【活动说明】http://bbs.bathome.net/thread-2991-1-1.html
【官方网站】http://setacl.sourceforge.net/
【官方下载】http://sourceforge.net/project/showfiles.php?group_id=69165
【本地下载】http://bcn.bathome.net/s/tool/index.html?key=SetACL
【任务内容】- SetACL is a set of routines for managing Windows permissions (ACLs) from the command line, from scripts and from programs. These routines can be used from various container or interface programs. Currently there exist a command line version to be used in batch files or scripts and an ActiveX control (SetACL.ocx) which can be used from any COM-enabled language (VB, WSH scripts, ...).
-
- SetACL 2.x is loosely based on my first SetACL program 0.x which I started develping in march 2001 and improved continually. After some time I realised that the design and implementation of that old version were not up to the many new features and impromvements I had in mind. So, in late december 2002, I started from scratch, using a much more flexible design approach, which resulted in the completely rewritten SetACL 2.
复制代码
- SetACL by Helge Klein
-
- Homepage: http://setacl.sourceforge.net
- Version: 2.0.3.0
- Copyright: Helge Klein
- License: GPL
-
- -O-P-T-I-O-N-S--------------------------------------------------------
-
- -on ObjectName
-
- -ot ObjectType
-
- -actn Action
-
- -ace "n:Trustee;p:Permission;s:IsSID;i:Inheritance;m:Mode;w:Where"
-
- -trst "n1:Trustee;n2:Trustee;s1:IsSID;s2:IsSID;ta:TrusteeAction;w:Where"
-
- -dom "n1:Domain;n2:Domain;da:DomainAction;w:Where"
-
- -ownr "n:Trustee;s:IsSID"
-
- -grp "n:Trustee;s:IsSID"
-
- -rec Recursion
-
- -op "dacl:Protection;sacl:Protection"
-
- -rst Where
-
- -lst "f:Format;w:What;i:ListInherited;s:DisplaySID"
-
- -bckp Filename
-
- -log Filename
-
- -fltr Keyword
-
- -clr Where
-
- -silent
-
- -ignoreerr
-
- -P-A-R-A-M-E-T-E-R-S-------------------------------------------------
-
- ObjectName: Name of the object to process (e.g. 'c:\mydir')
-
- ObjectType: Type of object:
-
- file: Directory/file
- reg: Registry key
- srv: Service
- prn: Printer
- shr: Network share
-
- Action: Action(s) to perform:
-
- ace: Process ACEs specified by parameter(s) '-ace'
- trustee: Process trustee(s) specified by parameter(s)
- '-trst'.
- domain: Process domain(s) specified by parameter(s)
- '-dom'.
- list: List permissions. A backup file can be
- specified by parameter '-bckp'. Controlled by
- parameter '-lst'.
- restore: Restore entire security descriptors backed up
- using the list function. A file containing the
- backup has to be specified using the parameter
- '-bckp'. The listing has to be in SDDL format.
- setowner: Set the owner to trustee specified by parameter
- '-ownr'.
- setgroup: Set the primary group to trustee specified by
- parameter '-grp'.
- clear: Clear the ACL of any non-inherited ACEs. The
- parameter '-clr' controls whether to do this for
- the DACL, the SACL, or both.
- setprot: Set the flag 'allow inheritable permissions from
- the parent object to propagate to this object' to
- the value specified by parameter '-op'.
- rstchldrn: Reset permissions on all sub-objects and enable
- propagation of inherited permissions. The
- parameter '-rst' controls whether to do this for
- the DACL, the SACL, or both.
-
- TrusteeAction: Action to perform on trustee specified:
-
- remtrst: Remove all ACEs belonging to trustee specified.
- repltrst: Replace trustee 'n1' by 'n2' in all ACEs.
- cpytrst: Copy the permissions for trustee 'n1' to 'n2'.
-
- DomainAction: Action to perform on domain specified:
-
- remdom: Remove all ACEs belonging to trustees of domain
- specified.
- repldom: Replace trustees from domain 'n1' by trustees with
- same name from domain 'n2' in all ACEs.
- cpydom: Copy permissions from trustees from domain 'n1' to
- trustees with same name from domain 'n2' in all
- ACEs.
-
- Trustee: Name or SID of trustee (user or group). Format:
-
- a) [(computer | domain)\]name
-
- Where:
-
- computer: DNS or NetBIOS name of a computer -> 'name' must
- be a local account on that computer.
- domain: DNS or NetBIOS name of a domain -> 'name' must
- be a domain user or group.
- name: user or group name
-
- If no computer or domain name is given, SetACL tries to find
- a SID for 'name' in the following order:
-
- 1. built-in accounts and well-known SIDs
- 2. local accounts
- 3. primary domain
- 4. trusted domains
-
- b) SID string
-
- Domain: Name of a domain (NetBIOS or DNS name).
-
- Permission: Permission to set. Validity of permissions depends on the
- object type (see below). Comma separated list.
-
- Example: 'read,write_ea,write_dacl'
-
- IsSID: Is the trustee name a SID?
-
- y: Yes
- n: No
-
- DisplaySID: Display trustee names as SIDs?
-
- y: Yes
- n: No
- b: Both (names and SIDs)
-
- Inheritance: Inheritance flags for the ACE. This may be a comma separated
- list containing the following:
-
- so: sub-objects
- sc: sub-containers
- np: no propagation
- io: inherit only
-
- Example: 'io,so'
-
- Mode: Access mode of this ACE:
-
- a) DACL:
-
- set: Replace all permissions for given trustee by
- those specified.
- grant: Add permissions specified to existing permissions
- for given trustee.
- deny: Deny permissions specified.
- revoke: Remove permissions specified from existing
- permissions for given trustee.
-
- b) SACL:
-
- aud_succ: Add an audit success ACE.
- aud_fail: Add an audit failure ACE.
- revoke: Remove permissions specified from existing
- permissions for given trustee.
-
- Where: Apply settings to DACL, SACL, or both (comma separated list):
-
- dacl
- sacl
- dacl,sacl
-
- Recursion: Recursion settings, depends on object type:
-
- a) file:
-
- no: No recursion.
- cont: Recurse, and process directories only.
- obj: Recurse, and process files only.
- cont_obj: Recurse, and process directories and files.
-
- b) reg:
-
- no: Do not recurse.
- yes: Do Recurse.
-
- Protection: Controls the flag 'allow inheritable permissions from the
- parent object to propagate to this object':
-
- nc: Do not change the current setting.
- np: Object is not protected, i.e. inherits from
- parent.
- p_c: Object is protected, ACEs from parent are
- copied.
- p_nc: Object is protected, ACEs from parent are not
- copied.
-
- Format: Which list format to use:
-
- sddl: Standardized SDDL format. Only listings in this
- format can be restored.
- csv: SetACL's csv format.
- tab: SetACL's tabular format.
-
- What: Which components of security descriptors to include in the
- listing. (comma separated list):
-
- d: DACL
- s: SACL
- o: Owner
- g: Primary group
-
- Example: 'd,s'
-
- ListInherited: List inherited permissions?
-
- y: Yes
- n: No
-
- Filename: Name of a (unicode) file used for list/backup/restore
- operations or logging.
-
- Keyword: Keyword to filter object names by. Names containing this
- keyword are not processed.
-
- -R-E-M-A-R-K-S--------------------------------------------------------
-
- Required parameters (all others are optional):
-
- -on (Object name)
- -ot (Object type)
-
- Parameters that may be specified more than once:
-
- -actn (Action)
- -ace (Access control entry)
- -trst (Trustee)
- -dom (Domain)
- -fltr (Filter keyword)
-
- Only actions specified by parameter(s) '-actn' are actually performed,
- regardless of the other options set.
-
- Order in which multiple actions are processed:
-
- 1. restore
- 2. clear
- 3. trustee
- 4. domain
- 5. ace, setowner, setgroup, setprot
- 6. rstchldrn
- 7. list
-
- -V-A-L-I-D--P-E-R-M-I-S-S-I-O-N-S-------------------------------------
-
- a) Standard permission sets (combinations of specific permissions)
-
- Files / Directories:
-
- read: Read
- write: Write
- list_folder: List folder
- read_ex: Read, execute
- change: Change
- profile: = change + write_dacl
- full: Full access
-
- Printers:
-
- print: Print
- man_printer: Manage printer
- man_docs: Manage documents
- full: Full access
-
- Registry:
-
- read: Read
- full: Full access
-
- Service:
-
- read: Read
- start_stop: Start / Stop
- full: Full access
-
- Share:
-
- read: Read
- change: Change
- full: Full access
-
- b) Specific permissions
-
- Files / Directories:
-
- traverse: Traverse folder / execute file
- list_dir: List folder / read data
- read_attr: Read attributes
- read_ea: Read extended attributes
- add_file: Create files / write data
- add_subdir: Create folders / append data
- write_attr: Write attributes
- write_ea: Write extended attributes
- del_child: Delete subfolders and files
- delete: Delete
- read_dacl: Read permissions
- write_dacl: Write permissions
- write_owner: Take ownership
-
- Registry:
-
- query_val: Query value
- set_val: Set value
- create_subkey: Create subkeys
- enum_subkeys: Enumerate subkeys
- notify: Notify
- create_link: Create link
- delete: Delete
- write_dacl: Write permissions
- write_owner: Take ownership
- read_access: Read control
复制代码 【奖励名单】wxcute、coolcatsfx
【活动结束】2009-05-11 |