Jump to content

SetACL

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by Codename Lisa (talk | contribs) at 02:26, 5 February 2015 (→‎Features: Changed a sprawling sentence to "Windows 2000 and later". Otherwise, we'd be in serious trouble when Windows 11, 12, 13, 14, 15, 16, 17, 18, 19, 20 and so on come out.). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

SetACL
Developer(s)Helge Klein
Stable release
3.0.6 / 7 September 2012
Operating systemMicrosoft Windows
TypeUtility software
LicenseFreeware
Websitehelgeklein.com/setacl

SetACL is a freeware utility for manipulating security descriptors on Microsoft Windows.[1] It used to be available under the GNU Lesser General Public License (LGPL) as a command-line utility and as an ActiveX component, but changed to a freeware license in version 3.0.0.0.

Features

This list of features is taken from the product's web page.[2]

  • Supports the following object types on Windows 2000 and later
  • Manage permissions on local or remote systems in domains or workgroups.
  • Set multiple permissions for multiple users or groups in a single command.
  • Control how permissions are inherited.
  • List, backup and restore permissions.
  • All operations work on a single object or recursively on a directory or registry tree.
  • Set the owner to any user or group.
  • Unicode support.
  • Remove, replace or copy a user or group from an ACL.
  • Fast performance due to time consuming steps such as recursing a large file system are performed only once.
  • Filter out object names not to be processed.

Usage

To set 'change' permissions on the directory 'C:\angela' for user 'brian' in domain 'dom1': 

SetACL.exe -on "C:\angela" -ot file -actn ace
           -ace "n:dom1\brian;p:change"

Remove write and change permission sets from Desktop, replace with 'read and execute' permissions: 

SetACL.exe -on "\\mycomputer\C$\Documents and Settings\username\Desktop" -ot file 
           -actn ace -ace "n:mycomputer\username;p:write,change;m:revoke"
           -ace "n:mycomputer\username;p:read_ex"

An example of its use from AutoIt can be found here

Short history

  • March 2001 SetACL program 0.x development begins
  • December 2002 SetACL program 2.x development begins
  • April 2003 2.0 beta 1 released
  • July 2003 2.0 final released
  • September 2003 2.0.1.0 released - Remove, replace or copy all Access Control Entries (ACEs) belonging to users or groups of a specified domain.
  • January 2004 2.0.2 released - ActiveX support. can be used from any language that supports COM including AutoIt, Visual Basic, Perl, VBScript.
  • May 2008 2.0.3 released - 64-bit support
  • August 2010 2.1 released - Improved permission listing

References

  1. ^ SetACL Documentation
  2. ^ SetACL Windows permission management
Retrieved from "https://en.wikipedia.org/w/index.php?title=SetACL&oldid=645693039"