Using SetACL -actn trustee -trst with repltrst wouldn’t change trustees if the trustee specified was in both the DACL and also either the owner or group.
Version 3.1.1
Bugfixes
Backup file: if a backup file was specified with the -bckp parameter, SetACL would only write the first line of output and then exit with return code 36. This bug was introduced in 3.1.
Version 3.1
New features
WMI permissions: the following permissions can now be set, too: READ_CONTROL, WRITE_DAC, WRITE_OWNER, DELETE, SYNCHRONIZE.
Bugfixes
Log file: the final line where the status is summarized would always have a status of ERROR, even if the execution was successful.
When defining an ace of n:<domain>\<group>;p:print,man_docs the print permission is missing on the printer. When you turn around the syntax and define the ace as n:<domain>\<group>;p:man_docs,print both print and man_docs permissions are set correctly.
Changes
Minimal supported version is now Windows Vista (formerly XP).
Version 3.0.6
Bugfixes
Using actions ace and rstchldrn in one command would still cause a crash.
Version 3.0.5
Bugfixes
Using actions ace and rstchldrn in one command would cause a crash.
Certain printer permissions could not be set: man_docs and full.
It was not possible to set SET_AUDIT_FAILURE and SET_AUDIT_SUCCESS at the same time.
Qualifiers like NT SERVICE could not be used when specifying trustees. This works now. Example: NT SERVICE\LanManServer (service account of the server service).
Version 3.0.4
Bugfixes
Fixed resetting child object’s permissions
Version 3.0.3
Bugfixes
Fixed processing of the command line arguments without parameters (-help, -ignoreerr, -silent and -raw)
Due to an incorrect OS version check SetACL 3.0 would not run on Windows XP or Server 2003.
Version 3.0
New features
Orphaned SID listing: SetACL can now list objects with orphaned SIDs only, i.e. SIDs that cannot be resolved. To enable this, add the parameter oo:y to the list options.
Orphaned SID removal: delete ACEs with SIDs from users/groups that no longer exist.
Auto-detection of SIDs: it is no longer necessary to specify whether a name passed in is actually a name or a SID. SIDs are not auto-detected.
Action trustee: a list of trustees to be removed/replaced/copied can be read from a CSV file.
Action trustee: trustees can now be replaced/copied in owner and primary group, too, in addition to ACL.
Action domain: trustees can now be replaced/copied in owner and primary group, too, in addition to ACL.
Changes
Much smaller executable size than before
License change from LGPL to freeware
Listing permissions: In tabular format object names are printed in humanly readable way now E.g. D:\ instead of \\?\D:\
Listing permissions: Output for an object is printed only if there is something to print. Previously listing permissions for an entire volume would generate 99% entries stating that there are no implicit permissions. The listing process is also much faster now since the output would consume most of the time.
Default list format changed from CSV to tabular.
Bugfixes
When setting permissions on shares, existing share comments were deleted.
In earlier versions, SetACL tried to follow DFS links. This may have worked in some, but not all cases. Now DFS links are not followed any more. This behavior is similar to how SetACL processes junctions or symbolic links. Note: the link directory itself can be processed by SetACL, just not the link target.
