Which is best, /G or /P, or does it not matter ?
My preference is "/E /P" which results in
BUILTIN\Users:(OI)(CI)F
BUILTIN\Administrators:F
BUILTIN\Administrators:(OI)(CI)(IO)F
NT AUTHORITY\SYSTEM:F
NT AUTHORITY\SYSTEM:(OI)(CI)(IO)F
NT AUTHORITY\Authenticated Users:C
NT AUTHORITY\Authenticated Users:(OI)(CI)(IO)C
How is "single barrel-led" BUILTIN\Users: different from "double barrel-led" :-
BUILTIN\Administrators:
NT AUTHORITY\SYSTEM:
NT AUTHORITY\Authenticated Users:
What does /T do ?
CACLS /? says /T applies to "all sub-directories",
but how does that differ from
CI - Container Inherit.
plus
OI - Object Inherit.
I do not fully understand BUILTIN\Users:(OI)(CI)F,
but I am overwhelmed by "/E /G" which gives
BUILTIN\Users:(OI)(CI)(IO)(special access:)
STANDARD_RIGHTS_ALL
DELETE
READ_CONTROL
WRITE_DAC
WRITE_OWNER
SYNCHRONIZE
STANDARD_RIGHTS_REQUIRED
GENERIC_READ
GENERIC_EXECUTE
FILE_GENERIC_READ
FILE_GENERIC_WRITE
FILE_GENERIC_EXECUTE
FILE_READ_DATA
FILE_WRITE_DATA
FILE_APPEND_DATA
FILE_READ_EA
FILE_WRITE_EA
FILE_EXECUTE
FILE_DELETE_CHILD
FILE_READ_ATTRIBUTES
FILE_WRITE_ATTRIBUTES
A standard "Guest" account/profile can be logged into without a password
My daughter has a normal User account with a password but without Admin authority.
Does CACLS consider them both equally "BUILTIN\Users:" ?
I have Admin authority (and a password)
Am I a "BUILTIN\Administrators:" ?
How do I become a "NT AUTHORITY\Authenticated Users:" ?
Do I need to start in SAFE mode and log into my normal account ALAN ?
Or do I log into the special Administrator account via SAFE mode ?
I propose using
CACLS "H:\Utils" /T /E /P Users:F
This I expect to give full access for Guests etc.
QUESTIONS :-
If a new application is downloaded and held in a new folder under "H:\Utils\",
Will that inherit full access from the "H:\Utils" parent ?
If an existing application elsewhere in H:\ has normal NTFS restrictions,
will it retain those restrictions if I move it under "H:\Utils\",
Or will it now inherit full access from the "H:\Utils" parent ?
Regards
Alan