Scripting Question

Add Security Permissions to "Folder". In "CREATOR OWNER" and "TrustedInstaller" using cacls/icacls/setacls or any other utility

02/22/2015 9496 views
Permissions to Trusted installer and Creator Owner is headache. Tried few commands but unsuccessful. 

Anyone has Command line to get this or any other method in VBScript / cmd / anyother way.

Following permissions to folder as shown below.
Note- Both of the groups (Trusted installer and Creator Owner) already exist in this case.

Answer Summary:
4 Comments   [ + ] Show comments


  • Why would you want to grant access for TrustedInstaller?!? CreatorOwner gets modify rights when the relevant user is granted ownership of the object. The long and short is, what pretty much everyone does is grant a local or domain group appropriate rights to the object.

    Please remove the 'AutoIT' and 'WSE' tags from your post. They are irrelevant.
  • 1. To take ownership I used following command:
    takeown /f <Foldername> /r /d y
    Result- success

    2. After that tried to give permission to "Trusted installer" using following:
    cacls "folder" /t /e /c /g "NT SERVICE\TrustedInstaller":F

    Result- "The data is invalid."
    • Again, why are you trying to grant permissions to TrustedInstaller? And what is "NT SERVICE" doing in your command line?
      • because I need to do this as configuration (Don't know why, but I want to get permissions to "Trusted Installer").
  • It appears to me that because you do not know the reason for what you are trying to do, you may well have misunderstood the requirement and are trying to do something that makes no sense whatsoever. I strongly recommend that you go and find out why, as then you **might** just find that you are attempting the wrong solution. For example, under Win 7, many files are owned by TrustedInstaller. In order to be able to delete or otherwise work with these files, it is first necessary to change the ownership of the files/folders to another account, and once this is done, apply permissions for the new owner of the files/folders to those files/folders. I cannot imagine ANY scenario where you would want to apply permission to TrustedInstaller as this account is part of the operating system and you should never mess with the operating system.
  • yep. leave it alone. Why on earth would you mess with Creator Owner?? TrustedInstaller, he has all the permissions he needs with out you messing around. If you are elevating permissions. Just give Users Modify permissions. Also, if you have UAC on, you should not have to modify permissions to the location you have highlighted

Answer Chosen by the Author

To establish this, the steps to follow are:
1. Set ownership of the folder "C:\Program Files (x86)\Sybase\" to required user e.g. "CREATOR OWNER" or "Administrator".
eg. - icacls "C:\Program Files (x86)\Sybase\" /setowner "Creator Owner" /T

2. Only after setting an owner to the folder, one can apply the permissions to that particular user using either SetACL or iCacls.
e.g. - icacls "C:\Program Files (x86)\Sybase\" /grant:r "Creator Owner":(OI)(CI)F

Hope it clarifies your doubts.
Answered 02/24/2015 by: akki
4th Degree Black Belt

  • Thanks Bro. It works.

    "Helping hand is Better than praying lips"
  • it works....thanks..
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