�uicacls�v�usubinacl�v�R�}��h�ŃA�N�Z�X��䃊�X�g�iACL�j��烁��o�[��폜��yWindows OS�z�FTech TIPS

�t�@�C��t�H��_�A��W�X�g��Ȃǂ̃I�u�W�F�N�g�ɑ΂��A�N�Z�X��́A�A�N�Z�X��䃊�X�gACL�ŊǗ��Ă��B��̃A�J�E��g�ɑ΂��ACL�̃G��g��폜��ɂ́Aicacls��subinacl�R�}��h�𗘗p��B�폜�ς݂̃A�J�E��g�ɑ΂��G��g��폜��ɂ́ASID�`��Ŏw�肷��B

[�ŉz�_�K�C�f�W�^��A�h�o��e�[�W] PC�p�\�� ֘A��

LINE

Hatena

�A�ږڎ�

�uicacls�v�usubinacl�v�R�}��h�ŃA�N�Z�X��䃊�X�g�iACL�j��烁��o�[��폜��yWindows OS�z

�ΏہFWindows 2000�^Windows XP�^Windows Vista�^Windows 7�AWindows Server 2003�^Windows Server 2008�^Windows Server 2008 R2

�A�N�Z�X��䃊�X�g�iACL�j��̃��[�U�[�^�O��[�v��폜��I

�@Tech TIPS�uicacls�R�}��h�ŃA�N�Z�X��䃊�X�g��̃��o�[��v��usubinacl�R�}��h�ŃA�N�Z�X��䃊�X�g��̃��o�[��v�ł́A�uicacls�v�usubinacl�v�R�}��h��g��ăA�N�Z�X��䃊�X�g�i�ȉ�ACL�j��Ɋ܂܂��A��̃��o�[��i��܂܂��G��g��j��@��Љ��B

�@�{Tech TIPS�ł͂��̉��p�Ƃ��āA��icacls�^subinacl�R�}��h��g��āA��̃��o�[��܂܂��G��g��폜��@��Љ��B�l��ٓ��ȂǂŃZ�L��e�B�ݒ��ύX��ꍇ��A��łɍ폜��Ă��܂��[�U�[��O��[�v�A�J�E��g��܂܂��G��g��폜��Ƃ��ꍇ�ɗ��p�ł��B

�@Windows Server 2003��icacls�R�}��h�̓��@�ɂ��ẮATech TIPS�uicacls�R�}��h�Ńt�@�C��̏��L�҂�ύX��v��Q�Ƃ��Ă��B�܂�subinacl�R�}��h�̓��́ATech TIPS�usubinacl�R�}��h�ŃI�u�W�F�N�g�̃Z�L��e�B��\��isubinacl�̊�{�j�v��Q�Ƃ��邩�A�ȉ��̃��N�悩��_�E��[�h��Ă��B

SubInACL (SubInACL.exe)�m�p��n�i�}�C�N��\�t�g �_�E��[�h �Z��^�[�j

�@icacls�ł͂Ȃ��ucacls�v�R�}��h�𗘗p��ꍇ�́ATech TIPS�ucacls�R�}��h��ACL��ҏW��v��Q�Ƃ��Ă��B

icacls�R�}��h�œ��̃A�J�E��g��ACL�G��g��폜��

�@icacls�R�}��h�œ��̃��[�U�[�^�O��[�v�A�J�E��g��܂܂��G��g��폜��ɂ́A�u/remove�v�I�v�V��𗘗p��B

C:\>icacls /? �c�c�w��v�̕\��
�c�c�i��j�c�c
ICACLS <��O> [/grant[:r] <SID>:perm[...]]
       [/deny <SID>:perm [...]]
       [/remove[:g|:d]] <SID>[...]] [/T] [/C] �c�c��𗘗p��

    /grant[:r] <SID>:perm �́A�w�肳�ꂽ��[�U�[ �A�N�Z�X��t�^��܂��B
        :r ��w�肷��ƁA�ȑO�ɕt�^��ꂽ��ׂĂ̖��I�ȃA�N�Z�X��͐V��
        �A�N�Z�X��ɒu��܂��B
        :r ��w�肵�Ȃ��ꍇ�A�V��A�N�Z�X��͈ȑO�ɕt�^��ꂽ��I��
        �A�N�Z�X��ɒǉ��܂��B

