Your unlikely to need the revoke step.Greg M wrote:
It's sometimes hard to believe that such a long correspondence can be resolved with just four little lines of code:
Net Share MyShare=G:\MyFolder
Cacls G:\MyFolder /e /r Everyone
Cacls G:\MyFolder /e /g Everyone:C
I only did it in my example because initially, I was using an existing Share that was created using the Sharing Wizard. But I left it in because I wanted to show that how it can be done, as, let's face it, CACLS is not exactly user friendly, nor unambiguously documented.
Hell, I often forget to add the /e to the command-line, and just blow away the entire ACL, for all but the specific account supplied.
Also, at first glance, it's not obvious what the difference is between the /g and /p switches:
- grant (/g) is suppose to add permissions to any existing ones.
- replace permission (/p) is suppose to entirely replace any existing permissions with what your suppling on the command-line now.
Anyway, what I've learnt is that if CACLS ever asks 'Are you sure', say no ! ...
Oh, and to further clarify, the ACLs are 'stored' in the filesystem, not in the Registry. Kind of like the way a file's size and it's access/modification times are stored.
That's why if you move a Hard Disk between two systems, an Administrator needs to take ownership of files first, before correcting their ACLs - the new system will likely not have the same user accounts setup (user IDs, etc). All good fun...