Export Security Settings

This article details the way to retrieve the security settings of a file or folder in order to implement it in a script.

Then, this script can be added in the package using a custom action for example.

.

1. Security VBScript

To grant permissions on files or folder, the following kind of script can be used.

.

In this example, the “D:AR(A;OICI;0x1301bf;;;BU)” setting grant full access to all users.

The question is how to determine that setting…

.

.

2. Retrieving Security Settings

To retrieve the security settings of a file or folder, Windows Security Templates can be used.

In Windows 7, the security template INF file is the following:

“C:\Windows\inf\defltbase.inf”

SecuSettings01
.

  • Copy defltbase.inf in a working directory (for example C:\Workdir)
  • Launch the mmc console

SecuSettings02

File > Add/Remove Snap-in…

.

SecuSettings03

Select “Security Templates” and add it

.

  • Right click “Security Template” > New Template Search Path… and indicate the location of the copied defltbase.inf file

SecuSettings04

  • Right click “File System” > Add File…
    • Select a file (it can be any file because we just want to retrieve security settings…). For example: “C:\workdir\SecurityTest.txt”
    • Set security settings. For example full access for administrators and only read access for users)

SecuSettings05

Apply

OK

.

SecuSettings06

Select “Propagate inheritable permissions to all subfolders and files

OK

.

SecuSettings07

The file appears in the list

.

SecuSettings08

Right click “defltbase” > Save as

.

Save the INF file (for example SecurityTest.inf)

 

  • Edit the generated INF file
  • In the “File Security” section, find the line corresponding to the file and retrieve the security settings.

SecuSettings09

.

  • Copy then pastes the setting in the script.