| Home | Register | Members | Search | Windows Vista Tips | File Database | Links |
 |
| Thread Tools | Display Modes |
|
Guest
Posts: n/a
|
|
|
|
||
|
|
| |
|
Guest
Posts: n/a
|
Hi,
OK, I found the solution for my problem. I new xcacls.exe had been "replaced" by xcacls.vbs, but apparently, xcacls.vbs has now been "replaced" by icacls.exe ... at least for Windows Server 2008 (my server). Confusing ... So it works perfectly with icacls : Read : icacls \\server\g$\Services\DFSP /grant DL-S-Services.DFSP-L  OI)(NP)RXWrite : icacls \\server\g$\Services\DFSP /grant DL-S-Services.DFSP-M OI)(NP)MThese are the correct options (for my needs listed in my frst post). BTW, watch out for the switchs. For example, the change/modify permission is : xcacls.exe : C (Change) xcacls.vbs : M (Modify) icacls.exe : M (Modify) -- Franck http://supermarches.faire-le-bon-choix.fr "magnum42" wrote: > Hi, > > I have a problem with xcacls.vbs > We have 2 groups ready for each folder (one for Read, one for Modification > permissions). > > For example : > Fold1 > Fold2 > Fold2_Sub1 > Fold2_Sub2 > Fold_2_Sub2_Sub1 > Fold_2_Sub2_Sub2 > ... > cscript xcacls.vbs "\\server\g$\Share\Fold1" /E /G "DOM\Fold1-R":X /F > cscript xcacls.vbs "\\server\g$\Share\Fold1" /E /G "DOM\Fold1-M":M /F > cscript xcacls.vbs "\\server\g$\Share\Fold2" /E /G "DOM\Fold2-R":X /F > cscript xcacls.vbs "\\server\g$\Share\Fold2" /E /G "DOM\Fold2-M":M /F > cscript xcacls.vbs "\\server\g$\Share\Fold2\Fold2_Sub1" /E /G > "DOM\Fold2_Sub1-R":X /F > cscript xcacls.vbs "\\server\g$\Share\Fold2\Fold2_Sub2" /E /G > "DOM\Fold2_Sub2-M":M /F > ... > > Why I do this, the read and change groups are ok on the first level, but the > go down every level on the files. > We also tried using the "/SPEC D" switch, but the permissions continue to > inherit every level, most of the time only on the files. > > Each folder needs to have their two groups (read and change), but nothing > should inherit down to subfolders, except for the security ACE's put on top, > on the share itself. > > > I'm tired (and french), so I hope I'm clear enough. Please help. > > Thanks a lot. > > -- > Franck > http://supermarches.faire-le-bon-choix.fr |
|
|
|
|
|||
|
Guest
Posts: n/a
|
OK, juste a last little update to my post, with what I finally did, if
someone's interested : On the nodes (so people cannot create files and folders) : icacls G:\Services\DFSP /grant DL-S-Services.DFSP-L OI)(NP)(IO)(RX)icacls G:\Services\DFSP /grant DL-S-Services.DFSP-M OI)(NP)(IO)(M)icacls G:\Services\DFSP /grant DL-S-Services.DFSP-L S,RD,X)icacls G:\Services\DFSP /grant DL-S-Services.DFSP-M S,RD,X)On the "leaves" (last folders) so people CAN create new folders/files : icacls G:\Services\DFSP\DAF\CDG /grant DL-S-Services.DFSP.DAF.CDG-L OI)(CI)(IO)(RX)icacls G:\Services\DFSP\DAF\CDG /grant DL-S-Services.DFSP.DAF.CDG-M OI)(CI)(IO)(M)icacls G:\Services\DFSP\DAF\CDG /grant DL-S-Services.DFSP.DAF.CDG-L S,RD,X)icacls G:\Services\DFSP\DAF\CDG /grant DL-S-Services.DFSP.DAF.CDG-M S,RD,WD,AD,X)-- Franck http://supermarches.faire-le-bon-choix.fr "magnum42" wrote: > Hi, > > OK, I found the solution for my problem. > I new xcacls.exe had been "replaced" by xcacls.vbs, but apparently, > xcacls.vbs has now been "replaced" by icacls.exe ... at least for Windows > Server 2008 (my server). Confusing ... > > So it works perfectly with icacls : > Read : > icacls \\server\g$\Services\DFSP /grant DL-S-Services.DFSP-L OI)(NP)RX> Write : > icacls \\server\g$\Services\DFSP /grant DL-S-Services.DFSP-M OI)(NP)M> > These are the correct options (for my needs listed in my frst post). > > BTW, watch out for the switchs. For example, the change/modify permission is : > xcacls.exe : C (Change) > xcacls.vbs : M (Modify) > icacls.exe : M (Modify) > > > -- > Franck > http://supermarches.faire-le-bon-choix.fr > > > "magnum42" wrote: > > > Hi, > > > > I have a problem with xcacls.vbs > > We have 2 groups ready for each folder (one for Read, one for Modification > > permissions). > > > > For example : > > Fold1 > > Fold2 > > Fold2_Sub1 > > Fold2_Sub2 > > Fold_2_Sub2_Sub1 > > Fold_2_Sub2_Sub2 > > ... > > cscript xcacls.vbs "\\server\g$\Share\Fold1" /E /G "DOM\Fold1-R":X /F > > cscript xcacls.vbs "\\server\g$\Share\Fold1" /E /G "DOM\Fold1-M":M /F > > cscript xcacls.vbs "\\server\g$\Share\Fold2" /E /G "DOM\Fold2-R":X /F > > cscript xcacls.vbs "\\server\g$\Share\Fold2" /E /G "DOM\Fold2-M":M /F > > cscript xcacls.vbs "\\server\g$\Share\Fold2\Fold2_Sub1" /E /G > > "DOM\Fold2_Sub1-R":X /F > > cscript xcacls.vbs "\\server\g$\Share\Fold2\Fold2_Sub2" /E /G > > "DOM\Fold2_Sub2-M":M /F > > ... > > > > Why I do this, the read and change groups are ok on the first level, but the > > go down every level on the files. > > We also tried using the "/SPEC D" switch, but the permissions continue to > > inherit every level, most of the time only on the files. > > > > Each folder needs to have their two groups (read and change), but nothing > > should inherit down to subfolders, except for the security ACE's put on top, > > on the share itself. > > > > > > I'm tired (and french), so I hope I'm clear enough. Please help. > > > > Thanks a lot. > > > > -- > > Franck > > http://supermarches.faire-le-bon-choix.fr |
|
|
|
|
|||
|
|
| |
|
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Need permission to delete file when logged in as sysadmin? | Speed Dial | Windows Vista Help | 2 | 05-16-2010 03:18 PM |
| Server 2003 update problem | kc66 | Windows Update | 7 | 12-22-2009 04:09 PM |
| Re: Windows cannot access the specified device,path or file. You may not have the appropiate permission to access the item | Dave-UK | Windows Vista General Discussion | 0 | 11-16-2009 12:53 PM |
| Difficulty with EFS & importing PFX file | Aaron Solomon | Windows Vista File Management | 0 | 08-24-2007 09:08 PM |
| mmc.exe error, cannot run. | olouvignes | Windows Vista Installation | 4 | 04-18-2007 02:40 PM |
Linear Mode
