SetACL

From Wikipedia, the free encyclopedia
Jump to: navigation, search
SetACL
Developer(s) Helge Klein
Stable release 2.3.0 / 7 August 2011
Operating system Microsoft Windows
Type Utility software
License Freeware
Website helgeklein.com/setacl

SetACL is a freeware utility for manipulating security descriptors on Microsoft Windows.[1] It used to be available under the GNU Lesser General Public License (LGPL) as a command-line utility and as an ActiveX component, but changed to a freeware license in version 3.0.0.0.

Features[edit]

This list of features is taken from the product's web page.[2]

  • Supports the following object types on Windows 2000, XP, Vista
  • Manage permissions on local or remote systems in domains or workgroups.
  • Set multiple permissions for multiple users or groups in a single command.
  • Control how permissions are inherited.
  • List, backup and restore permissions.
  • All operations work on a single object or recursively on a directory or registry tree.
  • Set the owner to any user or group.
  • Unicode support.
  • Remove, replace or copy a user or group from an ACL.
  • Fast performance due to time consuming steps such as recursing a large file system are performed only once.
  • Filter out object names not to be processed.

Usage[edit]

To set 'change' permissions on the directory 'C:\angela' for user 'brian' in domain 'dom1':

SetACL.exe -on "C:\angela" -ot file -actn ace
           -ace "n:dom1\brian;p:change"

Remove write and change permission sets from Desktop, replace with 'read and execute' permissions:

SetACL.exe -on "\\mycomputer\C$\Documents and Settings\username\Desktop" -ot file 
           -actn ace -ace "n:mycomputer\username;p:write,change;m:revoke"
           -ace "n:mycomputer\username;p:read_ex"

An example of its use from AutoIt can be found here

Short history[edit]

  • March 2001 SetACL program 0.x development begins
  • December 2002 SetACL program 2.x development begins
  • April 2003 2.0 beta 1 released
  • July 2003 2.0 final released
  • September 2003 2.0.1.0 released - Remove, replace or copy all Access Control Entries (ACEs) belonging to users or groups of a specified domain.
  • January 2004 2.0.2 released - ActiveX support. can be used from any language that supports COM including AutoIt, Visual Basic, Perl, VBScript.
  • May 2008 2.0.3 released - 64-bit support
  • August 2010 2.1 released - Improved permission listing

References[edit]