Software:SetACL

From HandWiki
Short description: Security software
SetACL
Developer(s)Helge Klein
Stable release
3.0.6 / 7 September 2012
Operating systemMicrosoft Windows
TypeUtility software
LicenseFreeware
Websitehelgeklein.com/setacl

SetACL is a freeware utility for manipulating security descriptors on Microsoft Windows.[1] It used to be available under the GNU Lesser General Public License (LGPL) as a command-line utility and as an ActiveX component, but changed to a freeware license in version 3.0.0.0.

Features

This list of features is taken from the product's web page.[2]

  • Supports the following object types on Windows 2000 and later
  • Manage permissions on local or remote systems in domains or workgroups.
  • Set multiple permissions for multiple users or groups in a single command.
  • Control how permissions are inherited.
  • List, backup and restore permissions.
  • All operations work on a single object or recursively on a directory or registry tree.
  • Set the owner to any user or group.
  • Unicode support.
  • Remove, replace or copy a user or group from an ACL.
  • Fast performance due to time-consuming steps such as recursing a large file system are performed only once.
  • Filter out object names not to be processed.

Usage

To set 'change' permissions on the directory 'C:\angela' for user 'brian' in domain 'dom1':

SetACL.exe -on "C:\angela" -ot file -actn ace
            -ace "n:dom1\brian;p:change"

Remove write and change permission sets from Desktop, replace with 'read and execute' permissions:

SetACL.exe -on "\\mycomputer\C$\Documents and Settings\username\Desktop" -ot file 
            -actn ace -ace "n:mycomputer\username;p:write,change;m:revoke"
            -ace "n:mycomputer\username;p:read_ex"

An example of its use from AutoIt can be found here.

Short history

  • March 2001 SetACL program 0.x development begins
  • December 2002 SetACL program 2.x development begins
  • April 2003 2.0 beta 1 released
  • July 2003 2.0 final released
  • September 2003 2.0.1.0 released – Remove, replace or copy all Access Control Entries (ACEs) belonging to users or groups of a specified domain.
  • January 2004 2.0.2 released – ActiveX support. can be used from any language that supports COM including AutoIt, Visual Basic, Perl, VBScript.
  • May 2008 2.0.3 released – 64-bit support
  • August 2010 2.1 released – Improved permission listing

References