acls on win-side

Thomas Heiligenmann thomas.heiligenmann at
Tue Sep 7 17:12:30 GMT 1999

> as far I know cacls does not support domain-user. maybe there is a different version of this prog in nt-workstation and nt-server. but my
> my german-workstation-cacls can show domain-user but not process any granting with it. gui-security-extension in explorer can do it, but
> I need something for scripts.

Why granting permissions on local files directly to domain users (and
admins) ? I think it's easier and keeps things clearer to add domain
users/admins to local groups and then granting permissions to this
groups, something like:

net localgroup Users "your_domain\Domain Users" /add
net localgroup Admins "your_domain\Domain Admins" /add
echo j| CACLS c:\your_path /T /C /G Users:C Admins:F
... etc. whatever you like

You can play with tools like igrant/revoke/grant on this groups too, eg.
add the lines to a script which is invoked during automatic installation
of your nt wkstn. You'll find more information at the MS website looking
for "Unattended Setup" and "Zero Administration Kit"


More information about the samba-ntdom mailing list