Wednesday, July 31, 2013

setting windows permissions from the command line using icacls

Why set permissions from the command line when you can just right click and check or uncheck a few boxes?

Well checking boxes is great, if you only have one computer or two, and never have to re-do it.  Once you have a few, well it's probably time to script it :)

Here are some basic ones I've used

To lock down a folder so that no one can delete what they created, a write only folder, (two liner):
icacls d:\writeonlyfolder /deny Everyone:(CI)(OI)(DE)
icacls d:\writeonlyfolder /deny Everyone:(CI)(OI)(DC)

So that people can't put any files in a folder (just subfolders)
icacls d:\parentfolder /deny "Domain Users":(WD)

This is a locked down structure, where only the creator of a folder on a share
has access to the contents, no one else can even get into the folder created, other then administrators.

rem we do want administrators and the creator of the folder though to have access
icacls d:\secured /grant:r "Domain Administrators":(OI)(CI)F
icacls d:\secured /grant:r "Creator Owner":(OI)(CI)F
allow users to create folders in the parent folder.
icacls d:\secured /grant:r users:WRXM
remove any inheritance which could cause issues.
icacls d:\secured /inheritance:r 

Background on how windows file permissions work:

Tuesday, July 9, 2013

Git revision control on windows via cygwin

With all this scripting one needs to be able to track the changes to their larger scripts.  You can do the crude append -## to the file-name where ## is some revision number, but if you have a large script that you change a lot over a long period of time, relying on this, or file system backups, just doesn't work very well.  Fortunately the programming field has revision control, and I've decided to use GIT.   Unfortunately tortoise git while it is easy to use and install, caused some issues where browsing via network neighborhood to a remote site was slowed down tremendously.

So I decide to use cygwin and the git it has, unfortunately the git gui interface (which I'm use to from tortoise git), is a little tricky to set up.

When in the cygwin setup go into the "Devel" section and select all the items that start with git, including gitk, then go to the "X11" section and select, X-Start-menu-icons, and xinit.  Once the cygwin setup program finished up, click on the start button, all programs, cygwin-x, X win server.  You should see a white terminal box pop up.  Use normal unix/linux commands to go the directory where your scripts are, and run your git commands.  The reason for using the white terminal window from the X-win-server is so that you can run gitk.  For some reason git gui gives me an error, but gitk works just fine.

The git gui that is in cygwin is just for browsing the history of your code, to actually commit changes, and do anything other then view, you will still need to use the command line:

For those new to git at the command line this is my cheetsheet
for more commands and details of the commands check

first create the repository
git init

add files to the repository
git add filename

see the changes since the last commit:
git diff

commit the changes:
git commit -m "some comments"

commit a particular file:
git commit script.bat

git status

git add script.bat

git log

see the commits for a file
git log filename

see the diffs of each commit for a file
git log -p filename

see the entire history
git log --follow -p file