- edited description
-v1.1 scripts/disablewinx.cmd setacl setowner issue on non EN Win-installations
Hi Matthew,
Using Ancile on non english windows installation I noticed in logfile few 'access denied'. On the website of SetAcl.exe I finally found the answer: SetACL - Syntax and Description .
Here some quote:.
*SID string: String representation of a SID, e.g. S-1-5-32-544 for the group Administrators. Here is a list of well-known SIDs that are the same across Windows versions and languages.
[...]
Specifying trustees as SIDs instead of using their names can be very useful in multi-language environments, because SIDs are language-independent, whereas predefined names are not. An example: the group ‘administrators’ is called ‘administratoren’ in German Windows versions. If you want your SetACL script to run on servers installed in either language you can use the well-known SID of the group ‘administrators’. Well-known SIDs are identical on every system.*.
And here the fix for scripts/disablewinx.cmd :.
#!
@@ -29,8 +29,8 @@
ECHO Locking Windows 10 download directory: >> "%LOGFILE%"
ECHO ** Disabling Windows 10 Download
IF EXIST "%WINXDIR%" (
- "%BINSETACL%" -on "%WINXDIR%" -ot file -actn setprot -op dacl:np;sacl:nc -rec cont_obj -actn setowner -ownr n:administrators >> "%LOGFILE%" 2>&1
+ "%BINSETACL%" -on "%WINXDIR%" -ot file -actn setprot -op "dacl:np;sacl:nc" -rec cont_obj -actn setowner -ownr "n:S-1-5-32-544" >> "%LOGFILE%" 2>&1
RMDIR /Q /S "%WINXDIR%" >> "%LOGFILE%" 2>&1
)
MKDIR "%WINXDIR%" >> "%LOGFILE%" 2>&1
attrib +h "%WINXDIR%" >> "%LOGFILE%" 2>&1
@@ -33,8 +33,8 @@
RMDIR /Q /S "%WINXDIR%" >> "%LOGFILE%" 2>&1
)
MKDIR "%WINXDIR%" >> "%LOGFILE%" 2>&1
attrib +h "%WINXDIR%" >> "%LOGFILE%" 2>&1
-"%BINSETACL%" -on "%WINXDIR%" -ot file -actn setprot -op dacl:p_nc;sacl:p_nc -rec cont_obj -actn setowner -ownr n:administrators >> "%LOGFILE%" 2>&1
+"%BINSETACL%" -on "%WINXDIR%" -ot file -actn setprot -op "dacl:p_nc;sacl:p_nc" -rec cont_obj -actn setowner -ownr "n:S-1-5-32-544" >> "%LOGFILE%" 2>&1
Unfortunately the old %WINXDIR% '$windows.~bt' have to be deleted manually before next run of the script, as the owner setup of the $windows.~bt is broken on a non EN version of Win. It can be a challenge for a non experienced user to get rid of the broken $windows.~bt ...
Cu Scalar
Comments (3)
-
Account Deleted reporter -
That's very interesting. I'll add those changes to v1.2
-
- changed status to resolved
BUGFIX
#6: disablewinx.cmd setacl setowner issue on non EN Win-installations BUGFIX#7: regown.cmd issue with reg keys containing a space & SetAcl.exe setowner on non EN Win Modified hosts blocking scripts to avoid hosts file locking reviewed hostsip and hostsdns lists→ <<cset b8aee5c5972a>>
- Log in to comment
Fix inserted in a correct diff format