hi
recently i got application SUBINACL from my friend he said it is windows editor tool and you can do modification in access of user with that so is that possible with it to restrict spam and viruses or remove them ?
thank you
Printable View
hi
recently i got application SUBINACL from my friend he said it is windows editor tool and you can do modification in access of user with that so is that possible with it to restrict spam and viruses or remove them ?
thank you
SubInACL is a command-line tool that enables administrators to obtain security information about files, registry keys, and services, and transfer this information from user to user, from local or global group to group, and from domain to domain. For example, if a user has moved from one domain (DomainA) to another (DomainB), the administrator can replace DomainA\User with DomainB\User in the security information for the user's files. This gives the user access to the same files from the new domain.
SubInACL enables administrators to do the following:
* Display security information associated with files, registry keys, or services. This information includes owner, group, permission access control list (ACL), discretionary ACL (DACL), and system ACL (SACL).
* Change the owner of an object.
* Replace the security information for one identifier (account, group, well-known security identifier (SID)) with that of another identifier.
* Migrate security information about objects. This is useful if you have reorganized a network's domains and need to migrate the security information for files from one domain to another.
so over all you can secure your os with it .
Subinacl’s has ability to transfer security information from various Windows to new users, domains, or workgroups. Subinacl can also perform security administration . However, Subinacl can be used in batch files since it is a command-line tool. so you should have some scripting and windows knowledge .
Command
File:
F : Full Control
C : Change
R : Read
P : Change Permissions
O : Take Ownership
X : eXecute
E : Read eXecute
W : Write
D : Delete
ClusterShare:
F : Full Control
R : Read
C : Change
Printer:
F : Full Control
M : Manage Documents
P : Print
KeyReg:
F : Full Control
R : Read
A : ReAd Control
Q : Query Value
S : Set Value
C : Create SubKey
E : Enumerate Subkeys
Y : NotifY
L : Create Link
D : Delete
W : Write DAC
O : Write Owner
Service:
F : Full Control
R : Generic Read
W : Generic Write
X : Generic eXecute
L : Read controL
Q : Query Service Configuration
S : Query Service Status
E : Enumerate Dependent Services
C : Service Change Configuration
T : Start Service
O : Stop Service
P : Pause/Continue Service
I : Interrogate Service
U : Service User-Defined Control Commands
Share:
F : Full Control
R : Read
C : Change
Metabase:
F : Full Control
R : Read - MD_ACR_READ
W : Write - MD_ACR_WRITE
I : Restricted Write - MD_ACR_RESTRICTED_WRITE
U : Unsecure props read - MD_ACR_UNSECURE_PROPS_READ
E : Enum keys- MD_ACR_ENUM_KEYS
D : write Dac- MD_ACR_WRITE_DAC
Process:
F : Full Control
R : Read
W : Write
X : eXecute
SamObject:
F : Full Control
W : Write
R : Read
X : Execute
eg.
provide Read access to each user on share:
Allow Users to start and stop the Printer Spooler service :Quote:
SUBINACL /verbose=1 /share \\server\share /grant=Everyone=R
Quote:
SUBINACL /verbose=1 /service Spooler /grant="Authenticated Users"=LQSTOP