Changing folder permissions through the registry

Archived from groups: microsoft.public.windowsxp.customize (More info?)

I need to change some folder permissions on some remote users. Basically,
they are only members of the power user group and need to give them
administrator access to a folder. The easiest way would be to send them a
registry file and have them merge it in. Can anyone explain where in the
registry you can set folder permissions?

Thanks in advance
2 answers Last reply
More about changing folder permissions registry
  1. Archived from groups: microsoft.public.windowsxp.customize (More info?)

    | "Philip Shulman" <pshulman@nospam_tevausa.com>
    | Message news:eRUFix0mEHA.2140@TK2MSFTNGP11.phx.gbl...
    |I need to change some folder permissions on some remote users. Basically,
    | they are only members of the power user group and need to give them
    | administrator access to a folder. The easiest way would be to send them a
    | registry file and have them merge it in. Can anyone explain where in the
    | registry you can set folder permissions?
    |
    | Thanks in advance

    I apologize in advance for not having specific steps. However, I have not
    been actively involved in Security Management Technologies since I installed
    Microsoft Windows XP on April 4, 2004. And I have played very little with
    an Active Directory environment. (100% of it here at home, with my two old
    networked computers and Server2003). Not to mention that I am just a home
    user who likes to (among other things) play with computers, and research and
    read about computer-related technologies that interest me.

    But anyway, when I played with the technology for the many years I was
    running Microsoft Windows 2000 as my primary Operating System I
    discovered that...

    Folder Permissions (file permission, registry permissions, security polices,
    etc.) are stored in a file named secedit.sdb that is stored in the following
    directory:

    %WINDIR%\security\Database\

    And there are several tools you can use to configure System Security areas
    (Account Policies, Local Policies, Event Log, Restricted Groups, System
    Services, Registry, File System). One is named the Security Configuration
    and Analysis snap-in (a Microsoft Management Console snap-in). And another
    is named secedit.exe (a command-line tool).

    For some information on this subject see the following Microsoft Web Site:

    Microsoft Windows XP Professional Resource Kit Documentation Online
    Part III Security | Ch 16 Authorization and Access Control
    Using Security Policy | Working with Local Security Policy
    Using Security Templates
    http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/prdd_sec_umgs.asp

    And you can find links to peer-to-peer support newsgroups for Security
    Management and Active Directory Technologies below.

    Management Technologies Newsgroups
    http://www.microsoft.com/windowsserver2003/community/newsgroups/management/default.mspx

    Directory Services Newsgroups
    http://www.microsoft.com/windowsserver2003/community/newsgroups/directoryservices/default.mspx

    MORE INFORMATION:

    If you are the "curious-type". And if you have Microsoft Word and configure
    Word to "always show the File Conversion dialog box when you open a text
    file", or "Confirm conversion at Open" (for more information search
    Microsoft Word help for the words in double-quotes). You can open a copy of
    secedit.sdb with Word (Recover Text from Any File) to get an idea of itsr
    contents.

    For example, here is what the security descriptors might look like for a
    file listed in my secedit.sdb:

    F:\B.Baker\Lyrics\Spiritualized\AmazingGrace\LayItDownSlow.txt
    D:P(A;;GRGX;;;BU)(A;;GRGX;;;PU)(A;;GA;;;BA)(A;;GA;;;SY)(A;;GRGX;;;WD)

    The second line contains the security descriptors for the file. For some
    information on security descriptors see the following Microsoft Web Site:

    MSDN Home | MSDN Library | Security | Authorization
    About Authorization | Access Control
    Security Descriptor Definition Language
    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthz/security/security_descriptor_string_format.asp
  2. Archived from groups: microsoft.public.windowsxp.customize (More info?)

    Philip Shulman wrote:

    > I need to change some folder permissions on some remote users. Basically,
    > they are only members of the power user group and need to give them
    > administrator access to a folder. The easiest way would be to send them a
    > registry file and have them merge it in. Can anyone explain where in the
    > registry you can set folder permissions?
    Hi

    You can't do this with some registry changes.

    You might get something to work using a scripting solution (e.g.
    involving cacls.exe) and a Runas wrapper utility or similar to
    "take" administrator rights, take a look here:

    http://groups.google.com/groups?selm=eWuyovIXEHA.712%40TK2MSFTNGP11.phx.gbl

    Another one that is not mentioned above:

    LSrunas/LSrunasE (the latter with password encryption)
    http://www.linkselection.com/lsrunas.asp


    --
    torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
    Administration scripting examples and an ONLINE version of
    the 1328 page Scripting Guide:
    http://www.microsoft.com/technet/scriptcenter/default.mspx
Ask a new question

Read More

Configuration Registry Customization Permissions Windows XP