Un método ágil para asignar permisos de Filesystem es utilizar el comando acls o iacls.
Esta opción es nativa de Windows por lo que no requiere instalación alguna. Es una herramienta simple y rápida.
Pueden usar este comando directamente en un cmd para asignar los permisos de lectura y escritura de un directorio y sus subdirectorios:
cacls x:\carpeta /C /E /T /G grupo:RWC
El utilitario cacls tiene algunas falencias, por lo que Microsoft desarrollo el icacls a partir de Windows Vista.
El procedimiento con cacls que es un comando estándar y que lo pueden aplicar en cualquier equipo Windows 2003 Server.
Aqui toda la configuración completa:
Displays or modifies access control lists (ACLs) of files
CACLS filename [/T] [/M] [/L] [/S[:SDDL]] [/E] [/C] [/G user:perm]
[/R user [...]] [/P user:perm [...]] [/D user [...]]
filename Displays ACLs.
/T Changes ACLs of specified files in
the current directory and all subdirectories.
/L Work on the Symbolic Link itself versus the target
/M Changes ACLs of volumes mounted to a directory
/S Displays the SDDL string for the DACL.
/S:SDDL Replaces the ACLs with those specified in the SDDL string
(not valid with /E, /G, /R, /P, or /D).
/E Edit ACL instead of replacing it.
/C Continue on access denied errors.
/G user:perm Grant specified user access rights.
Perm can be: R Read
W Write
C Change (write)
F Full control
/R user Revoke specified user's access rights (only valid with /E).
/P user:perm Replace specified user's access rights.
Perm can be: N None
R Read
W Write
C Change (write)
F Full control
/D user Deny specified user access.
Wildcards can be used to specify more than one file in a command.
You can specify more than one user in a command.
Abbreviations:
CI - Container Inherit.
The ACE will be inherited by directories.
OI - Object Inherit.
The ACE will be inherited by files.
IO - Inherit Only.
The ACE does not apply to the current file/directory.
ID - Inherited.
The ACE was inherited from the parent directory's ACL.
jueves, 2 de enero de 2014
sábado, 4 de mayo de 2013
Windows: shutdown remoto
Como realizar un shutdown remoto
shutdown /r /t 1 /d P:0:0 /m \\192.168.1.5
Usage: shutdown [/i | /l | /s | /r | /g | /a | /p | /h | /e] [/f]
[/m \\computer][/t xxx][/d [p|u:]xx:yy [/c "comment"]]
No args Display help. This is the same as typing /?.
/? Display help. This is the same as not typing any options.
/i Display the graphical user interface (GUI).
This must be the first option.
/l Log off. This cannot be used with /m or /d options.
/s Shutdown the computer.
/r Shutdown and restart the computer.
/g Shutdown and restart the computer. After the system is
rebooted, restart any registered applications.
/a Abort a system shutdown.
This can only be used during the time-out period.
/p Turn off the local computer with no time-out or warning.
Can be used with /d and /f options.
/h Hibernate the local computer.
Can be used with the /f option.
/e Document the reason for an unexpected shutdown of a computer.
/m \\computer Specify the target computer.
/t xxx Set the time-out period before shutdown to xxx seconds.
The valid range is 0-315360000 (10 years), with a default of 30.
If the timeout period is greater than 0, the /f parameter is
implied.
/c "comment" Comment on the reason for the restart or shutdown.
Maximum of 512 characters allowed.
/f Force running applications to close without forewarning users.
The /f parameter is implied when a value greater than 0 is
specified for the /t parameter.
/d [p|u:]xx:yy Provide the reason for the restart or shutdown.
p indicates that the restart or shutdown is planned.
u indicates that the reason is user defined.
If neither p nor u is specified the restart or shutdown is
unplanned.
xx is the major reason number (positive integer less than 256).
yy is the minor reason number (positive integer less than 65536).
