SetACL - Windows Permission Management


SetACL is a set of routines for managing Windows permissions (ACLs) from the command line, from scripts and from programs.

These routines can be used from various container or interface programs. Currently there exists a command line version to be used in batch files or scripts. An ActiveX DLL is to follow soon.

Main features:

Set permissions on:

  • Local or remote directories
  • Local or remote files
  • Local or remote printers
  • Local or remote registry keys
  • Local or remote Win32 services
  • Local or remote network shares

New in 2.0.1:
  • Domain migration made easier
    • Remove all ACEs belonging to users/groups of a certain domain.
    • Replace all ACEs belonging to users/groups of a certain domain with ACEs for users/groups of the same name in a second domain.
    • Copy all ACEs belonging to users/groups of a certain domain to ACEs for users/groups of the same name in a second domain.
    • Less typing necessary: I have provided the parameter '-ace' with default values for mode and DACL/SACL. For details please see the release notes.
  • Supported object types: files and directories, registry keys, printers, services, network shares.
  • Manage permissions on local or remote systems in trusted or untrusted domains or workgroups.
  • Set multiple permissions for multiple users/groups at once.
  • All standard and specific permissions of Windows 2000/XP are supported.
  • Control how permissions are inherited by sub-objects (permission applies to: sub-folders, files, ...)
  • Block permission inheritance ("protect" objects).
  • List permissions.
  • Backup and Restore permissions.
  • All operations work on a single object or recursively on a (directory/registry) tree.
  • Set the owner to any user/group.
  • Edit permission and/or auditing entries (DACL and/or SACL editing).
  • Use of privileges: as an administrator, you have access to any file or directory, even the ones you do not have permission to where you are not the owner (just like a backup program).
  • Unicode support: object names with Unicode characters are processed correctly.
  • Clear ACLs: remove any non-inherited entries (ACEs).
  • Reset permissions on all sub-objects and enable propagation of inherited permissions.
  • Remove a user/group from an ACL: completely removes any entry belonging to a certain user/group.
  • Replace a user/group: replace all entries of one user/group by another user/group.
  • Copy a user/group: copy all entries of one user/group to another user/group.
  • All functions can be used concurrently: this allows for very powerful commands that run fast, since time consuming steps (like recursing a large file system) are performed only once.
  • Exclude (filter) object names not to be processed by keyword(s).

Version 2.0.2

SetACL now is available both as a command line EXE and an ActiveX control. Both versions use the same base code, but provide a different interface to it. The OCX can be used from languages like VB, Perl or VBScript.

Additionally the base code has been updated to version 2.0.2 and contains several improvements.


Comment List