New
#51
Can you explain how to run these please Noel?
Thank you
Can you explain how to run these please Noel?
Thank you
Sorry -
Open an Elevated Command prompt, and copy/paste the commands in, and copy/paste the resonses to your reply.
1) To open an Elevated Command Prompt Window (the ECP window), click on Start, All Programs, Accessories – then right-click on Command Prompt, and select Run as Administrator. Accept the UAC prompt.
2) To run the commands easier, highlight the block of commands, and right-click on the highlight – select Copy. In the CP Window, click on the black/white icon at top left – select Paste. The commands will run but may not complete the last command, so hit the Enter Key once.
3) To copy the results... click on the Black/White icon in the top left, and select Edit... 'Select All', and hit the Enter key - then use Ctrl+V or r-click+Paste to paste it into your response.
operable program or batch file.
C:\Users\Burdett>ICACLS
ICACLS name /save aclfile [/T] [/C] [/L] [/Q]
stores the DACLs for the files and folders that match the name
into aclfile for later use with /restore. Note that SACLs,
owner, or integrity labels are not saved.
ICACLS directory [/substitute SidOld SidNew [...]] /restore aclfile
[/C] [/L] [/Q]
applies the stored DACLs to files in directory.
ICACLS name /setowner user [/T] [/C] [/L] [/Q]
changes the owner of all matching names. This option does not
force a change of ownership; use the takeown.exe utility for
that purpose.
ICACLS name /findsid Sid [/T] [/C] [/L] [/Q]
finds all matching names that contain an ACL
explicitly mentioning Sid.
ICACLS name /verify [/T] [/C] [/L] [/Q]
finds all files whose ACL is not in canonical form or whose
lengths are inconsistent with ACE counts.
ICACLS name /reset [/T] [/C] [/L] [/Q]
replaces ACLs with default inherited ACLs for all matching files.
ICACLS name [/grant[:r] Siderm[...]]
[/deny Siderm [...]]
[/remove[:g|:d]] Sid[...]] [/T] [/C] [/L] [/Q]
[/setintegritylevel Levelolicy[...]]
/grant[:r] Siderm grants the specified user access rights. With :r,
the permissions replace any previouly granted explicit permissions.
Without :r, the permissions are added to any previously granted
explicit permissions.
/deny Siderm explicitly denies the specified user access rights.
An explicit deny ACE is added for the stated permissions and
the same permissions in any explicit grant are removed.
/remove[:[g|d]] Sid removes all occurrences of Sid in the ACL. With
:g, it removes all occurrences of granted rights to that Sid. With
:d, it removes all occurrences of denied rights to that Sid.
/setintegritylevel [(CI)(OI)]Level explicitly adds an integrity
ACE to all matching files. The level is to be specified as one
of:
L[ow]
M[edium]
H[igh]
Inheritance options for the integrity ACE may precede the level
and are applied only to directories.
/inheritance:e|d|r
e - enables inheritance
d - disables inheritance and copy the ACEs
r - remove all inherited ACEs
Note:
Sids may be in either numerical or friendly name form. If a numerical
form is given, affix a * to the start of the SID.
/T indicates that this operation is performed on all matching
files/directories below the directories specified in the name.
/C indicates that this operation will continue on all file errors.
Error messages will still be displayed.
/L indicates that this operation is performed on a symbolic link
itself versus its target.
/Q indicates that icacls should supress success messages.
ICACLS preserves the canonical ordering of ACE entries:
Explicit denials
Explicit grants
Inherited denials
Inherited grants
perm is a permission mask and can be specified in one of two forms:
a sequence of simple rights:
N - no access
F - full access
M - modify access
RX - read and execute access
R - read-only access
W - write-only access
D - delete access
a comma-separated list in parentheses of specific rights:
DE - delete
RC - read control
WDAC - write DAC
WO - write owner
S - synchronize
AS - access system security
MA - maximum allowed
GR - generic read
GW - generic write
GE - generic execute
GA - generic all
RD - read data/list directory
WD - write data/add file
AD - append data/add subdirectory
REA - read extended attributes
WEA - write extended attributes
X - execute/traverse
DC - delete child
RA - read attributes
WA - write attributes
inheritance rights may precede either form and are applied
only to directories:
(OI) - object inherit
(CI) - container inherit
(IO) - inherit only
(NP) - don't propagate inherit
(I) - permission inherited from parent container
Examples:
icacls c:\windows\* /save AclFile /T
- Will save the ACLs for all files under c:\windows
and its subdirectories to AclFile.
icacls c:\windows\ /restore AclFile
- Will restore the Acls for every file within
AclFile that exists in c:\windows and its subdirectories.
icacls file /grant AdministratorD,WDAC)
- Will grant the user Administrator Delete and Write DAC
permissions to file.
icacls file /grant *S-1-1-0D,WDAC)
- Will grant the user defined by sid S-1-1-0 Delete and
Write DAC permissions to file.
