Advanced text file manipulation

Microsoft Windows
Post Reply
User avatar
MigrationUser
Posts: 336
Joined: 2021-Jul-12, 1:37 pm
Contact:

Advanced text file manipulation

Post by MigrationUser »

02 Jun 2006 09:58
NDog


I have followed the advice on https://ss64.com/nt/subinacl.html

List permissions to log file:
subinacl /noverbose /nostatistic /outputlog=my.log /subdirectories "\\games00\c$\windows\system32\grouppolicy" /display

Restore Permissions:
subinacl /nostatistic /playfile my.log

I have this file now (my.log)

Code: Select all

================================================
+File \\games00\c$\windows\system32\GroupPolicy
================================================
/control=0x1400
/owner             =games00\administrator
/primary group     =games00\none
/audit ace count   =0
/perm. ace count   =2
/pace =games00\administrator  Type=0x1 Flags=0x3 AccessMask=0x20089
/pace =games00\vadal  Type=0x0 Flags=0x3 AccessMask=0x1200a9
I wish to make a script that can automatically import these logs across my network, what I need to happen is when it loops, it needs to take the "games00" and replace them with games02, or games10 or whatever i feed into the loop.

This is waaay over my head, I still cant fully comprehend the for /f command but if you can help me either manipulate this log file to export across different folders, or just make more effecient use of the subinacl program, that would be much appreciated.

Thanks!!!

cmd, vbs, ps, bash
autoit, python, swift

----------------------------

#2 02 Jun 2006 19:17
Simon Sheppard


What is it you are trying to change?
permissions?
owner?
Are you trying to apply user/group permissions from one machine to files stored on another?
are the machines in a domain

----------------------------

#3 02 Jun 2006 22:21
NDog


Thank you for the reply

Well the specifics for me using subinacl is I wish to

a) delete all owners/permissions on the folder
b) create 2 users (owners i think) on the folder: 'administrator' and 'vadal'
c) the 'administrator' user needs permissions set to: deny read
d) the 'vadal' user needs permissions set to: accept read & execute, accept list folders, accept read

I dont neccessarily need to apply user/group permissions from one machine to another, however those are the specific uaser/permissions I wish to apply across all the machines

Yes I want to export these settings accross my network, we dont use domain controller for this specific network, its the gaming network, our other networks have domain controller, however this is a project I have been working on, and this is the only thing I havent worked out yet.

You might be curious, as I am editting security for the GroupPolicy folder, firstly I am the administrator, so I know all the passwords and am setting up and deploying this personally, however this is an unothordox way of applying grouppolicies to only apply to the 'vadal' account which is the default user who sits down at our machines, we apply grouppolicies to that profile to obviously restrict their actions, while the 'administrator' has his grouppolices set to deny read, which means when we logon, we dont get (load) group policy restrictions.

Simple explanation if you were curious wink

Nathan

cmd, vbs, ps, bash
autoit, python, swift

----------------------------

#4 03 Jun 2006 21:54
Simon Sheppard


OK I think the best command for that would be XCACLS
https://ss64.com/nt/xcalcs.html

/P will replace the owner
/R User will revoke access
/G User will grant access

you can use the %computername% variable like so

XCACLS "C:\Folder Name" /G %computername%\your_user_account:F

I find it's usually easier to run several XCACLS commends to set each of the properties you need, rather than one monster command.

----------------------------

#5 04 Jun 2006 12:18
NDog


Ah dont worry, I would rather use subinacl and import the log file settings, that is way faster.

Heres my current script, a big biggish, but it does the job properly, and FAST hehe, I can seem to manage for /f command yet sad lol

Code: Select all

SET FIRSTPC=whateveritscalled
SET UPDATELOG=%FIRSTPC%update.log

ECHO ================================================ >>%UPDATELOG%
ECHO +File \\%FIRSTPC%\c$\windows\system32\GroupPolicy >>%UPDATELOG%
ECHO ================================================ >>%UPDATELOG%
ECHO /control=0x1400 >>%UPDATELOG%
ECHO /owner=%FIRSTPC%\administrator >>%UPDATELOG%
ECHO /primary group=%FIRSTPC%\none >>%UPDATELOG%
ECHO /audit ace count=0 >>%UPDATELOG%
ECHO /perm. ace count=2 >>%UPDATELOG%
ECHO /pace=%FIRSTPC%\administrator  Type=0x1 Flags=0x3 AccessMask=0x20089 >>%UPDATELOG%
ECHO /pace=%FIRSTPC%\vadal  Type=0x0 Flags=0x3 AccessMask=0x1200a9 >>%UPDATELOG%

subinacl /nostatistic /playfile %UPDATELOG%
Anyway I will give you credit, since it was your website that showed me how to create and import log files.

A big thank you, and ss64.com is my fav site!!! smile

cmd, vbs, ps, bash
autoit, python, swift

----------------------------

#6 28 Jul 2006 23:01
pand0ra


Create a batch file with the junk listed below. You will also need a file caleed hostnames.txt with the list of hosts in it.

Code: Select all

---------------------------------------------------------------------------------------------------
:START
FOR /F "Tokens=1" %%a in (hostnames.txt) Do (
    IF "%%a" == "END" GOTO END


rem List permissions to log file:
CALL subinacl /noverbose /nostatistic /outputlog=my.log /subdirectories \\%%a\c$\windows\system32\grouppolicy /display

rem Restore Permissions:
CALL subinacl /nostatistic /playfile my.log \%%a

)
:END
Post Reply