SetACL
Encyclopedia
SetACL is a free software
utility
for manipulating security descriptor
s on Microsoft Windows
. It is available under the GNU Lesser General Public License
(LGPL) as a command line utility and as an ActiveX
component.
article.
SetACL.exe -on "C:\angela" -ot file -actn ace
-ace "n:dom1\brian;p:change"
Remove write and change permission sets from Desktop, replace with 'read and execute' permissions:
SetACL.exe -on "\\mycomputer\C$\Documents and Settings\username\Desktop" -ot file
-actn ace -ace "n:mycomputer\username;p:write,change;m:revoke"
-ace "n:mycomputer\username;p:read_ex"
An example of its use from AutoIt can be found here
Free software
Free software, software libre or libre software is software that can be used, studied, and modified without restriction, and which can be copied and redistributed in modified or unmodified form either without restriction, or with restrictions that only ensure that further recipients can also do...
utility
Utility software
Utility software is system software designed to help analyze, configure, optimize or maintain a computer. A single piece of utility software is usually called a utility or tool....
for manipulating security descriptor
Security descriptor
Security descriptors are data structures of security information for securable Windows objects, that is objects that can be identified by a unique name...
s on Microsoft Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...
. It is available under the GNU Lesser General Public License
GNU Lesser General Public License
The GNU Lesser General Public License or LGPL is a free software license published by the Free Software Foundation . It was designed as a compromise between the strong-copyleft GNU General Public License or GPL and permissive licenses such as the BSD licenses and the MIT License...
(LGPL) as a command line utility and as an ActiveX
ActiveX
ActiveX is a framework for defining reusable software components in a programming language-independent way. Software applications can then be composed from one or more of these components in order to provide their functionality....
component.
Features
This list of features is taken from the main sourceforgeSourceForge
SourceForge Enterprise Edition is a collaborative revision control and software development management system. It provides a front-end to a range of software development lifecycle services and integrates with a number of free software / open source software applications .While originally itself...
article.
- Supports the following object types on Windows 2000Windows 2000Windows 2000 is a line of operating systems produced by Microsoft for use on personal computers, business desktops, laptops, and servers. Windows 2000 was released to manufacturing on 15 December 1999 and launched to retail on 17 February 2000. It is the successor to Windows NT 4.0, and is the...
, XPWindows XPWindows XP is an operating system produced by Microsoft for use on personal computers, including home and business desktops, laptops and media centers. First released to computer manufacturers on August 24, 2001, it is the second most popular version of Windows, based on installed user base...
, VistaWindows VistaWindows Vista is an operating system released in several variations developed by Microsoft for use on personal computers, including home and business desktops, laptops, tablet PCs, and media center PCs...
- NTFSNTFSNTFS is the standard file system of Windows NT, including its later versions Windows 2000, Windows XP, Windows Server 2003, Windows Server 2008, Windows Vista, and Windows 7....
filesComputer fileA computer file is a block of arbitrary information, or resource for storing information, which is available to a computer program and is usually based on some kind of durable storage. A file is durable in the sense that it remains available for programs to use after the current program has finished...
and directoriesDirectory (file systems)In computing, a folder, directory, catalog, or drawer, is a virtual container originally derived from an earlier Object-oriented programming concept by the same name within a digital file system, in which groups of computer files and other folders can be kept and organized.A typical file system may... - registry keysWindows registryThe Windows Registry is a hierarchical database that stores configuration settings and options on Microsoft Windows operating systems. It contains settings for low-level operating system components as well as the applications running on the platform: the kernel, device drivers, services, SAM, user...
- printersComputer printerIn computing, a printer is a peripheral which produces a text or graphics of documents stored in electronic form, usually on physical print media such as paper or transparencies. Many printers are primarily used as local peripherals, and are attached by a printer cable or, in most new printers, a...
