You are not logged in.

Pages: 1

#1 12 Mar 2016 14:31

boushta
Member
Registered: 20 May 2014
Posts: 14

icacls auto arguments change

can't believe i passed a file for icacls to process and strangely icacls changed the argument automatically
so i passed "C:\Users\boushta\Desktop\acls.vbs" and icacls changed it to "C:\Users\boushta\Desktop\acls.vbs\acls.vbs"

please help, can not understand or debug this error


icacls "C:\Users\boushta\Desktop\acls.vbs"  /restore "Users\boushta\AppData\Local\Temp\acls.vbs.Acl"
C:\Users\boushta\Desktop\acls.vbs\acls.vbs: specified path does not exist.
Successfully processed 0 files; Failed processing 1 files

Offline

#2 12 Mar 2016 18:56

Aacini
Member
Registered: 05 Dec 2012
Posts: 149

Re: icacls auto arguments change

I never used "icacls" command before, so I entered: "icacls" at the command prompt and something like this appear:

ICACLS directory /restore ACLfile

This indicate me that the first parameter must be a directory, not a file...

Offline

#3 12 Mar 2016 21:01

boushta
Member
Registered: 20 May 2014
Posts: 14

Re: icacls auto arguments change

ok you are right but still why it successfully accept an argument as file when saving its acls ????????????????????

icacls "C:\Users\boushta\Desktop\acls.vbs" /save "C:\Users\boushta\AppData\Local\Temp\acls.vbs.Acl"
file processed : C:\Users\boushta\Desktop\acls.vbs
Successfully processed 1 files; Failed processing 0 files

content of "acls.vbs.Acl" where the acl are saved:

acls.vbs
D:PAI(A;;FA;;;S-1-5-21-559460538-3582994812-1695096405-1001)(A;;FA;;;BA)

or if you know some console app that can backup and restore acls from a saved file

Last edited by boushta (12 Mar 2016 21:02)

Offline

#4 13 Mar 2016 11:58

Simon Sheppard
Admin
Registered: 27 Aug 2005
Posts: 1,130
Website

Re: icacls auto arguments change

If you can use PowerShell, this is worth a look:

File System Security PowerShell Module
Allows a much easier management of permissions on files and folders using PowerShell
https://gallery.technet.microsoft.com/s … dbb2b84e85

Offline

#5 13 Mar 2016 12:42

boushta
Member
Registered: 20 May 2014
Posts: 14

Re: icacls auto arguments change

thanks both Aacini and Simon, i tried to pass the file parent directory instead of the file itself and it works perfectly
icacls take the directory as argument and takes the filename from the saved acl file: parent directory + filename = fullpath

icacls "C:\Users\boushta\Desktop"  /restore "c:\Users\boushta\AppData\Local\Temp\acls.vbs.Acl"
Successfully processed 1 files; Failed processing 0 files

Offline

#6 13 Mar 2016 17:03

Simon Sheppard
Admin
Registered: 27 Aug 2005
Posts: 1,130
Website

Re: icacls auto arguments change

That will replace the ACL for the whole directory, which is probably what you wanted but worth emphasising:

An access control list (ACL) is a list of access control entries (ACE).
When backing up or restoring an ACL with iCACLS, you must do so for an entire directory (using /save and /restore) even if you are only interested in the ACEs for a few individual files.
http://ss64.com/nt/icacls.html

Offline

#7 16 Mar 2016 17:12

boushta
Member
Registered: 20 May 2014
Posts: 14

Re: icacls auto arguments change

i tried both restoring a single file and also a whole directory files c:\users\boushta\desktop\*
and both worked great, no point to argue about that anymore
also i found a very good console app that can do it easily and more here is an example in case someone need it

saving acls to an external file:

fileacl.exe "C:\Users\boushta\Desktop\Test" /FILES /sub /raw > "%temp%\fileaclSave.acl.cmd"

restoring acls from an external files,here i failed to do it in cmd so i used vbscript instead

set wshshell = createobject("wscript.shell")
fileacl = "fileacl.exe"
Set fso = CreateObject("Scripting.FileSystemObject")
Set re = New Regexp:re.pattern = ";S\-1\-5-":re.global = True
AclsbackupFile = "C:\Users\boushta\AppData\Local\Temp\fileaclSave.acl.cmd"

RestoreFileAclAcls AclsbackupFile 



Sub RestoreFileAclAcls(AclBackupFile)
        ReadALL   = fso.OpenTextFile(AclBackupFile, 1, False).ReadAll
	ReadAll = re.replace(ReadALL," /s S-1-5-")
	re.pattern = "^(\S)([\s\S]*?)\s+\/s\s+S\-1\-5-":re.global = True:re.multiline =  True
	Set WriteFile = fso.OpenTextFile(AclBackupFile, 2, False)
	WriteFile.Write re.replace(ReadALL,fileacl & " " & DblQuotes("$1$2")  & " /s S-1-5-")
	WriteFile.Close
        
        rem restore acls
        wshshell.run DblQuotes(AclBackupFile)
End Sub


Function DblQuotes(StrValue)
    DblQuotes = chr(34) & StrValue & chr(34)
ENd Function

here is the link to fileacl.exe : Fileacl

Last edited by boushta (16 Mar 2016 17:18)

Offline

#8 17 Mar 2016 12:29

boushta
Member
Registered: 20 May 2014
Posts: 14

Re: icacls auto arguments change

here is the link to fileacl.exe : Fileacl.

shit does not support unicode pathname, gotta stick with icacls

Offline

#9 17 Mar 2016 20:55

Simon Sheppard
Admin
Registered: 27 Aug 2005
Posts: 1,130
Website

Re: icacls auto arguments change

The thing that should make you a little wary of FILEACL (by Guillaume Bordier) is that it hasn't been updated in over 10 years while NTFS has.

Offline

Pages: 1

Board footer

Powered by