C:\Users\Burdett>C:\Windows\winsxs\x86_microsoft-windows-v..cprovider.resources_
31bf3856ad364e35_6.1.7600.16385_en-us_15e31a189a5e0c8f
'C:\Windows\winsxs\x86_microsoft-windows-v..cprovider.resources_31bf3856ad364e35
_6.1.7600.16385_en-us_15e31a189a5e0c8f' is not recognized as an internal or exte
rnal command,
operable program or batch file.
C:\Users\Burdett>
C:\Users\Burdett>C:\Windows\winsxs\manifests\x86_microsoft-windows-v..cprovider.
resources_31bf3856ad364e35_6.1.7600.16385_en-us_15e31a189a5e0c8f.manifest
C:\Users\Burdett>ICACLS
ICACLS name /save aclfile [/T] [/C] [/L] [/Q]
stores the DACLs for the files and folders that match the name
into aclfile for later use with /restore. Note that SACLs,
owner, or integrity labels are not saved.
ICACLS directory [/substitute SidOld SidNew [...]] /restore aclfile
[/C] [/L] [/Q]
applies the stored DACLs to files in directory.
ICACLS name /setowner user [/T] [/C] [/L] [/Q]
changes the owner of all matching names. This option does not
force a change of ownership; use the takeown.exe utility for
that purpose.
ICACLS name /findsid Sid [/T] [/C] [/L] [/Q]
finds all matching names that contain an ACL
explicitly mentioning Sid.
ICACLS name /verify [/T] [/C] [/L] [/Q]
finds all files whose ACL is not in canonical form or whose
lengths are inconsistent with ACE counts.
ICACLS name /reset [/T] [/C] [/L] [/Q]
replaces ACLs with default inherited ACLs for all matching files.
ICACLS name [/grant[:r] Siderm[...]]
[/deny Siderm [...]]
[/remove[:g|:d]] Sid[...]] [/T] [/C] [/L] [/Q]
[/setintegritylevel Levelolicy[...]]
/grant[:r] Siderm grants the specified user access rights. With :r,
the permissions replace any previouly granted explicit permissions.
Without :r, the permissions are added to any previously granted
explicit permissions.
/deny Siderm explicitly denies the specified user access rights.
An explicit deny ACE is added for the stated permissions and
the same permissions in any explicit grant are removed.
/remove[:[g|d]] Sid removes all occurrences of Sid in the ACL. With
:g, it removes all occurrences of granted rights to that Sid. With
:d, it removes all occurrences of denied rights to that Sid.
/setintegritylevel [(CI)(OI)]Level explicitly adds an integrity
ACE to all matching files. The level is to be specified as one
of:
L[ow]
M[edium]
H[igh]
Inheritance options for the integrity ACE may precede the level
and are applied only to directories.
/inheritance:e|d|r
e - enables inheritance
d - disables inheritance and copy the ACEs
r - remove all inherited ACEs
Note:
Sids may be in either numerical or friendly name form. If a numerical
form is given, affix a * to the start of the SID.
/T indicates that this operation is performed on all matching
files/directories below the directories specified in the name.
/C indicates that this operation will continue on all file errors.
Error messages will still be displayed.
/L indicates that this operation is performed on a symbolic link
itself versus its target.
/Q indicates that icacls should supress success messages.
ICACLS preserves the canonical ordering of ACE entries:
Explicit denials
Explicit grants
Inherited denials
Inherited grants
perm is a permission mask and can be specified in one of two forms:
a sequence of simple rights:
N - no access
F - full access
M - modify access
RX - read and execute access
R - read-only access
W - write-only access
D - delete access
a comma-separated list in parentheses of specific rights:
DE - delete
RC - read control
WDAC - write DAC
WO - write owner
S - synchronize
AS - access system security
MA - maximum allowed
GR - generic read
GW - generic write
GE - generic execute
GA - generic all
RD - read data/list directory
WD - write data/add file
AD - append data/add subdirectory
REA - read extended attributes
WEA - write extended attributes
X - execute/traverse
DC - delete child
RA - read attributes
WA - write attributes
inheritance rights may precede either form and are applied
only to directories:
(OI) - object inherit
(CI) - container inherit
(IO) - inherit only
(NP) - don't propagate inherit
(I) - permission inherited from parent container
Examples:
icacls c:\windows\* /save AclFile /T
- Will save the ACLs for all files under c:\windows
and its subdirectories to AclFile.
icacls c:\windows\ /restore AclFile
- Will restore the Acls for every file within
AclFile that exists in c:\windows and its subdirectories.
icacls file /grant AdministratorD,WDAC)
- Will grant the user Administrator Delete and Write DAC
permissions to file.
icacls file /grant *S-1-1-0D,WDAC)
- Will grant the user defined by sid S-1-1-0 Delete and
Write DAC permissions to file.