- servicesWindows ServiceOn Microsoft Windows operating systems, a Windows service is a long-running executable that performs specific functions and which is designed not to require user intervention. Windows services can be configured to start when the operating system is booted and run in the background as long as...
- network sharesShared resourceIn computing, a shared resource or network share is a device or piece of information on a computer that can be remotely accessed from another computer, typically via a local area network or an enterprise Intranet, transparently as if it were a resource in the local machine.Examples are shared file...
- WMI objectsWindows Management InstrumentationWindows Management Instrumentation is a set of extensions to the Windows Driver Model that provides an operating system interface through which instrumented components provide information and notification...
- NTFS
- Manage permissions on local or remote systems in domainsWindows Server domainA Windows domain is a collection of security principals that share a central directory database. This central database contains the user accounts and security information for...
or workgroupsWorkgroup (Computer networking)A workgroup is Microsoft's terminology for a peer-to-peer Windows computer network.Microsoft operating systems in the same workgroup may allow each other access to their files, printers, or Internet connection...
. - Set multiple permissions for multiple users or groups in a single command.
- Control how permissions are inherited.
- List, backup and restore permissions.
- All operations work on a single object or recursively on a directory or registry tree.
- Set the owner to any user or group.
- Unicode support.
- Remove, replace or copy a user or group from an ACLAccess control listAn access control list , with respect to a computer file system, is a list of permissions attached to an object. An ACL specifies which users or system processes are granted access to objects, as well as what operations are allowed on given objects. Each entry in a typical ACL specifies a subject...
. - Fast performance due to time consuming steps such as recursing a large file system are performed only once.
- Filter out object names not to be processed.
Usage
To set 'change' permissions on the directory 'C:\angela' for user 'brian' in domain 'dom1':SetACL.exe -on "C:\angela" -ot file -actn ace
-ace "n:dom1\brian;p:change"
Remove write and change permission sets from Desktop, replace with 'read and execute' permissions:
SetACL.exe -on "\\mycomputer\C$\Documents and Settings\username\Desktop" -ot file
-actn ace -ace "n:mycomputer\username;p:write,change;m:revoke"
-ace "n:mycomputer\username;p:read_ex"
An example of its use from AutoIt can be found here
Short history
- March 2001 SetACL program 0.x development begins
- December 2002 SetACL program 2.x development begins
- April 2003 2.0 beta 1 released
- July 2003 2.0 final released
- September 2003 2.0.1.0 released - Remove, replace or copy all Access Control Entries (ACEs) belonging to users or groups of a specified domainWindows Server domainA Windows domain is a collection of security principals that share a central directory database. This central database contains the user accounts and security information for...
. - January 2004 2.0.2 released - ActiveXActiveXActiveX is a framework for defining reusable software components in a programming language-independent way. Software applications can then be composed from one or more of these components in order to provide their functionality....
support. can be used from any language that supports COMComponent Object ModelComponent Object Model is a binary-interface standard for software componentry introduced by Microsoft in 1993. It is used to enable interprocess communication and dynamic object creation in a large range of programming languages...
including AutoItAutoItAutoIt is a freeware automation language for Microsoft Windows. In its earliest release, the software was primarily intended to create automation scripts for Microsoft Windows programs but has since grown to include enhancements in both programming language design and overall functionality.With...
, Visual BasicVisual BasicVisual Basic is the third-generation event-driven programming language and integrated development environment from Microsoft for its COM programming model...
, PerlPerlPerl is a high-level, general-purpose, interpreted, dynamic programming language. Perl was originally developed by Larry Wall in 1987 as a general-purpose Unix scripting language to make report processing easier. Since then, it has undergone many changes and revisions and become widely popular...
, VBScriptVBScriptVBScript is an Active Scripting language developed by Microsoft that is modeled on Visual Basic. It is designed as a “lightweight” language with a fast interpreter for use in a wide variety of Microsoft environments...
. - May 2008 2.0.3 released - x64 support
- August 2010 2.1 released -Improved permission listing