|
Posted by Roger Abell [MVP] on March 23, 2006, 10:13 am
Please log in for more thread options in xcacls where the docs indicate that you provide a user they really
mean that you provide a principal, whether that be a user account or
a group. It really sounds like your copy should be tweaked so that
it is sensitive to whether a grant it is considering copying onto the
copied-down file is an explicit or an inherited and then only copy
the explicit.
>I looked into xcacls.vbs, but am not sure that this will do what I want.
> Switch /R will revoke specified user's access rights, but not remove the
> user
> group. For example: my program will download file permission for a file
> on
> day 1. The user groups are "administrators", "system", "lg_processors",
> and
> "xnn8tty". On day 7 I perform the same download and now there are 5 user
> groups because "everyone" is now present besides the prior four. This is
> usually caused by the user checking the inherit from parent box on the
> advance permission tab. What I need to know is how to delete/remove
> "everyone" user group from that file using vb code and not set revoke
> permission or remove it using the remove button on the advanced tab. I
> thought about using /net command remove user, but I believe that will
> delete
> everyone from all files in my domain. Your help is greatly appreciated.
>
> Roger Abell [MVP] wrote:
>>Check out xcacls.vbs which you can obtain from search on the
>>filename (note: that is .vbs) at microsoft.com/downloads
>>This VBscript file examples pretty much any possible ACL
>>manipulation. Also, you could look into fileacl from sourceforge.
>>
>>> I'm using subinacl.exe to download file permissions on a server. Then,
>>> we
>>> edit certain permissions once a week. However, I need to know how to
>>[quoted text clipped - 7 lines]
>>> can
>>> do the job?
>
> --
> Message posted via WinServerKB.com
> http://www.winserverkb.com/Uwe/Forums.aspx/windows-server-security/200603/1
| 
XML Sitemap