SetACL Changelog

Version 3.1.2

Bugfixes

  • Using SetACL -actn trustee -trst with repltrst wouldn’t change trustees if the trustee specified was in both the DACL and also either the owner or group.

Version 3.1.1

Bugfixes

  • Backup file: if a backup file was specified with the -bckp parameter, SetACL would only write the first line of output and then exit with return code 36. This bug was introduced in 3.1.

Version 3.1

New features

  • WMI permissions: the following permissions can now be set, too: READ_CONTROL, WRITE_DAC, WRITE_OWNER, DELETE, SYNCHRONIZE.

Bugfixes

  • Log file: the final line where the status is summarized would always have a status of ERROR, even if the execution was successful.
  • When defining an ace of n:<domain>\<group>;p:print,man_docs the print permission is missing on the printer. When you turn around the syntax and define the ace as n:<domain>\<group>;p:man_docs,print both print and man_docs permissions are set correctly.

Changes

  • Minimal supported version is now Windows Vista (formerly XP).

Version 3.0.6

Bugfixes

  • Using actions ace and rstchldrn in one command would still cause a crash.

Version 3.0.5

Bugfixes

  • Using actions ace and rstchldrn in one command would cause a crash.
  • Certain printer permissions could not be set: man_docs and full.
  • It was not possible to set SET_AUDIT_FAILURE and SET_AUDIT_SUCCESS at the same time.
  • Qualifiers like NT SERVICE could not be used when specifying trustees. This works now. Example: NT SERVICE\LanManServer (service account of the server service).

Version 3.0.4

Bugfixes

  • Fixed resetting child object’s permissions

Version 3.0.3

Bugfixes

  • Fixed processing of the command line arguments without parameters (-help, -ignoreerr, -silent and -raw)
  • Fixed action domain

Version 3.0.2

Changes

  • Much more detailed log output than in version 2.x

Bugfixes

  • Fixed bugs in account name to SID lookup
  • Added missing log output (if param -log specified)

Version 3.0.1

Bugfixes

  • Due to an incorrect OS version check SetACL 3.0 would not run on Windows XP or Server 2003.

Version 3.0

New features

  • Orphaned SID listing: SetACL can now list objects with orphaned SIDs only, i.e. SIDs that cannot be resolved. To enable this, add the parameter oo:y to the list options.
  • Orphaned SID removal: delete ACEs with SIDs from users/groups that no longer exist.
  • Auto-detection of SIDs: it is no longer necessary to specify whether a name passed in is actually a name or a SID. SIDs are not auto-detected.
  • Action trustee: a list of trustees to be removed/replaced/copied can be read from a CSV file.
  • Action trustee: trustees can now be replaced/copied in owner and primary group, too, in addition to ACL.
  • Action domain: trustees can now be replaced/copied in owner and primary group, too, in addition to ACL.

Changes

  • Much smaller executable size than before
  • License change from LGPL to freeware
  • Listing permissions: In tabular format object names are printed in humanly readable way now E.g. D:\ instead of \\?\D:\
  • Listing permissions: Output for an object is printed only if there is something to print. Previously listing permissions for an entire volume would generate 99% entries stating that there are no implicit permissions. The listing process is also much faster now since the output would consume most of the time.
  • Default list format changed from CSV to tabular.

Bugfixes

  • When setting permissions on shares, existing share comments were deleted.
  • In earlier versions, SetACL tried to follow DFS links. This may have worked in some, but not all cases. Now DFS links are not followed any more. This behavior is similar to how SetACL processes junctions or symbolic links. Note: the link directory itself can be processed by SetACL, just not the link target.