Hi team,
I wanted to give a particular windows folder some specific privilege - eg - Administrator, owner - full privilege, users - read only.
Would I be able to do that through IEM. If yes, then how to achieve that? Any help / pointers would be great.
Sure, you can do that. Create a BigFix Action that invokes one of the command-line permissions utilities. Depending on the version of the OS you’re using (and I’m assuming it’s some form of Windows), you could use cacls, xcacls, icacls, or subinacl.
waithidden icacls.exe "c:\temp\testfolder" /reset
waithidden icacls.exe "c:\temp\testfolder" /grant "Administrators":F
waithidden icacls.exe "c:\temp\testfolder" /grant "Creator Owner":F
waithidden icacls.exe "c:\temp\testfolder" /grant "Users":R
The first line resets any explicitly-defined permissions and the folder will default to the inheritable permissions of the parent folder. If that’s not desired there are other icacls.exe options to block permissions inheritance, see “icacls.exe /?”
In addition to @JasonWalker 's suggestion to make the changes, you can also write relevance to detect if the permissions are not currently set the way you want before running the action to set them. ( In my opinion, you should always have relevance that checks if the actionscript needs to be run or not )
This fixlet/task is no longer relevant to spotify, but it is still a valid example for what you are trying to do: http://bigfix.me/fixlet/details/771