Scripting

Could any1 write a script/INFfile to revoke the permissions.Yes, they could. I charge by the hour for scripting so, if you'd like to discuss likely costs, PM me. To give me an idea of how long it might take, can you tell me what tool you used to set the permissions? You mention INF file so I guess it was SecEdit?

Yes if its thru INF file, SecEdit will be used.

Gauging by your reply, you're not tied to using SecEdit so, as I say, PM me and we can discuss a price for the job.

Why don't you simply use the open-source executable "SetAcl.exe" from a script? Your original post was not very descriptive about what you are looking for. However, here are some examples for securing, and unsecuring a registry key.

You can download SetAcl from here: http://sourceforge.net/project/showfiles.php?group_id=69165&package_id=68032

'
On Error Resume Next

dim machineName 'NetBIOS Name of the Machine.
dim wshNetwork 'Network Scripting Object.
dim wshShell 'Shell Access.

set wshNetwork = WScript.CreateObject("WScript.Network")
set wshShell = WScript.CreateObject("WScript.Shell")

machineName = wshNetwork.ComputerName

'Gives access only for Administrators (Read + Set), and Everyone (Read) - not inherited.
Secure "HKLM\Software\Adobe"

'This resets the key to default settings (of parent key)
UnSecure "HKLM\Software\Adobe"


'*----------------------------------------------------------------------------*
sub Secure(key)
'Access only for Administrators (Read + Set), and Everyone (Read) - not inherited.
WScript.Echo "Securing " & key & "..."
wshShell.Run "setacl -on """ & key & """ -ot reg -actn ace -ace ""n:" & machineName & "\Administrators;p:query_val,enum_subkeys,notify,write_dacl,write_owner,read_access""", 0, true
wshShell.Run "setacl -on """ & key & """ -ot reg -actn ace -ace ""n:Everyone;p:query_val,enum_subkeys,notify,read_access""", 0, true
wshShell.Run "setacl -on """ & key & """ -ot reg -actn setprot -op dacl:p_nc", 0, true end sub
'*----------------------------------------------------------------------------*


'*----------------------------------------------------------------------------*
sub UnSecure(key)
' Set Inheritence on - clear non-inherited ACEs
WScript.Echo "UnSecuring " & key & "..."
wshShell.Run "setacl -on """ & key & """ -ot reg -actn setprot -op dacl:np", 0, true
wshShell.Run "setacl -on """ & key & """ -ot reg -actn clear -clr dacl,sacl", 0, true end sub
'*----------------------------------------------------------------------------*
'

Here are more things you can do with "SetAcl.exe":

http://setacl.sourceforge.net/html/examples.html

You can set permissions (with SetAcl) on services, files, folders, registry keys, printers, and shares. This program is pretty incredible (and open source).

Hi experts .
i want to know hoe to save or we can say block a file like exe (not folder or directory) frm deletion using setacl.exe.

Ooooh...I don't know....how about using 'Example 1' shown in the page linked to in the post above yours as a template and set the 'Everyone' group's permission as 'Read'?

Sir i know this page is talking about some other problem and soluiton.


I want to block a file(its complete access read,write,execute and delete). I m successful to block read,write,execute but can,t block deletion of file. Sorry for post in wrong forum.. If u know how to block plz let me know

The permission will be delegated from above meaning; the folder. So my guess is that you need to re-think your strategy a bit.

Do you understand how Windows permissions work?

Typically, for a folder, the 'Administrators' group would be assigned 'Full Control' as would the local System account, 'Power Users' would probably have all bar 'Full Control' and 'Users' would have 'Read' only. For any file in that folder (presuming - as is the default - that the folder's permissions were set to inherit those from the folder) with that set of permissions, clearly, only a member of the 'Administrators' group or the local System account would be able to delete it.