    /deny <SID>:perm �́A�w�肳�ꂽ��[�U�[ �A�N�Z�X��𖾎��I�ɔے肵�܂��B
        �w�肳�ꂽ�A�N�Z�X��̖��I�Ȕے� ACE ��ǉ��A��I�ȋ��e
        �Ɋ܂܂ꂽ��A�N�Z�X��͍폜��܂��B

    /remove[:[g|d]] <SID> �́AACL ��ɂ��邷�ׂĂ� <SID> ��폜��܂��B
        :g ��w�肷��ƁA�� SID �ɑ΂��ċ��ꂽ��ׂĂ̌�� ACL ��
        �폜��܂��B
        :d ��w�肷��ƁA�� SID �ɑ΂��Ĕے肳�ꂽ��ׂĂ̌�� ACL ��
        �폜��܂��B
�c�c�i�ȉ��ȗ��j�c�c

icacls�R�}��h�̃w��v��\��

�@��A��̂悤�ȃA�N�Z�X��ݒ肳�ꂽ�t�@�C��Ƃ��B

C:\>icacls x.txt �c�cicacls�R�}��h�ɂ��m�F�B�ȉ��6�̃G��g��
x.txt MYPC12\user01:(W) �c�c��폜��Ă݂�
      MYPC12\user02:(W)
      BUILTIN\Administrators:(F)
      EXAMPLEDOM\uchikoshi:(F)
      NT AUTHORITY\SYSTEM:(F)
      BUILTIN\Users:(RX)

1 �̃t�@�C��ɏ��܂��B0 �̃t�@�C��ł��܂��ł��

icacls�R�}��h��ACL��m�F��

�@��ACL��A�Ⴆ�ΐ擪�́uuser01�v�A�J�E��g�i��̓��[�J��PC�̃A�J�E��g�j�ɑ΂��鋖�G��g��폜��ɂ́A��̂悤��/remove�I�v�V��w�肷��B

C:\>icacls x.txt /remove user01 �c�cuser01�̃G��g��폜��
��t�@�C��: x.txt
1 �̃t�@�C��ɏ��܂��B0 �̃t�@�C��ł��܂��ł��

C:\>icacls x.txt �c�c��ʂ̊m�F
x.txt MYPC12\user02:(W) �c�c��̒��O�̃G��g��폜��Ă��
      BUILTIN\Administrators:(F)
      EXAMPLEDOM\uchikoshi:(F)
      NT AUTHORITY\SYSTEM:(F)
      BUILTIN\Users:(RX)

1 �̃t�@�C��ɏ��܂��B0 �̃t�@�C��ł��܂��ł��

icacls�R�}��h��ACL��uuser01�v�A�J�E��g�̃G��g��폜��

�@�T�u�t�H��_�S�̂��ꍇ�́A�u/t�v�I�v�V��ǉ��B

subinacl�R�}��h�œ��̃A�J�E��g��ACL�G��g��폜��

�@subinacl�R�}��h�œ��̃��[�U�[�^�O��[�v�A�J�E��g��܂܂��G��g��폜��ɂ́A�u/revoke�v�I�v�V��𗘗p��B

C:\>subinacl /help /revoke �c�c�w��v�̕\��
SubInAcl version 5.2.3790.1180

/REVOKE
-------

/revoke=[DomainName\]User �c�c�폜�R�}��h

suppress all Permission Ace(s) for the specified User (or group)

subinacl�R�}��h�̃w��v��\��

�@��قǂƓ��t�@�C��ix.txt�j��ꍇ�ɁAuser01�A�J�E��g�ɑ΂��G��g��폜��ɂ͎��̂悤�ɂ��B

C:\>icacls x.txt �c�cicacls�R�}��h�ɂ��m�F
x.txt MYPC12\user01:(W) �c�c�ȉ��6�̃G��g��
      MYPC12\user02:(W)
      BUILTIN\Administrators:(F)
      EXAMPLEDOM\uchikoshi:(F)
      NT AUTHORITY\SYSTEM:(F)
      BUILTIN\Users:(RX)

