Solution :
Alright I will start with solution and then explain things. If you want to set permission for any built in groups like Users, then use the SID instead of group account name. You can get the SID using WMI and set permission using icacls tool.
For a Users(SID - S-1-5-32-545 ) group, Here is a way of doing it.
In Vista, 7 and server2008 and above :
icacls "c:\Program Files\YourFolder" /T /C /Grant:r *S-1-5-32-545:(OI)(CI)(M)
older version:
cacls "c:\Program Files\YourFolder" /T /E /C /G Users:C
Using Windows Management Instrumentation(WMI) to get the SID.
Here is the vb script to get the SID value for all local account using WMI
Dim strComputer
Dim strUsers
strComputer = "."
Set objWMIService = GetObject( _
"winmgmts:\\" & strComputer & "\root\cimv2")
Set colItems = objWMIService.ExecQuery _
("Select * from Win32_Group Where LocalAccount = True")
For Each objItem in colItems
Wscript.Echo "Local Account: " & objItem.LocalAccount & VBNewLine _
& "Name: " & objItem.Name & VBNewLine _
& "SID: " & objItem.SID & VBNewLine _
& "SID Type: " & objItem.SIDType & VBNewLine _
& "Status: " & objItem.Status & VBNewLine
Next
How to Change permission for a folder from a script \ command line:
Use the icacls tool ( for xp and older versions it is "cacls" ), to set the permission.
icacls :
Displays or modifies discretionary access control lists (DACLs) on specified files, and applies stored DACLs to files in specified directories.
for more info ... below are the links...
Icacls\cacls :
http://technet.microsoft.com/en-us/library/cc753525%28WS.10%29.aspx
http://technet.microsoft.com/en-us/library/bb490872.aspx
WMI
http://msdn.microsoft.com/en-us/library/aa394582%28v=VS.85%29.aspx
http://technet.microsoft.com/en-us/library/ee156560.aspx
Thanks,
KKM.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment