Q327522 using XCACLS.EXE

  • Thread starter Thread starter Mike
  • Start date Start date
M

Mike

Hello,

I'd like to automate the admin action required by Q327522 (327522 - MS02-064
Windows 2000 Default Permissions May Permit Trojan Horse Attack) by using
xcacls.exe from the command prompt. This is for our Win2000 machines. The
xcacls help is still a bit cryptic for me. I'm using xcacls.exe from WinXP
support.cab. Thanks in advance. :)

Mike
 
Mike said:
I'd like to automate the admin action required by Q327522 (327522 -
MS02-064 Windows 2000 Default Permissions May Permit Trojan Horse Attack)
by using xcacls.exe from the command prompt. This is for our Win2000
machines. The xcacls help is still a bit cryptic for me. I'm using
xcacls.exe from WinXP support.cab. Thanks in advance. :)
Click to expand...

Hi Mike,

Q327522 mentions using a security template to accomplish this.

For more information about security templates, see
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sag_scetopnode.mspx

Regards,

Bill
 
Thanks Bill. Yes, secedit should also work nicely here.

Sometimes you just want to do everything from a command prompt. The output
for my system is:

C:\Documents and Settings\Admin\Desktop>xcacls c:\
c:\ BUILTIN\Administrators:(OI)(CI)F
CREATOR OWNER:(OI)(CI)(IO)F
Everyone:R
NT AUTHORITY\SYSTEM:(OI)(CI)F
BUILTIN\Users:(OI)(CI)R
BUILTIN\Users:(CI)(special access:)
SYNCHRONIZE
FILE_APPEND_DATA

BUILTIN\Users:(OI)(CI)(IO)(special access:)
SYNCHRONIZE
FILE_WRITE_DATA

Bill Stewart said:
For more information about security templates, see
Click to expand...
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sag_scetopnode.mspx
 
Back
Top