MAKEMSI quickly and reliably creates MSI files in a non-programmatic way
Have your say! Join the MAKEMSI discussion list or view archive! Suggest improvements. No question too simple or too complex.
[Bottom][Contents][Prev]: Security Related Tools[Next]: regini.exe
Have your say! Join the MAKEMSI discussion list or view archive! Suggest improvements. No question too simple or too complex.
\->Tips and Tricks->Tools->Security Related Tools->cacls.exe

cacls.exe

Seems to be a MS tool which is installed by default in Windows XP for updating file/folder permissions.

The tool doesn't work with "well known SID", for a workaround see "CACLS.EXE - How to use Well Known SID".

Example - MAKEMSI Use via Macros

;--- Handy commands you may wish to use -------------------------------------
#define  CACLS   <$RunCmd  {$?} ALIAS="CACLS" Command="CACLS.EXE" @="N">    ;;"CACLS.EXE" installed with WIN2000 & WINXP (at least on PRO)
#define  /CACLS  <$/RunCmd {$?} ALIAS="/CACLS">

;--- Update ACL on "fred.ini" -----------------------------------------------
<$CACLS CONDITION=^<$CONDITION_INSTALL_ONLY>^>
    ;--- Name of file we wish to modify ACL on ------------------------------
    "%WinDir%\system32\fred.ini"

    ;--- Edit ACL instead of replacing it -----------------------------------
    /E

    ;--- Deny administrators access -----------------------------------------
    /D administrators
<$/CACLS>

The example below makes use of the same macros used above but shows a how you can reference the installation directory (or msi properties in general):

#data '@@INSTALLDIR' 2
    ;--- Install time name and location of SETACL tool ----------------------
    "INSTALLDIR" "[INSTALLDIR]"
#data
<$CACLS CONDITION=^<$CONDITION_INSTALL_ONLY>^ DATA="@@INSTALLDIR">
   "(*INSTALLDIR*)SomeFile.txt"
   /E
   /G Users:C
<$/CACLS>

Note that the "deny" ability of this command is very limited.

cacls.EXE /?



 NOTE: Cacls is now deprecated, please use Icacls.



 Displays or modifies access control lists (ACLs) of files



 CACLS filename [/T] [/M] [/L] [/S[:SDDL]] [/E] [/C] [/G user:perm]

        [/R user [...]] [/P user:perm [...]] [/D user [...]]

    filename      Displays ACLs.

    /T            Changes ACLs of specified files in

                  the current directory and all subdirectories.

    /L            Work on the Symbolic Link itself versus the target

    /M            Changes ACLs of volumes mounted to a directory

    /S            Displays the SDDL string for the DACL.

    /S:SDDL       Replaces the ACLs with those specified in the SDDL string

                  (not valid with /E, /G, /R, /P, or /D).

    /E            Edit ACL instead of replacing it.

    /C            Continue on access denied errors.

    /G user:perm  Grant specified user access rights.

                  Perm can be: R  Read

                               W  Write

                               C  Change (write)

                               F  Full control

    /R user       Revoke specified user's access rights (only valid with /E).

    /P user:perm  Replace specified user's access rights.

                  Perm can be: N  None

                               R  Read

                               W  Write

                               C  Change (write)

                               F  Full control

    /D user       Deny specified user access.

 Wildcards can be used to specify more than one file in a command.

 You can specify more than one user in a command.



 Abbreviations:

    CI - Container Inherit.

         The ACE will be inherited by directories.

    OI - Object Inherit.

         The ACE will be inherited by files.

    IO - Inherit Only.

         The ACE does not apply to the current file/directory.

    ID - Inherited.

         The ACE was inherited from the parent directory's ACL.


Microsoft awarded me an MVP (Most Valuable Professional award) in 2004, 2005, 2006, 2007, 2008 & 2009 for the Windows SDK (Windows Installer) area.Please email me any feedback, additional information or corrections.
See this page online (look for updates)

[Top][Contents][Prev]: Security Related Tools[Next]: regini.exe


MAKEMSI© is (C)opyright Dennis Bareis 2003-2008 (All rights reserved).
Saturday May 28 2022 at 3:11pm
Visit MAKEMSI's Home Page
Microsoft awarded me an MVP (Most Valuable Professional award) in 2004, 2005, 2006, 2007, 2008 & 2009 for the Windows SDK (Windows Installer) area.