ideas someone?
Thanks!!
I have a problem with SetACL. I'm trying to set permissions for user at c:\, the syntax I'm using is:
SetACL.exe -on "C:" -ot file -actn ace -ace "n:user;p:Read_ex" but nothing happendes to the permissions.
When I'm doing it for exampla o´n C:\peogram files it works allright. Any ideas someone?
Thanks!!
0 Comments
[ + ] Show comments
Answers (3)
Please log in to answer
Posted by:
flo
15 years ago
Your example will not work. Try something like that:
SetACL.exe -on "C:\\" -ot file -actn ace -ace "n:S-1-5-32-545;p:add_file;s:y;m:grant;i:np"
Processing ACL of: <\\?\C:\>
SetACL finished successfully.
cu Flo
SetACL.exe -on "C:\\" -ot file -actn ace -ace "n:S-1-5-32-545;p:add_file;s:y;m:grant;i:np"
Processing ACL of: <\\?\C:\>
SetACL finished successfully.
cu Flo
Posted by:
AngelD
15 years ago
Why not make the users local admin as that would produce similar result.
Try to find out what exactly you need to open up.
Try to find out what exactly you need to open up.
Comments:
-
I would like to know, why you wish to give permission to complete systemDrive, unless you have a locked down environment. If SetACL is failing, did u try it out with Cacls.exe which comes inbuilt in windows - talonsprem87 11 years ago
Posted by:
anonymous_9363
15 years ago
The problem is that SetACL must be passed a full path, not a drive letter:
. SetACL.exe -on "C:\" -ot file -actn ace -ace "n:user;p:Read_ex"
However, I, like Kim (AngelD), am confused about how your users don't already have ReadExecute rights on the root of C:. You need to tread carefully here. I suggest some reading on Windows permissions would be a good starting point.
. SetACL.exe -on "C:\" -ot file -actn ace -ace "n:user;p:Read_ex"
However, I, like Kim (AngelD), am confused about how your users don't already have ReadExecute rights on the root of C:. You need to tread carefully here. I suggest some reading on Windows permissions would be a good starting point.
Rating comments in this legacy AppDeploy message board thread won't reorder them,so that the conversation will remain readable.
