SetACL – Automate Permissions and Manage ACLs
Are you looking for a way to automate the management of Windows permissions? Do you need features like domain migration? Or support for paths longer than 260 character other tools cannot handle any more? In either case you have come to the right place.
SetACL comes in two variants: one, a command-line tool, ideal for use in scripts and batch files. Two, a COM DLL that is perfect for basically any programming language. Both are free.
What does SetACL do?
SetACL manages permissions, auditing and ownership information. It does everything the tools built into Windows do, and much more. It is inherently automatable and scriptable. The COM version provides the full functionality to any COM-enabled programming language (C#, Visual Basic, C++, Delphi, PowerShell, VBScript, …).
SetACL facilitates migrations, where re-acling is an essential step. It copies permissions between users or even domains. It can be used to hunt down unwanted permissions and mercilessly remove them. SetACL is the driving force in countless scripts, tested and proven. It is valued by administrators and developers alike. SetACL has been downloaded more than 400,000 times.
Read about SetACL’s feature set. A long list of cool stuff.
Now you will probably want to download the software.
Have a good look at the examples. They quickly show you how to use this tool.
If you have questions: consult the documentation. That should help.
You still have unanswered questions? Check out the list of frequently asked questions. The chances are good that someone already asked your question.
1 Comment
Dear Helge,
I’m trying to use SetACL to assist me in translating file and folder permissions during a domain migration, a merger of two domains. SetACL offers exactly the options I’m searching for, but however is does not work as expected and does not exactly copies the permissions but seems to mix certain aspects resulting in undesired results.
I’m currently using the latest version available (3.1.2.86) in the executable version, 64 bit. I tried to run the program on Windows Server 2012 R2 and Windows Server 2019, both using an elevated commandprompt and using an elevated Powershell session, with the exact same results.
The outcome is a copy of the ACL entries is created for each group of domain 1 to the equally named group of domain 2, but both the permissions and the inheritance settings get mixed up. The results vary a bit depending on what permissions are present, which strengthens my suspicion ACL entries get mixed up in the setacl cpydom operation. For example a group from domain 1 that grants change permissions on ‘this folder, subfolder and files’ ends up with Full Control permissions on ‘subfolder and files only’, similar to the default present entry for Creator Owner. When I remove the Creator Owner entry (which I want to get ride of anyway), the resulting permissions for this group would still be Full Control instead of Change, but now with the correct inheritance settings.
Is this something that can be fixed? I’ll be happy to supply more details, as diverting to powershell or SubInACL would cost me a lot of extra time within my migration attempts.
Kind regards,
Leo de Groot