3

I need to grant full access permissions on folder using (deprecated on win7) Cacls. It seems to me that i have to use with cacls localized usernames and groupnames. E.g.:

cacls foldername /T /E /C /G Users:F

This gave me error "No mapping between account names and security IDs was done". And next command works fine (users in russian = Пользователи).

cacls foldername /T /E /C /G Пользователи:F

How can i grant full permissions on folder regardless of the system language?

Aleksandr Kravets
  • 5,750
  • 7
  • 53
  • 72

1 Answers1

4

Use xcacls instead as described here and use SIDs instead of names (you will find well known sids here)

If you for some reason are stuck with cacls, then google: cacls sidwill bring you some workarounds how to do reverse mapping from sid to name and then supply this to cacls

Edit: could not resist to learn some new tricks... this simple script will give you actual name of 'Users' (S-1-5-32-545) group on a given PC:

    Set objWMIService = GetObject("winmgmts:\\.\root\cimv2")
    Set objAccount = objWMIService.Get ("Win32_SID.SID='S-1-5-32-545'")
    Wscript.Echo objAccount.AccountName

Put it into a file with vbs extension (Let's assume usersName.vbs).

Now run: 

echo Y|for /f "delims=" %i in ('cscript -Nologo usersName.vbs') do cacls foldername /G "%i":F

Done :-)

Edit: corrected to work if name has space in (added delims=). Please also note that echo Y at the start works if you use English version of the tool.

wmz
  • 3,645
  • 1
  • 14
  • 22
  • I have to use unified solution for systems in range win2k - win7. And tool must be standart. I can't make user install additional utilities. – Aleksandr Kravets Feb 03 '12 at 09:28
  • Could you add some explanation how you intended this to work? Are those PC under your control? Can you (user) run a script? – wmz Feb 03 '12 at 11:22
  • I supply user with archived set of files and batch file among them. User unpacks archive and launches Bat-file. Then follows directions. Script copies files to some location and gives everyone full access to that folder. That's how it should work. I will never use script myself. I assuming that user uses Admin rights to run batch, otherwise he will not be able to write to some folders under some systems. But user shouldn't work with installed files with admin rights. That's why i need to use cacls. – Aleksandr Kravets Feb 03 '12 at 13:36
  • @AleksandrKravets Well, xcacls (the one I lined to) is just a vbs script and while there is an installer I don't think you need it for anything except to unpack the script (once) )... So you could include actual xcalcs.vbs it in you distro and just run with cscript from your batch file. – wmz Feb 03 '12 at 15:24
  • Thanks for your answer. I also will publish solution i found by your advise in Google =). – Aleksandr Kravets Feb 04 '12 at 15:53
  • I was wrong, my solution doesn't work. I have another question about yours: have you tried your code on non-english systems? – Aleksandr Kravets Feb 06 '12 at 11:39
  • @AleksandrKravets PCs I have here have users as group name - but I verified it works when it's manually changed name to different one. Please note about echo Y - this works for English, not if you have localised cacls.exe (which I have on one of my machines.) Praise MS! – wmz Feb 06 '12 at 12:38
  • Now I'm trying to use xcacls as you proposed in the begining. God it's SLOW! I hope client wouldn't notice =) – Aleksandr Kravets Feb 06 '12 at 14:38