C:\Users\Burdett>C:\Windows\winsxs\manifests\x86_microsoft-windows-v..cprovider.
resources_31bf3856ad364e35_6.1.7600.16385_en-us_15e31a189a5e0c8f.manifest
C:\Users\Burdett>
C:\Users\Burdett>C:\Windows\winsxs\manifests\x86_microsoft-windows-v..cprovider.
resources_31bf3856ad364e35_6.1.7600.16385_en-us_15e31a189a5e0c8f.manifest
C:\Users\Burdett>
C:\Users\Burdett>C:\Windows\winsxs\manifests\x86_microsoft-windows-v..cprovider.
resources_31bf3856ad364e35_6.1.7600.16385_en-us_15e31a189a5e0c8f.manifest
C:\Users\Burdett>
I followed your instructions, but it doesn't look like the last one ran?
None of it ran properly - dunno why?
Close teh windows and reopen it - try with just one par of commands first.
You should get output that looks something like....
Code:C:\Windows\system32>DIR C:\Windows\winsxs\manifests\x86_microsoft-windows-v..cpr ovider.resources_31bf3856ad364e35_6.1.7600.16385_en-us_15e31a189a5e0c8f.manifest Volume in drive C has no label. Volume Serial Number is 64B7-0512 Directory of C:\Windows\winsxs\manifests 12/04/2011 08:16 2,498 x86_microsoft-windows-v..cprovider.resources _31bf3856ad364e35_6.1.7600.16385_en-us_15e31a189a5e0c8f.manifest 1 File(s) 2,498 bytes 0 Dir(s) 27,410,100,224 bytes free C:\Windows\system32>ICACLS C:\Windows\winsxs\manifests\x86_microsoft-windows-v. .cprovider.resources_31bf3856ad364e35_6.1.7600.16385_en-us_15e31a189a5e0c8f.mani fest C:\Windows\winsxs\manifests\x86_microsoft-windows-v..cprovider.resources_31bf385 6ad364e35_6.1.7600.16385_en-us_15e31a189a5e0c8f.manifest NT SERVICE\TrustedInsta ller:(I)(F) BUILTIN\Administrators: (I)(RX) NT AUTHORITY\SYSTEM:(I) (RX) BUILTIN\Users:(I)(RX) Successfully processed 1 files; Failed processing 0 files C:\Windows\system32> C:\Windows\system32>
Um..... this what you mean?
Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\Burdett>C:\Windows\winsxs\x86_microsoft-windows-v..cprovider.resources_
31bf3856ad364e35_6.1.7600.16385_en-us_15e31a189a5e0c8f
'C:\Windows\winsxs\x86_microsoft-windows-v..cprovider.resources_31bf3856ad364e35
_6.1.7600.16385_en-us_15e31a189a5e0c8f' is not recognized as an internal or exte
rnal command,
operable program or batch file.
C:\Users\Burdett>ICACLS C:\Windows\winsxs\x86_microsoft-windows-v..cprovider.res
ources_31bf3856ad364e35_6.1.7600.16385_en-us_15e31a189a5e0c8f
C:\Windows\winsxs\x86_microsoft-windows-v..cprovider.resources_31bf3856ad364e35_
6.1.7600.16385_en-us_15e31a189a5e0c8f NT SERVICE\TrustedInstallerI)(OI)(CI)(F)
BUILTIN\AdministratorsI)(OI)(CI)(RX)
NT AUTHORITY\SYSTEMI)(OI)(CI)(RX)
BUILTIN\UsersI)(OI)(CI)(RX)
Successfully processed 1 files; Failed processing 0 files
C:\Users\Burdett>C:\Windows\winsxs\manifests\x86_microsoft-windows-v..cprovider.
resources_31bf3856ad364e35_6.1.7600.16385_en-us_15e31a189a5e0c8f.manifest
C:\Users\Burdett>ICACLS C:\Windows\winsxs\manifests\x86_microsoft-windows-v..cp
rovider.resources_31bf3856ad364e35_6.1.7600.16385_en-us_15e31a189a5e0c8f.manifes
t
C:\Windows\winsxs\manifests\x86_microsoft-windows-v..cprovider.resources_31bf385
6ad364e35_6.1.7600.16385_en-us_15e31a189a5e0c8f.manifest NT SERVICE\TrustedInsta
llerF)
NT AUTHORITY\SYSTEMRX
)
BUILTIN\Administrators:
(RX)
BUILTIN\UsersRX)
Successfully processed 1 files; Failed processing 0 files
C:\Users\Burdett>
Trevor
I made a right mess of it to start off with, but we got there in the end! I really need to start doing .reg file fixes rather than hotswapping the components hive, I'm just asking for trouble.
You've done very well so far Trevor, keep up the good work! I'm a few pages behind on this thread so I can't really comment on the problems at the moment, but I'll join in when I've caught up!
What did you use to process the CBS log? That looks really useful :)
I use, and love, Notepad++ :) I'm just about getting to grips with the RegEx though.
Which search did you use to get it to output it like that? It looks much easier to read.
Found it!