I need to grant full access permissions on folder using (deprecated on win7) Cacls. It seems to me that i have to use with cacls localized usernames and groupnames. E.g.:
cacls foldername /T /E /C /G Users:F
This gave me error "No mapping between account names and security IDs was done". And next command works fine (users in russian = Пользователи).
cacls foldername /T /E /C /G Пользователи:F
How can i grant full permissions on folder regardless of the system language?
On
This code will find and localize Yes/No letters and USERS(or any SID) and execute CACLS in desired directory, solving original question, and without external utilities (generates a 2 line vbs script on TEMP dir deleted after use with CSRCIPT).
@echo off
rem https://learn.microsoft.com/en-US/windows-server/identity/ad-ds/manage/understand-security-identifiers
rem SIDs: S-1-5-32-545 Users; S-1-1-0 Everybody; S-1-5-32-544 Administrators
rem S-1-5-7 no logon; S-1-5-11 Authenticated Users; S-1-5-18 System; S-1-5-10 Self
set userSID=S-1-5-32-545& rem USERS sid
set dirName=%TEMP%\TEST
rem https://stackoverflow.com/questions/20892882/set-errorlevel-in-windows-batch-file/77643084#77643084
rem try setting errorlevel 1 doesn't work on win9x: verify other 2>nul
REM set errorlevel 1, to check next command
<nul find ""
REM enableExtensions/delayedExp to get !varNm! value on execution
setlocal enableextensions enabledelayedexpansion
if NOT ERRORLEVEL 1 goto :WinNew
echo *** OLD OS: Can't enableextensions ***
ver
goto :FIN
:WinNew
REM Get local language Yes/No/All letters {to answer prompts}
REM https://www.dostips.com/forum/viewtopic.php?p=63518#p63518
set PromptLine=
rem create dummy file [in w9x]: echo x >"%TEMP%\yesnoall#.tmp" >nul
copy /y nul "%TEMP%\yesnoall#.tmp" >nul
rem capture overwrite prompt after "#" ie: ".tmp? [Sí/No/Todos]:"
for /f "tokens=2* delims=#" %%A in ( '^<nul copy /-y nul "%TEMP%\yesnoall#.tmp"'
) do set PromptLine=%%A
rem remove dummy file
del "%TEMP%\yesnoall#.tmp"
rem For testing complicated case [russian], uncomment next line
rem set PromptLine=.tmp [Yes (a?)/No (b??)/All (c??)]:
rem remove spaces for russian
set PromptLine=%PromptLine: =%
rem parse simple case get: A,B,C else complicated case with brackets and parenthesis: A,C,E
for /f "tokens=2-7 delims=[(/)]" %%A in ( "%PromptLine%"
) do if "%%~E" == "" ( set lang_yes=%%A& set lang_no=%%B& set lang_all=%%C
) else ( set lang_yes=%%A& set lang_no=%%C& set lang_all=%%E
)
rem Extract first char
set lang_y=%lang_yes:~0,1%& set lang_n=%lang_no:~0,1%& set lang_a=%lang_all:~0,1%
rem Display results
echo %lang_yes%, %lang_no%, %lang_all%
echo %lang_y%, %lang_n%, %lang_a%
rem https://superuser.com/questions/1176622/regardless-of-windows-language-how-can-i-make-the-icacls-command-set-a-folder-t
rem generate temp sid2user.VBS script to get local language userSID name
( echo\Set objWMIService = GetObject("winmgmts:\\.\root\cimv2"^)
echo\Wscript.Echo objWMIService.Get("Win32_SID.SID='%userSID%'" ^).AccountName
) > "%TEMP%\sid2user.vbs"
rem set lang_user to userSID local language name
for /F "delims=" %%i in ('cscript -Nologo "%TEMP%\sid2user.vbs"') do set lang_user=%%i
rem remove temp vbs file
del "%TEMP%\sid2user.vbs"
echo "%lang_user%":F
rem set permissions in local language
echo %lang_y%| cacls "%dirName%" /t /l /c /G "%lang_user%":F
:FIN
pause
Use
xcaclsinstead as described here and use SIDs instead of names (you will find well known sids here)If you for some reason are stuck with cacls, then
google: cacls sidwill bring you some workarounds how to do reverse mapping from sid to name and then supply this to caclsEdit: could not resist to learn some new tricks... this simple script will give you actual name of 'Users'
(S-1-5-32-545)group on a given PC:Put it into a file with vbs extension (Let's assume
usersName.vbs).Now run:
Done :-)
Edit: corrected to work if name has space in (added
delims=). Please also note that echo Y at the start works if you use English version of the tool.