Deploying NTFS permissions
Hi,
I have a group of PCs that I want to apply NTFS security via secedit. I know the group name and individuals that I want to giver permissions to.
During testing I noticed that my INF file has the local SID of the user I was giving permission to. This SID will be different on other boxes so I can't see this working on them.
How do I get the INF file to give permissions to a user name or group on different local machines (no AD or workgroup)?
[Unicode]
Unicode=yes
[Registry Values]
[File Security]
"%SystemDrive%\folder0\a",0,"D:PAR(A;OICI;FA;;;BA)(A;OICIIO;FA;;;CO)(A;OICI;0x1301bf;;;S-1-5-21-515967899-2049760794-682003330-1005)(A;OICI;FA;;;SY)(A;OICI;0x1200a9;;;BU)"
thanks for reading.
stunty
I have a group of PCs that I want to apply NTFS security via secedit. I know the group name and individuals that I want to giver permissions to.
During testing I noticed that my INF file has the local SID of the user I was giving permission to. This SID will be different on other boxes so I can't see this working on them.
How do I get the INF file to give permissions to a user name or group on different local machines (no AD or workgroup)?
[Unicode]
Unicode=yes
[Registry Values]
[File Security]
"%SystemDrive%\folder0\a",0,"D:PAR(A;OICI;FA;;;BA)(A;OICIIO;FA;;;CO)(A;OICI;0x1301bf;;;S-1-5-21-515967899-2049760794-682003330-1005)(A;OICI;FA;;;SY)(A;OICI;0x1200a9;;;BU)"
thanks for reading.
stunty
0 Comments
[ + ] Show comments
Answers (2)
Please log in to answer
Posted by:
riversidekid
13 years ago
Not really an answer, but an alternative concept... have you thought of using SetACL rather than secedit? I have used SetACL with success when deploying software where the current user needs access to a folder within %ProgramFiles%.
Just another thought.
Just another thought.
Posted by:
Stuntman
13 years ago
Thanks for the suggestion.
Still looking for method to do this with standard windows technologies.
I could write a script or program to do this but want to do it like others would.
Other ideas?
SM
Still looking for method to do this with standard windows technologies.
I could write a script or program to do this but want to do it like others would.
Other ideas?
SM
Rating comments in this legacy AppDeploy message board thread won't reorder them,so that the conversation will remain readable.