[python-win32] Backup up Windows ACLs
Tim Golden
mail at timgolden.me.uk
Sat Mar 19 08:13:58 CET 2011
On 18/03/2011 10:33 PM, Randy Syring wrote:
> Ok, I read up on my accronyms. Is there anything in the windows python
> landscape that implements SD<=> SDDL or would be a building block to
> doing so?
See my slightly later post for an example.
[Tim Golden]
>> The additional complication with ACLs (especially when it comes
>> to restoring them) is coping with the levels of inheritance and
>> override.
>>
> Dully noted. Any advice or code examples that might help with this?
Not much:
* Use Backup (for reading) and Restore (for writing) privileges
to get/set the permissions. They're intended for your very
use case.
* The standard SetSecurityInfo handles the inheritance for you IIRC
but also -- helpfully -- ignores it when you try to set a permission
which is already inherited. I haven't looked at this recently but
I'm fairly sure that's what I remember. This means that you might
just be able to run down the tree restoring files and applying
security willy-nilly and get away with it.
One obvious issue is mapping SIDs, if you're restoring onto a system
which wasn't the originator, or if accounts have been removed since
then...
TJG
More information about the python-win32
mailing list