Re: [ossec-list] OSSEC windows agent on non-English Windows

2017-06-07 Thread dan (ddp) 
Thanks, I missed that!

On Mon, Jun 5, 2017 at 8:00 AM,  wrote:

> Hi,
> Thanks for adding my suggestion, but:
>
> On page: The Administrators group may not be present on non-English copies
> of #1137 is:
> - system("echo y|cacls * /T /G Administrators:f ");
> + system("echo y|cacls * /T /G \"*S-1-5-32-544:F\" ");
> and:
> - system("echo y|cacls . /T /G Administrators:f ");
> + system("echo y|cacls . /T /G \"*S-1-5-32-544:F\" ");
>
> cacls can't use SIDs, but *icacls *yes.
> should be:
> system("echo y|icacls * /T /grant \"*S-1-5-32-544:F\"");
> and
> system("echo y|icacls . /T /grant \"*S-1-5-32-544:F\"");
>
> Thank you again for your work.
>
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ossec-list] OSSEC windows agent on non-English Windows

2017-06-05 Thread andrewm0374 
On icaclc you can use shoter form:
system("icacls * /T /grant \"*S-1-5-32-544:F\"");
or:
system("icacls * /Q /T /grant \"*S-1-5-32-544:F\"");

"echo y|" is unnecessary, but I don't tested it yet.

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ossec-list] OSSEC windows agent on non-English Windows

2017-06-02 Thread dan (ddp) 
I have created pull request #1137. Thanks for researching that!

On Fri, Jun 2, 2017 at 9:04 AM,   wrote:
> Hi,
>
> I haven't got group "Administrators" on my non-English Windows.
> Ossec-agent for Windows is trying to execute command:
> echo y|cacls * /T /G Administrators:f
> or:
> echo y|cacls . /T /G Administrators:f
>
> Installation ends with an error becouse group Administrators doesn't exist.
>
> I think that this command is better:
> system("echo y|icacls * /T /grant \"*S-1-5-32-544:F\"");
> and:
> system("echo y|icacls . /T /grant \"*S-1-5-32-544:F\"");
>
> Lines 57 and 75 in win32/setup-win.c.
> Group Administrators should always has SID: S-1-5-32-544
> (https://support.microsoft.com/en-us/help/243330/well-known-security-identifiers-in-windows-operating-systems)
>
> I checked it on my: Windows 7 Prof, Win 10 Prof, Windows 2012 Std and
> everything looks good.
> I'm not sure if icacls is avaiable in Windows Home Edition
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.