1 �̃t�@�C��ɏ��܂��B0 �̃t�@�C��ł��܂��ł��

C:\>subinacl /file x.txt /revoke=user01 �c�cuser01�ɑ΂��G��g��̍폜
C:\x.txt : delete Perm. ACE 0 MYPC12\user01 �c�c��
C:\x.txt : 1 change(s) �c�c��

Elapsed Time: 00 00:00:00
Done:        1, Modified        1, Failed        0, Syntax errors        0
Last Done : C:\x.txt

C:\>icacls x.txt �c�c��ʂ̊m�F
x.txt MYPC12\user02:(W) �c�c1�폜��Ă��
      BUILTIN\Administrators:(F)
      EXAMPLEDOM\uchikoshi:(F)
      NT AUTHORITY\SYSTEM:(F)
      BUILTIN\Users:(RX)

1 �̃t�@�C��ɏ��܂��B0 �̃t�@�C��ł��܂��ł��

C:\>

subinacl�R�}��h��ACL��user01�A�J�E��g�ɑ΂��G��g��폜��

�@�u/file ��O��v�́A�t�@�C��ꍇ�̎w��ł��B�T�u�t�H��_�S�̂��w�肷��ꍇ�́u/subdirectories ��O��v�̂悤�Ɏw�肷��B��W�X�g��⋤�L�Ȃǂ̃I�u�W�F�N�g��w�肷��@�ɂ��ẮATech TIPS�usubinacl�R�}��h�ŃI�u�W�F�N�g�̃Z�L��e�B��\��isubinacl�̊�{�j�v��Q�Ƃ��Ă��B

�s��A�J�E��g�ɑ΂��G��g��̍폜

�@��[�J��PC��h��C��烆�[�U�[��O��[�v��폜��Ă��A�t�@�C��t�H��_�Ȃǂ̃I�u�W�F�N�g�ɕt��ꂽACL��̃G��g��͂��̂܂܂ł��B��̂悤�ȃP�[�X��ACL�̓��e��\��ƁA�A�J�E��g�̑��ɁA�u<�A�J�E��g �h��C��܂��>�v��u�A�J�E��g��ƃZ�L��e�B ID �̊Ԃ̃}�b�s��O�͎��s��܂��ł��B�v�Ƃ��b�Z�[�W��\��B�Ⴆ�΁A�uuser02�v�A�J�E��g��폜��Ǝ��̂悤�ɂȂ�B

C:\>cacls x.txt �c�ccacls�R�}��h�ɂ��m�F
C:\x.txt MYPC12\user01:(��ȃA�N�Z�X:)
                       SYNCHRONIZE
�c�c�i��j�c�c
         <�A�J�E��g �h��C��܂��>(��ȃA�N�Z�X:) �c�c�s��A�J�E��g�ɑ΂��G��g��
                             SYNCHRONIZE
�c�c�i��j�c�c
         BUILTIN\Administrators:F
         EXAMPLEDOM\uchikoshi:F
         NT AUTHORITY\SYSTEM:F
         BUILTIN\Users:R

�O�o�̗�ŁA�uuser02�v�A�J�E��g��폜��ꂽ�ꍇ��cacls�R�}��h�̕\��

C:\>icacls x.txt �c�cicacls�R�}��h�ɂ��m�F
x.txt MYPC12\user01:(W)
      �A�J�E��g��ƃZ�L��e�B ID �̊Ԃ̃}�b�s��O�͎��s��܂��ł��B
(W) �c�c�s��A�J�E��g�ɑ΂��G��g��
      BUILTIN\Administrators:(F)
      EXAMPLEDOM\uchikoshi:(F)
      NT AUTHORITY\SYSTEM:(F)
      BUILTIN\Users:(RX)

