|
Posted by Roger Abell [MVP] on February 8, 2008, 12:41 am
If you were Registered and logged in, you could reply and use other advanced thread options
Hi Adam
I think you may be taking the long road, as instead of resorting to
naming principals with SIDs you can just quote their display name
if it contain spaces. For example
xcacls.vbs c:\temp /g "yourdomain\domain admins":f
of course replacing "yourdomain" and notice also that the target
folder/file does not need to be quoted if it contains no whitespace.
Roger
> Hello,
>
> I have a question about running XCACLS.vbs. I'm trying to change
> folder permissions but I'm not using the built-in security groups - I
> want to use domain groups; specifically domain admins and domain
> users.
>
> I read online that if one uses SID# in place if a group name then that
> should work.
>
> I call XCACLS. from a batch file. A sample of my existing (and
> currently working as expected) file looks like this:
> cscript xcacls.vbs "C:\WINDOWS\regedit.exe" /G Administrators:F
>
> cscript xcacls.vbs "C:\WINDOWS\regedit.exe" /E /G SYSTEM:F
>
> Additionally, I read that the domain SID can be found in
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
> \ProfileList. I also read the SIDs for domain admins and domain users
> are:
>
> SID: S-1-5-domain-512
> Name: Domain Admins
>
> SID: S-1-5-domain-513
> Name: Domain Users
>
> So, armed with this information I took the two lines above and tried
> to do this:
>
> cscript xcacls.vbs "C:\Temp" /G
> SID#S-1-5-21-131504274-120818031-269197707-1108-512:F
>
> cscript xcacls.vbs "C:\Temp" /E /G
> SID#S-1-5-21-131504274-120818031-269197707-1108-513:F
>
> It didn't work. While I didn't get a script engine error or anything,
> when I checked the permissions on that folder, all the entries were
> gone - it was a blank display.
>
> How can I modify the permissions to use domain admins and users?
> Suggestions are greatly appreciated.
>
> Thanks!
>
>
>
>
>
>
>
>
>
| 
XML site map