windows-nt/Source/XPSP1/NT/ds/security/winsafer/test/setacl.cmd

47 lines
2.2 KiB
Batchfile
Raw Normal View History

2020-09-26 03:20:57 -05:00
@echo off
echo This batch file will modify some ACL permissions on the current
echo user's profile directories, allowing the RESTRICTED user to access
echo some parts of the profile, while denying access to others.
echo This operation requires that the path shown below be on an NTFS
echo file system.
echo.
echo "%UserProfile%"
echo.
echo You can abort this script now, or...
pause
rem Grant RESTRICTED read-only to everything
cacls.exe "%UserProfile%" /e /t /g restricted:r
rem Revoke RESTRICTED access to these private areas.
cacls.exe "%UserProfile%\application data\identities" /e /t /r restricted
cacls.exe "%UserProfile%\application data\microsoft\crypto" /e /t /r restricted
cacls.exe "%UserProfile%\application data\microsoft\protect" /e /t /r restricted
cacls.exe "%UserProfile%\local settings\application data\identities" /e /t /r restricted
cacls.exe "%UserProfile%\local settings\application data\microsoft\crypto" /e /t /r restricted
cacls.exe "%UserProfile%\local settings\application data\microsoft\protect" /e /t /r restricted
rem Even worse, deny RESTRICTED to these private areas.
cacls.exe "%UserProfile%\application data\identities" /e /t /d restricted
cacls.exe "%UserProfile%\application data\microsoft\crypto" /e /t /d restricted
cacls.exe "%UserProfile%\application data\microsoft\protect" /e /t /d restricted
cacls.exe "%UserProfile%\local settings\application data\identities" /e /t /d restricted
cacls.exe "%UserProfile%\local settings\application data\microsoft\crypto" /e /t /d restricted
cacls.exe "%UserProfile%\local settings\application data\microsoft\protect" /e /t /d restricted
rem Grant change control to the temporary folders.
cacls.exe "%UserProfile%\local settings\temp" /e /t /g restricted:c
cacls.exe "%UserProfile%\local settings\temporary internet files" /e /t /g restricted:c
rem Revoke and deny access to our documents, too.
rem Causes access denied on common dlg file open though.
rem cacls.exe "%UserProfile%\My Documents" /e /t /r restricted
rem cacls.exe "%UserProfile%\My Documents" /e /t /d restricted
rem Revoke and deny access to cookies.
cacls.exe "%UserProfile%\Cookies" /e /t /r restricted
cacls.exe "%UserProfile%\Cookies" /e /t /d restricted
pause