Guest hill Posted August 27, 2008 Posted August 27, 2008 Hi everyone, I have some problems about using SubInAcl. 1. I use SubInAcl to modify DACL of registry key HKEY_CURRENT_USER\1. Before I begin to use SubInAcl, there has existed a ACE for user Everyone has full control permission. After I run the command line: subinacl /regkey HKEY_CURRENT_USER\1 /deny=everyone=c I found the behavior of SubInAcl is that delete the old ACL for user everyone and create a new ACE for everyone with Create SubKey pemission. Is it possible to let SubInAcl not to delete the old ACE. In addition, is it possible to specify inheritance flags and propagation flags for ACE by SubInAcl? Thanks. 2. I play SubInAcl with two registry key: HKEY_CURRENT_USER\1 HKEY_CURRENT_USER\1\2 I add a DACE: Everyone FullControl by following command: subinacl /keyreg HKEY_CURRENT_USER\1 /grant=everyone=f But when I take a look at permission of HKEY_CURRENT_USER\1\2 in regedit, there's no user everyone displayed. Then I re-add user everyone to HKEY_CURRENT_USER\1 by regedit.exe, I can see user everyone in HKEY_CURRENT_USER\1\2. Then I modify permission of user everyone to read for HKEY_CURRENT_USER\1 by SubInAcl, the permission of inherited user everyone in HKEY_CURRENT_USER\1\2 is not changed. But if I modify permission of user everyone to read for HKEY_CURRENT_USER\1 by regedit, the permission of inherited user everyone in HKEY_CURRENT_USER\1\2 is changed. Is it possible to let SubInAcl work same as regedit?
Recommended Posts