/bundles/itninjaweb/img/Breadcrumb_cap_w.png
Hello,
i need professional help for the following task.
This key has full permissions for "everyone/user" group

[HKEY_CLASSES_ROOT\ZSDlg.ControlAccess]
@="ZSDlg.ControlAccess"

Now i have so un/set the special permission "Delete"

I should look like this:

Permissions: Allow Deny
Full Control
Query Value x
Set Value x
Create Subkey x
Enumerate Subkeys x
Notify x
Create Link x
Delete
Wirte DAC x
Wirte Owner x
Read Control x

I Don´t habe any idea how to do this
I look for setacl.exe but there no description for the special permissions
0 Comments   [ - ] Hide Comments

Comments

Please log in to comment

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.
Answer this question or Comment on this question for clarity

Answers

0
ORIGINAL: Rayek
I look for setacl.exe but there no description for the special permissions
There is a document supplied with SetACL that describes the special permissions. IIRC, it's called 'Command line.TXT'. It's all on SourceForge, too.

Anyway, I've never done this but try:

. SetACL -on "HKCR\ZSDlg.ControlAccess" -ot reg -actn ace -ace "n:Everyone;m:revoke"
Answered 04/29/2008 by: VBScab
Red Belt

Please log in to comment
0
Hello,
thank you for your fast help! [;)]

I got the latest version of setacl and took a closer look
Yes there is an cmdline.txt file and it is very good explained

Finally i implemented this solution in my msi

SetACL.exe" -on "HKCR\ZSDlg.ControlAccess" -ot reg -actn ace -ace "n:users;p:query_val,set_val,create_subkey,enum_subkeys,notify,create_link,write_dacl,write_owner,read_access;m:set"

Thanks a lot!
Answered 04/29/2008 by: Rayek
Yellow Belt

Please log in to comment
0
Personally I like to use SECEDIT. I create a security template using the security snapin in MMC and then apply the template using SECEDIT. It works great as a custom action embedded within an MSI or outside an MSI run with a batch command. I did notice however that if you do run it outside the MSI the drive you run it on will require write access.. I think it needs to update secedit.sdb or something when it is run. The command I use is this:

secedit.exe /configure /db "<path to SDB file\secedit.sdb" /cfg "<path to security template>\template.inf"

good luck..
Answered 04/29/2008 by: Coriolus
Orange Belt

Please log in to comment
0
ORIGINAL: Rayek
Finally i implemented this solution in my msi

SetACL.exe" -on "HKCR\ZSDlg.ControlAccess" -ot reg -actn ace -ace "n:users;p:query_val,set_val,create_subkey,enum_subkeys,notify,create_link,write_dacl,write_owner,read_access;m:set"
A *lot* of the other articles I located on using SetACL prefix the actual setting command line with one which removes all ACEs first. I think this would generally be regarded as A Good Thing.
Answered 04/30/2008 by: VBScab
Red Belt

Please log in to comment