From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

Developer(s)Helge Klein
Stable release
3.0.6 / 7 September 2012
Operating systemMicrosoft Windows
TypeUtility software

SetACL is a freeware utility for manipulating security descriptors on Microsoft Windows.[1] It used to be available under the GNU Lesser General Public License (LGPL). It changed to a freeware license in version

Features[change | change source]

This list of features is taken from the product's web page.[2]

  • Supports the following object types on Windows 2000 and later
  • Manage permissions on local or remote systems in domains or workgroups.
  • Set multiple permissions for multiple users or groups in a single command.
  • Control how permissions are inherited.
  • List, backup and restore permissions.
  • All operations work on a single object or recursively on a directory or registry tree.
  • Set the owner to any user or group.
  • Unicode support.
  • Remove, replace or copy a user or group from an ACL.
  • Fast performance. This is due to time consuming steps only being performed only once. An example of a time consuming step is the recursing of a large file system.
  • Filter out object names not to be processed.

Usage[change | change source]

To set 'change' permissions on the directory 'C:\angela' for user 'brian' in domain 'dom1':

SetACL.exe -on "C:\angela" -ot file -actn ace
           -ace "n:dom1\brian;p:change"

Remove write and change permission sets from Desktop, replace with 'read and execute' permissions:

SetACL.exe -on "\\mycomputer\C$\Documents and Settings\username\Desktop" -ot file 
           -actn ace -ace "n:mycomputer\username;p:write,change;m:revoke"
           -ace "n:mycomputer\username;p:read_ex"

An example of its use from AutoIt can be found here

Short history[change | change source]

  • March 2001 SetACL program 0.x development begins
  • December 2002 SetACL program 2.x development begins
  • April 2003 2.0 beta 1 released
  • July 2003 2.0 final released
  • September 2003 released - Remove, replace or copy all Access Control Entries (ACEs) belonging to users or groups of a specified domain.
  • January 2004 2.0.2 released - ActiveX support. can be used from any language that supports COM including AutoIt, Visual Basic, Perl, VBScript.
  • May 2008 2.0.3 released - 64-bit support
  • August 2010 2.1 released - Improved permission listing

Notes[change | change source]