|Subject:||Modifying permissions with XCACLS.vbs|
|Posted by:||Adam Sandler (corn…@excite.com)|
|Date:||Thu, 7 Feb 2008|
I have a question about running XCACLS.vbs. I'm trying to change
folder permissions but I'm not using the built-in security groups - I
want to use domain groups; specifically domain admins and domain
I read online that if one uses SID# in place if a group name then that
I call XCACLS. from a batch file. A sample of my existing (and
currently working as expected) file looks like this:
cscript xcacls.vbs "C:\WINDOWS\regedit.exe" /G Administrators:F
cscript xcacls.vbs "C:\WINDOWS\regedit.exe" /E /G SYSTEM:F
Additionally, I read that the domain SID can be found in
\ProfileList. I also read the SIDs for domain admins and domain users
Name: Domain Admins
Name: Domain Users
So, armed with this information I took the two lines above and tried
to do this:
cscript xcacls.vbs "C:\Temp" /G
cscript xcacls.vbs "C:\Temp" /E /G
It didn't work. While I didn't get a script engine error or anything,
when I checked the permissions on that folder, all the entries were
gone - it was a blank display.
How can I modify the permissions to use domain admins and users?
Suggestions are greatly appreciated.