The security subsystem which Perms uses (NTFS and DACLs) exists only on NT based machines (WinNT/Win2k/WinXP). It would not work on DOS based (Win9x/WinME).
When you set inheritance flags you need to recurse into each subdirectory and set the appropriate permissions/flags on each object. When you do this in Explorer the explorer.exe application does this work for you. If you don't recurse then only new objects created in the directory will inherit the flags/permissions. When Explorer popped the error dialog it was telling you that Explorer did not know how to interpret the settings. The settings were valid, it is just explorer is a slightly dumb program. You get the same problem if you set permissions on a file/directory using NT4 then try to read them using Win2k. They are valid, just not recognized. This is because Explorer tries to neatly describe a collected setting of permissions/flags into a word such as "Full", "Change", "Read" permissions. If you reordered the permissions to be effectively the same Explorer would have trouble and pop the dialog. It is a non issue, issue. The reason why "resorting" the permissions worked for you was because it recursively resorted them. It set them the way Explorer likes them then recursed. Your best bet is to manually set permissions on a directory then use Win32::Perms to read them. Once you have the "order" you can use the Perms object to set on other files & directories. dave -----Original Message----- From: Rosenkoetter, Ronald [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 19, 2002 4:05 PM To: [EMAIL PROTECTED] Subject: RE: Registry/File permissions! It seems whenever someone on this list asks a question about permissions, everyone refers said person to Dave Roth's Win32::Perms module, but I've never seen any actual working code examples to accompany that advice. Can someone out there post a simple snippet of code that works correctly on a Windows 2000/XP machine?? I have spent a lot of time trying to get Dave Roth's Win32::Perms module to work on non-NT machines. I even bought the Second Edition of his Standard Extensions Book hoping to get Win32::Perms to work correctly for me. However, I cannot seem to get even his simplest examples to work on Windows 2000\XP machines. Using the following code (lifted pretty much directly from his book), and running it on multiple test folders on different machines with different users, I seem to get two results. Example: use Win32::Perms; $PermsObj = new Win32::Perms("c:\\testfolder"); $PermsObj->Allow("Domain Admins",CHANGE,CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE); $PermsObj->Set(); Either the permissions are granted on the top folder, but none of the sub-folders or files (i.e. container and object inheritance doesn't seem to work) OR I get this error message when I try to look at permissions through Windows Explorer "The permissions on testfolder are incorrectly ordered, which may cause some entries to be ineffective. Press OK to continue and sort the permissions correctly, or Cancel to reset the permissions" Clicking OK actually does resort the permissions, AND then inheritance works, and the subfolders and files receive the inherited permissions. What's interesting is that I was looking at some code a Microsoft consultant wrote for us in VBScript and I noticed that when setting permissions, he called a Subroutine that re-sorted DACLs... so it looks like this is an issue in VBScript as well. Has anyone else seen this?? Does anyone use Win32::Perms on Windows 2000/XP machines and can share some insight?? Nothing fancy... just setting permissions on a top-level folder and getting inheritance to work. Meanwhile, I just recently came across some freeware that (so far) sets permissions and inheritance correctly. It's called SetACL.exe, and it just may be my solution to setting Windows 2000/XP permissions through scripts (But I sure hate backticking... I'd much rather write pure Perl scripts) For anyone else who wants to check it out (I'm not fully endorsing it yet) http://www.helge.mynetcologne.de/setacl/ SetACL can set permissions on: Local or remote directories Local or remote files Local or remote printers Local or remote registry keys Local or remote Win32 services Local or remote network shares Ron Rosenkoetter System Engineer Server Administration & Management -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, November 15, 2002 12:59 PM To: [EMAIL PROTECTED] Subject: Registry/File permissions! Timothy/Darin: Thanks for your responses All: I will use Win32::Perms to set the permissions in both the directories/registry. I want to tackle the directories first, since it seems easier. The below script sets the ACL permissions to a directory, I can't seem to figure out how to have those permissions propagate to existing files and directories inside of c:\login (for example). I tried using SetRecurse and that just used the harddisk for about 40 seconds (there is only 2 files in c:\login mind you), and ended up doing nothing. Any help would be extremely appreciated as I am getting quite frustrated/desperate! :) use Win32; use Win32::Perms; &SecureKey('dir:c:\login'); sub SecureKey { my ($Key) = @_; my $Perms = new Win32::Perms($Key); print "Setting permissions for: $Key\n"; ($Perms) || die "Could not obtain permissions for: $Key\n"; my %Permissions = ( 'Administrators' => FULL, 'Users' => READ, ); $Perms->Remove(-1); $Perms->Owner('Administrators'); foreach $User (keys %Permissions) { $Perms->Allow($User, $Permissions{$User}); } $Perms->Set() || die "Error: ($^E)"; } --------------------------------------------------------------- Robert Blake Technical Systems Analyst Intel Servers, IT Shared Services - Symcor Inc. 1 Robert Speck Parkway, Mississauga, Ontario E-mail: [EMAIL PROTECTED] --------------------------------------------------------------- Timothy Johnson <[EMAIL PROTECTED]> To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>, Sent by: [EMAIL PROTECTED] [EMAIL PROTECTED] cc: eState.com Subject: RE: Registry permissions! 11/14/02 04:44 PM It will take some learning, but Win32::Perms from Dave Roth will work. http://www.roth.net/perl/perms -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 14, 2002 1:35 PM To: [EMAIL PROTECTED] Subject: Registry permissions! I need to write a script that will set permissions on a registry key (lets say hkey_local_machine\system) and change the permissions to specific user access. e.g. 'Administrators' Full control, and then 'Everyone' Read. I also need a way to propagate the permissions to keys from that point on for some of the changes I need to make. I haven't been able to find anything in my searches, and was wondering if someone knew a solution to my problem? Thank you for any help you can provide! --------------------------------------------------------------- Robert Blake Technical Systems Analyst Intel Servers, IT Shared Services - Symcor Inc. 1 Robert Speck Parkway, Mississauga, Ontario E-mail: [EMAIL PROTECTED] --------------------------------------------------------------- _______________________________________________ Perl-Win32-Admin mailing list [EMAIL PROTECTED] To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs _______________________________________________ Perl-Win32-Admin mailing list [EMAIL PROTECTED] To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs _______________________________________________ Perl-Win32-Admin mailing list [EMAIL PROTECTED] To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs _______________________________________________ Perl-Win32-Admin mailing list [EMAIL PROTECTED] To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs _______________________________________________ Perl-Win32-Admin mailing list [EMAIL PROTECTED] To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
