Discussion:
Code to remove a user group from file or folder ACL
(too old to reply)
Michael via WinServerKB.com
2006-03-22 18:45:11 UTC
Permalink
I'm using subinacl.exe to download file permissions on a server. Then, we
edit certain permissions once a week. However, I need to know how to remove
using VBA code a "unwanted" user group that oftens gets added to a file or
folder when someone by mistake checks inherit from parent. Most of the time
this group is "everyone". How can I using code to remove "everyone" from a
folder acl. Is there a utility or another program like subinacl.exe that can
do the job?
--
Message posted via http://www.winserverkb.com
Roger Abell [MVP]
2006-03-23 07:41:34 UTC
Permalink
Check out xcacls.vbs which you can obtain from search on the
filename (note: that is .vbs) at microsoft.com/downloads
This VBscript file examples pretty much any possible ACL
manipulation. Also, you could look into fileacl from sourceforge.
Post by Michael via WinServerKB.com
I'm using subinacl.exe to download file permissions on a server. Then, we
edit certain permissions once a week. However, I need to know how to remove
using VBA code a "unwanted" user group that oftens gets added to a file or
folder when someone by mistake checks inherit from parent. Most of the time
this group is "everyone". How can I using code to remove "everyone" from a
folder acl. Is there a utility or another program like subinacl.exe that can
do the job?
--
Message posted via http://www.winserverkb.com
musenyin via WinServerKB.com
2006-03-23 13:42:59 UTC
Permalink
I looked into xcacls.vbs, but am not sure that this will do what I want.
Switch /R will revoke specified user's access rights, but not remove the user
group. For example: my program will download file permission for a file on
day 1. The user groups are "administrators", "system", "lg_processors", and
"xnn8tty". On day 7 I perform the same download and now there are 5 user
groups because "everyone" is now present besides the prior four. This is
usually caused by the user checking the inherit from parent box on the
advance permission tab. What I need to know is how to delete/remove
"everyone" user group from that file using vb code and not set revoke
permission or remove it using the remove button on the advanced tab. I
thought about using /net command remove user, but I believe that will delete
everyone from all files in my domain. Your help is greatly appreciated.
Post by Roger Abell [MVP]
Check out xcacls.vbs which you can obtain from search on the
filename (note: that is .vbs) at microsoft.com/downloads
This VBscript file examples pretty much any possible ACL
manipulation. Also, you could look into fileacl from sourceforge.
Post by Michael via WinServerKB.com
I'm using subinacl.exe to download file permissions on a server. Then, we
edit certain permissions once a week. However, I need to know how to
[quoted text clipped - 7 lines]
Post by Michael via WinServerKB.com
can
do the job?
--
Message posted via WinServerKB.com
http://www.winserverkb.com/Uwe/Forums.aspx/windows-server-security/200603/1
Roger Abell [MVP]
2006-03-23 15:13:44 UTC
Permalink
in xcacls where the docs indicate that you provide a user they really
mean that you provide a principal, whether that be a user account or
a group. It really sounds like your copy should be tweaked so that
it is sensitive to whether a grant it is considering copying onto the
copied-down file is an explicit or an inherited and then only copy
the explicit.
Post by musenyin via WinServerKB.com
I looked into xcacls.vbs, but am not sure that this will do what I want.
Switch /R will revoke specified user's access rights, but not remove the user
group. For example: my program will download file permission for a file on
day 1. The user groups are "administrators", "system", "lg_processors", and
"xnn8tty". On day 7 I perform the same download and now there are 5 user
groups because "everyone" is now present besides the prior four. This is
usually caused by the user checking the inherit from parent box on the
advance permission tab. What I need to know is how to delete/remove
"everyone" user group from that file using vb code and not set revoke
permission or remove it using the remove button on the advanced tab. I
thought about using /net command remove user, but I believe that will delete
everyone from all files in my domain. Your help is greatly appreciated.
Post by Roger Abell [MVP]
Check out xcacls.vbs which you can obtain from search on the
filename (note: that is .vbs) at microsoft.com/downloads
This VBscript file examples pretty much any possible ACL
manipulation. Also, you could look into fileacl from sourceforge.
Post by Michael via WinServerKB.com
I'm using subinacl.exe to download file permissions on a server. Then, we
edit certain permissions once a week. However, I need to know how to
[quoted text clipped - 7 lines]
Post by Michael via WinServerKB.com
can
do the job?
--
Message posted via WinServerKB.com
http://www.winserverkb.com/Uwe/Forums.aspx/windows-server-security/200603/1
Loading...