1 �̃t�@�C��ɏ��܂��B0 �̃t�@�C��ł��܂��ł��

�O�o�̗�ŁA�uuser02�v�A�J�E��g��폜��ꂽ�ꍇ��icacls�R�}��h�̕\��

�@��̂悤�ȏꍇ�́A�폜��ꂽ�A�J�E��g��SID��`��Ŏw�肷��΂悢�BSID��Ƃ́A�I�u�W�F�N�g�̓��ł��A�Ⴆ�΁uS-1-1-0�v�Ƃ��`��ƂȂ��Ă��B�ڍׂ�Tech TIPS�u�I�u�W�F�N�g��ʂ��SID�Ƃ́H�v�uwhoami�R�}��h�Ń��[�U�[��SID�⌠��𒲍��v��Q�Ƃ��Ă��Bsubinacl�R�}��h�ł́A�A�J�E��g��s��ȏꍇ��SID�`��ŕ\��̂ŁA��Ŋm�F��B

C:\>subinacl /file x.txt �c�csubinacl�ɂ��m�F

===============
+File C:\x.txt
===============
�c�c�i��j�c�c
/pace =S-1-5-21-515967499-1637732038-1606110848-1031    ACCESS_ALLOWED_ACE_TYPE-0x0 �c�c��ꂪ�폜��ꂽ�A�J�E��g�ɑ΂��G��g��
    Type of access:
        Special acccess :
    Detailed Access Flags :
        FILE_WRITE_DATA-0x2         FILE_APPEND_DATA-0x4        FILE_WRITE_EA-0x10
        FILE_WRITE_ATTRIBUTES-0x100 SYNCHRONIZE-0x100000
�c�c�i�ȉ��ȗ��j�c�c

subinacl�R�}��h�ŕs��ȃA�J�E��g��SID��\��

�@��̃��X�g�̒��ɂ��A�uS-1-5-21-�i�ȉ��j�v�Ƃ��̂��폜��ꂽ�G��g��ɑ΂��SID��ł��B��w�肵�āA�G��g��폜��΂悢�B

�@subinacl�Ȃ�A�A�J�E��g��̑��SID��𒼐ڂ��̂܂܋L�q��΂悢�B

C:\>subinacl /file x.txt /revoke=S-1-5-21-515967499-1637732038-1606110848-1031 �c�c�폜
C:\x.txt : delete Perm. ACE 1 S-1-5-21-515967499-1637732038-1606110848-1031
C:\x.txt : 1 change(s)

Elapsed Time: 00 00:00:00
Done: 1, Modified 1, Failed 0, Syntax errors 0
Last Done : C:\x.txt

subinacl�R�}��h��SID��w�肵�ăG��g��폜��

�@�Ȃ�icacls�R�}��h�ł́ASID��̑O�Ɂu*�v��t��SID�`��ŃA�J�E��g��w��ł��邱�ƂɂȂ��Ă��B��A�폜�ς݃A�J�E��g�i�⑶�݂��Ȃ��A�J�E��g�Ȃǁj�̏ꍇ�͗��p�ł��Ȃ��悤�ł��iSID�Ƃ��Đ��ǂ��؂ł��Ȃ��̂ŃG��[�Ƃ��Ă��悤��j�Bicacls�ł͂��̕\�L��@�́A�L��ȃA�J�E��g��g��ACL��ҏW��A�폜��ꍇ�ɂ̂ݗ��p�ł��B

C:\>icacls x.txt /remove *S-1-5-21-515967499-1637732038-1606110848-1031 �c�cSID�`��Ŏw�肵�Ă݂�
0 �̃t�@�C��ɏ��܂��B0 �̃t�@�C��ł��܂��ł�� �c�c�G��[
C:\>icacls x.txt /grant *S-1-1-0:F �c�cEveryone:F��ǉ��Ă݂�
��t�@�C��: x.txt
1 �̃t�@�C��ɏ��܂��B0 �̃t�@�C��ł��܂��ł��

icacls�R�}��h�ł��L��ȃA�J�E��g�Ȃ�SID�`��Ŏw��ł��

��̋L��Ɗ֘A��̍��ʂ̋L��