|
Monday, December 19, 2005
Play with ACL in MSH
Bookmark:
|
|
|
|
|
|
|
|
|
|
I have a laptop running Windows XP home edition. As you known, to force you pay more money for professional edition, Mico$oft disabled the "Security" tab in file or directory "Properties" dialogue window. To set ACL, I have to use cacls.exe (come with windows). If you want more functionality, use setacl.exe (under GPL, you can download from sourceforge.org)
|
|
|
|
It is OK, if you just do adjustments for a few files. It becomes a tedious job, if you have lot of files or directories to modify. So let's give MSH a try.
There are two cmd-let designed for this job:
get-acl : Gets the access control list (ACL) associated with a file or object.
get-acl [[-Path] System.String[]] [[-Filter] System.String] [[-Include]
system.String[]] [[-Exclude] System.String[]] [[-Audit] [System.Boolean]]
set-acl: Set the security Access Control List for an item or items.
set-acl [-ACLObject] aclobject [-Path path]
[-Include include] [-Exclude exclude] [-Filter filter] [-Passthru]
But there is a trick here. In order to set group or set owner, you need an instance of [system.security.principal.ntaccount] object in hand.
#######################################
# Let's get acl for file text.txt
$acl=get-acl text.txt
$acl format-list
#You will get something like
#Path : FileSystem::D:\text.txt
#Owner : Computer\me
#Group : Computer\None
#Access : BUILTIN\Administrators Allow FullControl
# Computer\me Allow FullControl
#Audit :
#Sddl : Bla…Bla…Bla…
#So we can manipulate this acl object now. Let's try to change group to
# BUILTIN\Administrators.
#Get a [system.security.principal.ntaccount] object
$Account = new-object system.security.principal.ntaccount("Administrators ")
#To check whether the group is valid
$SID = $Account.translate([system.security.principal.securityidentifier])
$SID
#You will see
#BinaryLength AccountDomainSid Value
#------------ ---------------- -----
# 16 S-1-5-32-544
#If you see some error message here, you $Account is invalid.
#Use setgroup method of acl object
$acl.setgroup($Account)
$acl format-list
#You will get something like
#Path : FileSystem::D:\text.txt
#Owner : Computer\me
#Group : BUILTIN\Administrators (We made change here!!!!!!!!!!!!!!!)
#Access : BUILTIN\Administrators Allow FullControl
# Computer\me Allow FullControl
#Audit :
#Sddl : Bla…Bla…Bla…
#But this ACL object is in memory, we need to apply them to file
set-acl -aclobject $acl -path D:\text.txt
#make sure you have both -aclobject and -path, otherwise you will get some error.
###############################################
This scheme can be easily changed to modify directory acl or grant access to any user.
You can use get-member cmd-let to explore other methods or property of $acl. I will leave those excise to readers.
Reference
http://mow001.blogspot.com/2005/10/getting-and-using-securityprincipal.html
[Edit: Monad has now been renamed to Windows PowerShell. This script or discussion may require slight adjustments before it applies directly to newer builds.]
Tags: msh monad PowerShell
# posted by Tony : 12/19/2005 11:26:00 PM
Comments:
Links to this post:
<< Home
Joy in warcraft leveling living comes wow lvl from having wow lvl fine emotions,wow power level trusting them,power leveling giving them power leveling the freedom of wrath of the lich king power leveling a bird in the open.wlk power leveling Joy in living can age of conan gold never be assumed as a pose,or put on from guildwars gold the outside as a mask. People who have this joy don not need maple story mesos to talk about it; they radiate it. wow gold They just live out their joy and let it splash its sunlight and glow into other lives as naturally as bird sings.
Weekends to peopleig2tmean that they can have a two-day wowgold4europe good rest. For example, people gameusdcan go out to enjoy themselves or get meinwowgoldtogether with relatives and friends to talk with each storeingameother or watch interesting video tapes with the speebiewhole family.
Everyone spends agamegoldweekends in his ownmmoflyway. Within two days,some people can relax themselves by listening to music, reading novels,or watchingogeworld films. Others perhaps are more active by playing basketball,wimming ormmorpgvipdancing. Different people have different gamesavorrelaxations.
I often spend weekends withoggsalemy family or my friends. Sometimes my parents take me on a visit to their old friends. Sometimesgamersell I go to the library to study or borrow some books tommovirtexgain much knowledge. I also go to see various exhibition to broadenrpg tradermy vision. An excursion to seashore or mountain resorts is my favorite way of spending weekends. Weekends are always enjoyable for me.
igxe swagvaultoforu wowgold-usaignmax wowgoldlivebrogame thsaleGoldRockUbrogameswagvaultgoldsoonoforuigxethsale
Post a Comment
Everyone spends agamegoldweekends in his ownmmoflyway. Within two days,some people can relax themselves by listening to music, reading novels,or watchingogeworld films. Others perhaps are more active by playing basketball,wimming ormmorpgvipdancing. Different people have different gamesavorrelaxations.
I often spend weekends withoggsalemy family or my friends. Sometimes my parents take me on a visit to their old friends. Sometimesgamersell I go to the library to study or borrow some books tommovirtexgain much knowledge. I also go to see various exhibition to broadenrpg tradermy vision. An excursion to seashore or mountain resorts is my favorite way of spending weekends. Weekends are always enjoyable for me.
igxe swagvaultoforu wowgold-usaignmax wowgoldlivebrogame thsaleGoldRockUbrogameswagvaultgoldsoonoforuigxethsale
Links to this post:
<< Home
