Cacls, Windows 7, full permissions, local names

Aleksandr Kravets picture Aleksandr Kravets · Feb 2, 2012 · Viewed 9.6k times · Source

I need to grant full access permissions on folder using (deprecated on win7) Cacls. It seems to me that i have to use with cacls localized usernames and groupnames. E.g.:

cacls foldername /T /E /C /G Users:F

This gave me error "No mapping between account names and security IDs was done". And next command works fine (users in russian = Пользователи).

cacls foldername /T /E /C /G Пользователи:F

How can i grant full permissions on folder regardless of the system language?

Answer

wmz picture wmz · Feb 2, 2012

Use xcacls instead as described here and use SIDs instead of names (you will find well known sids here)

If you for some reason are stuck with cacls, then google: cacls sidwill bring you some workarounds how to do reverse mapping from sid to name and then supply this to cacls

Edit: could not resist to learn some new tricks... this simple script will give you actual name of 'Users' (S-1-5-32-545) group on a given PC:

    Set objWMIService = GetObject("winmgmts:\\.\root\cimv2")
    Set objAccount = objWMIService.Get ("Win32_SID.SID='S-1-5-32-545'")
    Wscript.Echo objAccount.AccountName

Put it into a file with vbs extension (Let's assume usersName.vbs).

Now run:

echo Y|for /f "delims=" %i in ('cscript -Nologo usersName.vbs') do cacls foldername /G "%i":F

Done :-)

Edit: corrected to work if name has space in (added delims=). Please also note that echo Y at the start works if you use English version of the tool.