hi,
use XCACLS
example:
xcacls folder /e /p specialuser:F
XCACLS filename [/T] [/E|/X] [/C] [/G user
erm;spec] [/R
user [...]]
[/P user
erm;spec [...]] [/D user [...]]
[/Y]
Description:
Displays or modifies access control lists (ACLs) of
files.
Parameter List:
filename Displays ACLs.
/T Changes ACLs of specified files in
the current directory and all
subdirectories.
/E Edits ACL instead of replacing it.
/X Same as /E except it only affects
the ACEs that
the specified users already own.
/C Continues on access denied errors.
/G user
erm;spec Grants specified user access rights.
Perm can be:
R Read
C Change (write)
F Full control
P Change Permissions
(Special access)
O Take Ownership (Special
access)
X EXecute (Special access)
E REad (Special access)
W Write (Special access)
D Delete (Special access)
Spec can be the same as perm and
will only be
applied to a directory. In this
case, Perm
will be used for file inheritance
in this
directory. By default, Spec=Perm.
Special values for Spec only:
T Valid for only for
directories.
At least one access
right has to
follow. Entries
between ';' and T
will be ignored.
/R user Revokes specified user's access
rights.
/P user
erm;spec Replaces specified user's access
rights.
Access right specification as same
as
/G option.
/D user Denies specified user access.
/Y Replaces user's rights without
verify.
NOTE:
Wildcards can be used to specify more than one file.
More than one user can be specified.
Access rights can be combined.
Examples:
XCACLS /?
XCACLS TEMP.DOC /G ADMINISTRATOR:RC
XCACLS *.TXT /G ADMINISTRATOR:RC /Y
XCACLS *.* /R ADMINISTRATOR /Y
XCACLS TEST.DLL /D ADMINISTRATOR /Y
XCACLS TEST.DLL /P ADMINISTRATOR:F /Y
XCACLS *.* /G ADMINISTRATOR:F;TRW /Y
XCACLS *.* /G ADMINISTRATOR:F;TXE /C /Y
-----Original Message-----
Would "cacls /t /g user:F" help?
By the way, any user with administrative privileges on the machine could
take ownership of the file and reset the permissions. Also, members of the
Backup Operators group can gain access to the file.
Oli
