Change NTFS permission.
--- a/windows.rst Tue Sep 13 21:51:49 2011 +0300
+++ b/windows.rst Fri Sep 16 00:56:37 2011 +0300
@@ -95,8 +95,8 @@
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=2fcde6ce-b5fb-4488-8c50-fe22559d164e
Windows XP Service Pack 3 - ISO-9660 CD Image File
-Access to Samba for Vista/7.
-============================
+Access to Samba from Vista/7.
+=============================
By default, you cannot authenticate and share files to and from Mac OS X or
Linux Samba due to a well known authentication method turned off by default.
@@ -412,3 +412,72 @@
schtasks /delete /tn %TASK_NAME% /f
+Change NTFS permission.
+=======================
+
+Change NTFS permission with 'icacls'.
+-------------------------------------
+
+'icacls' allow option:
+
+ * /c - Continues the operation despite any file errors. Error messages will
+ still be displayed.
+ * /t - Performs the operation on all specified files in the current directory
+ and its subdirectories.
+ * /l - Performs the operation on a symbolic link versus its destination.
+ * /q - Suppresses success messages.
+
+Recursively change the owner of all matching files to the specified user::
+
+ cmd> icacls /setowner <Username> /t /c
+
+Recursively grand full access::
+
+ cmd> icacls %dir% /t /grant:r desktop\user:(f)
+
+Well-known security identifiers (SID).
+======================================
+
+ S-1-0-0
+ Null SID. A group with no members. This is often used when a SID
+ value is not known.
+ S-1-1-0
+ World/Everyone. A group that includes all users.
+ S-1-3-0
+ Creator Owner ID. A security identifier to be replaced by the
+ security identifier of the user who created a new object. This
+ SID is used in inheritable ACEs.
+ S-1-3-1
+ Creator Group ID. A security identifier to be replaced by the
+ primary-group SID of the user who created a new object. Use this
+ SID in inheritable ACEs.
+ S-1-5-6
+ Service. A group that includes all security principals that have
+ logged on as a service. Membership is controlled by the
+ operating system.
+ S-1-5-7
+ Anonymous. A group that includes all users that have logged on
+ anonymously. Membership is controlled by the operating system.
+ S-1-5-32-544
+ Administrators group.
+ S-1-5-32-545
+ Users group.
+ S-1-5-32-546
+ Guests. By default, the only member is the Guest account. The
+ Guests group allows occasional or one-time users to log on with
+ limited privileges to a computer's built-in Guest account.
+ S-1-5-32-547
+ Power Users. Power users can create local users and groups;
+ modify and delete accounts that they have created; and remove
+ users from the Power Users, Users, and Guests groups. Power
+ users also can install programs; create, manage, and delete
+ local printers; and create and delete file shares.
+
+ http://msdn.microsoft.com/en-us/library/aa379649.aspx
+ Well-known SIDs
+ http://support.microsoft.com/kb/243330
+ Хорошо известные идентификаторы безопасности в операционных
+ системах Windows
+ http://en.wikipedia.org/wiki/Security_Identifier
+ Security Identifier
+