#1 02 Jun 2006 09:58

NDog
Member
From: New Zealand
Registered: 31 May 2006
Posts: 119
Website

Advanced text file manipulation

I have followed the advice on http://ss64.com/nt/subinacl.html

List permissions to log file:
subinacl /noverbose /nostatistic /outputlog=my.log /subdirectories "\\games00\c$\windows\system32\grouppolicy" /display

Restore Permissions:
subinacl /nostatistic /playfile my.log

I have this file now (my.log)

================================================
+File \\games00\c$\windows\system32\GroupPolicy
================================================
/control=0x1400
/owner             =games00\administrator
/primary group     =games00\none
/audit ace count   =0
/perm. ace count   =2
/pace =games00\administrator  Type=0x1 Flags=0x3 AccessMask=0x20089
/pace =games00\vadal  Type=0x0 Flags=0x3 AccessMask=0x1200a9

I wish to make a script that can automatically import these logs across my network, what I need to happen is when it loops, it needs to take the "games00" and replace them with games02, or games10 or whatever i feed into the loop.

This is waaay over my head, I still cant fully comprehend the for /f command but if you can help me either manipulate this log file to export across different folders, or just make more effecient use of the subinacl program, that would be much appreciated.

Thanks!!!


cmd, vbs, ps, bash
autoit, python, swift

Offline

#2 02 Jun 2006 19:17

Simon Sheppard
Super Administrator
Registered: 27 Aug 2005
Posts: 1,031
Website

Re: Advanced text file manipulation

What is it you are trying to change?
permissions?
owner?
Are you trying to apply user/group permissions from one machine to files stored on another?
are the machines in a domain

Offline

#3 02 Jun 2006 22:21

NDog
Member
From: New Zealand
Registered: 31 May 2006
Posts: 119
Website

Re: Advanced text file manipulation

Thank you for the reply

Well the specifics for me using subinacl is I wish to

a) delete all owners/permissions on the folder
b) create 2 users (owners i think) on the folder: 'administrator' and 'vadal'
c) the 'administrator' user needs permissions set to: deny read
d) the 'vadal' user needs permissions set to: accept read & execute, accept list folders, accept read

I dont neccessarily need to apply user/group permissions from one machine to another, however those are the specific uaser/permissions I wish to apply across all the machines

Yes I want to export these settings accross my network, we dont use domain controller for this specific network, its the gaming network, our other networks have domain controller, however this is a project I have been working on, and this is the only thing I havent worked out yet.

You might be curious, as I am editting security for the GroupPolicy folder, firstly I am the administrator, so I know all the passwords and am setting up and deploying this personally, however this is an unothordox way of applying grouppolicies to only apply to the 'vadal' account which is the default user who sits down at our machines, we apply grouppolicies to that profile to obviously restrict their actions, while the 'administrator' has his grouppolices set to deny read, which means when we logon, we dont get (load) group policy restrictions.

Simple explanation if you were curious wink

Nathan


cmd, vbs, ps, bash
autoit, python, swift

Offline

#4 03 Jun 2006 21:54

Simon Sheppard
Super Administrator
Registered: 27 Aug 2005
Posts: 1,031
Website

Re: Advanced text file manipulation

OK I think the best command for that would be XCACLS
http://ss64.com/nt/xcalcs.html

/P will replace the owner
/R User will revoke access
/G User will grant access

you can use the %computername% variable like so

XCACLS "C:\Folder Name" /G %computername%\your_user_account:F

I find it's usually easier to run several XCACLS commends to set each of the properties you need, rather than one monster command.

Offline

#5 04 Jun 2006 12:18

NDog
Member
From: New Zealand
Registered: 31 May 2006
Posts: 119
Website

Re: Advanced text file manipulation

Ah dont worry, I would rather use subinacl and import the log file settings, that is way faster.

Heres my current script, a big biggish, but it does the job properly, and FAST hehe, I can seem to manage for /f command yet sad lol

SET FIRSTPC=whateveritscalled
SET UPDATELOG=%FIRSTPC%update.log

ECHO ================================================ >>%UPDATELOG%
ECHO +File \\%FIRSTPC%\c$\windows\system32\GroupPolicy >>%UPDATELOG%
ECHO ================================================ >>%UPDATELOG%
ECHO /control=0x1400 >>%UPDATELOG%
ECHO /owner=%FIRSTPC%\administrator >>%UPDATELOG%
ECHO /primary group=%FIRSTPC%\none >>%UPDATELOG%
ECHO /audit ace count=0 >>%UPDATELOG%
ECHO /perm. ace count=2 >>%UPDATELOG%
ECHO /pace=%FIRSTPC%\administrator  Type=0x1 Flags=0x3 AccessMask=0x20089 >>%UPDATELOG%
ECHO /pace=%FIRSTPC%\vadal  Type=0x0 Flags=0x3 AccessMask=0x1200a9 >>%UPDATELOG%

subinacl /nostatistic /playfile %UPDATELOG%

Anyway I will give you credit, since it was your website that showed me how to create and import log files.

A big thank you, and ss64.com is my fav site!!! smile


cmd, vbs, ps, bash
autoit, python, swift

Offline

#6 28 Jul 2006 23:01

pand0ra
Member
Registered: 28 Jul 2006
Posts: 1

Re: Advanced text file manipulation

Create a batch file with the junk listed below. You will also need a file caleed hostnames.txt with the list of hosts in it.

---------------------------------------------------------------------------------------------------
:START
FOR /F "Tokens=1" %%a in (hostnames.txt) Do (
    IF "%%a" == "END" GOTO END



rem List permissions to log file:
CALL subinacl /noverbose /nostatistic /outputlog=my.log /subdirectories \\%%a\c$\windows\system32\grouppolicy /display

rem Restore Permissions:
CALL subinacl /nostatistic /playfile my.log \%%a

)
:END

Offline

Board footer

Powered by FluxBB