Reasons on this computer:
(E = Expected U = Unexpected P = planned, C = customer defined)
Type Major Minor Title
U 0 0 Other (Unplanned)
E 0 0 Other (Unplanned)
E P 0 0 Other (Planned)
U 0 5 Other Failure: System Unresponsive
E 1 1 Hardware: Maintenance (Unplanned)
E P 1 1 Hardware: Maintenance (Planned)
E 1 2 Hardware: Installation (Unplanned)
E P 1 2 Hardware: Installation (Planned)
E 2 2 Operating System: Recovery (Planned)
E P 2 2 Operating System: Recovery (Planned)
P 2 3 Operating System: Upgrade (Planned)
E 2 4 Operating System: Reconfiguration (Unplanned)
E P 2 4 Operating System: Reconfiguration (Planned)
P 2 16 Operating System: Service pack (Planned)
2 17 Operating System: Hot fix (Unplanned)
P 2 17 Operating System: Hot fix (Planned)
2 18 Operating System: Security fix (Unplanned)
P 2 18 Operating System: Security fix (Planned)
E 4 1 Application: Maintenance (Unplanned)
E P 4 1 Application: Maintenance (Planned)
E P 4 2 Application: Installation (Planned)
E 4 5 Application: Unresponsive
E 4 6 Application: Unstable
U 5 15 System Failure: Stop error
U 5 19 Security issue
E 5 19 Security issue
E P 5 19 Security issue
E 5 20 Loss of network connectivity (Unplanned)
U 6 11 Power Failure: Cord Unplugged
U 6 12 Power Failure: Environment
P 7 0 Legacy API shutdown
viernes, 12 de abril de 2013
Como liberar sesiones en un servidor Windows Standalone
A continuación un procedimiento para liberar sesiones en servidores standalone con PSexec:
1 - Iniciar una sesión de cmd remota del server con psexec:
Psexec.exe \\x.x.x.x -u user -p password cmd
2 - Una vez conectado al server ejecutamos el comando qwinsta para que nos
liste todas las sesiones de Terminal Server.
3 - Una vez listadas las sesiones de TS elegimos cual queremos cerrar, mirando el ID de la sesión y ejecutamos el comando:
logoff [id# de la session a cerrar] /v
De esta forma se cierra la/s sesion/es y podemos loguearnos al equipo.
miércoles, 12 de diciembre de 2012
Windows: List files
The traditional way to list files on Windows is using the dir command. It has a lot of options to use. But the main problem with this is the output. You can redirect the output to a file, but it has a format that is intended only to be viewed and it´s difficult to put the output in a csv or tab format.
If you need to make a list (excel type) the best way to do this is using a script or an app.
Here is a very useful app that can manage a lot of options to get the desired output:
Karen's Directory Printer
http://www.karenware.com/powertools/ptdirprn.asp#Download
If you need to make a list (excel type) the best way to do this is using a script or an app.
Here is a very useful app that can manage a lot of options to get the desired output:
Karen's Directory Printer
http://www.karenware.com/powertools/ptdirprn.asp#Download
viernes, 5 de octubre de 2012
Windows - net user options
You can use the following parameters with the net user command:
- username
Is the name of the user account you want to add, delete, modify, or view. The name of the user account can have as many as 20 characters. - password
Assigns or changes a password for the user's account. A password must satisfy the minimum length set with the/minpwlen option of the net accounts command. It can contain as many as 14 characters. - *
Produces a prompt for the password. The password is not displayed when you type it at a password prompt. - /domain
Performs the operation on the primary domain controller (PDC) of the current domain. This parameter applies only to computers running Windows NT Workstation that are members of a Windows NT Server domain. By default, Windows NT Server-based computers perform operations on the PDC. - /add
Adds a user account to the user accounts database. - /delete
Removes a user account from the user accounts database.
Options for the Net User Command
- /active:{yes | no}
Activates or deactivates the account. If the account is not active, the user cannot gain access to the server. The default is yes. - /comment:"text"
Provides a descriptive comment about the user's account (maximum of 48 characters). Be sure to put quotation marks around the text you use. - /countrycode:nnn
Uses the operating system country code to implement the specified language files for a user's help and error messages. A value of 0 signifies the default country code. - /expires:{date | never}
Causes the account to expire if date is set. The never option sets no time limit on the account. An expiration date is in the form mm/dd/yy or dd/mm/yy, depending on the country code. Months can be a number, spelled out, or abbreviated with three letters. Year can be two or four numbers. Use slashes (/) with no spaces to separate parts of the date. - /fullname:"name"
Is a user's full name (rather than a user name). Enclose the name in quotation marks. - /homedir:pathname
Sets the path for the user's home directory. The path must exist. - /passwordchg:{yes | no}
Specifies whether users can change their own password. The default is yes. - /passwordreq:{yes | no}
Specifies whether a user account must have a password. The default is yes. - /profilepath[:path]
Sets a path for the user's logon profile. - /scriptpath:pathname
Is the location of the user's logon script. - /times:{times | all}
Is the logon hours. The times option is expressed as day[-day][,day[-day]],time[-time][,time [-time]], and is limited to 1-hour increments. Days can be spelled out or abbreviated. Hours can be 12-hour or 24-hour notation. For 12-hour notation, use am, pm, a.m., or p.m. The all option specifies that a user can always log on, and a blank value specifies that a user can never log on. Separate day and time entries with a comma, and separate multiple day and time entries with a semicolon. - /usercomment:"text"
Lets an administrator add or change the user comment for the account. - /workstations:{computername[,...] | *}
Lists as many as eight computers from which a user can log on to the network. If the /workstations option has no list or if the list is *, the user can log on from any computer. - net help user | more
Displays Help one screen at a time.
More info on: http://support.microsoft.com/kb/251394
Suscribirse a:
Entradas (Atom)