# HG changeset patch # User Oleksandr Gavenko # Date 1501584851 -10800 # Node ID 3776d3119764bc088615961387f6f152f8d4161c # Parent 0789bfd17c13c15c40f868756a5d1cd82d50cbf6 About AccessEnum. diff -r 0789bfd17c13 -r 3776d3119764 windows.rst --- a/windows.rst Tue Aug 01 01:13:03 2017 +0300 +++ b/windows.rst Tue Aug 01 13:54:11 2017 +0300 @@ -474,11 +474,25 @@ * ``/c`` - Continues the operation despite any file errors. Error messages will still be displayed. -* ``/t`` - Performs the operation on all specified files in the current - directory and its subdirectories. +* ``/t`` - Apply recursively. * ``/l`` - Performs the operation on a symbolic link versus its destination. * ``/q`` - Suppresses success messages. +Permissions description:: + +* ``f`` - full control +* ``CI`` = Container Inherit - This flag indicates that subordinate containers will + inherit this ACE. +* ``OI`` = Object Inherit - This flag indicates that subordinate files will inherit + the ACE. + +To review current permissions:: + + cmd> icacls %dir% /t + +.. note:: To get brief view of permissions use ``AccessEnum`` utility from + Sysinternals. + Recursively change the owner of all matching files to the specified user:: cmd> icacls %dir% /setowner %user% /t /c @@ -487,18 +501,29 @@ cmd> takeown /r /f %file% +.. note:: Sometimes you don't have enough permssion to change permission. Run + commands from administrator shell. + Recursively grand full access for everyone:: cmd> icacls %dir% /t /grant:r %user%:(f) cmd> icacls %dir% /t /grant:r *S-1-1-0:(f) +Somtimes it fail due to permission inheritance, thry strip them:: + + cmd> icacls %dir% /inheritance:r /t /grant:r %user%:(f) + Remove all permissons from file (first reset to inherited, then remove inherited):: cmd> icacls %FILE% /reset cmd> icacls %FILE% /inheritance:r +https://technet.microsoft.com/en-us/library/cc753525.aspx + Icacls. http://support.microsoft.com/kb/919240 The ``Icacls.exe`` utility is available for Windows Server 2003 with Service Pack 2. +https://technet.microsoft.com/en-us/library/2009.07.geekofalltrades.aspx + Geek of all Trades Setting Permissions from the Command Line. User management ===============