0
I found this command here.
The command is structured as a registry modification that will add a "Take Ownership" entry in the standard Windows Explorer file/directory context menu. I can see where it uses cmd.exe, and I can sort of understand what's happening from there.
The registry modification contains several commands, but I'm specifically interested in the command to take ownership and grant permissions on a directory tree:
[HKEY_CLASSES_ROOT\Directory\shell\runas]
@="Grant Admin Full Control"
"NoWorkingDirectory"=""
[HKEY_CLASSES_ROOT\Directory\shell\runas\command]
@="cmd.exe /c takeown /f \"%1\" /r /d y && icacls \"%1\" /grant administrators:F /t"
"IsolatedCommand"="cmd.exe /c takeown /f \"%1\" /r /d y && icacls \"%1\" /grant administrators:F /t"
One of the problems is that - because of the way the command is executed - it explicitly invokes cmd.exe with the /C switch. This causes escape sequences to be required for quotation marks (which I don't entirely understand). The command also contains tokens that I have no idea how to use from the command-line ("takeown", "icacls", etc). On top of that, the command is split onto two separate lines, with a line-break in between - which I assume would cause cmd.exe to attempt to execute it as two separate commands, when it does not appear to be such.
I need to convert command into a script file (one that doesn't open another instance of cmd.exe - presumably a batch), with an explicit directory replacing the "%1". The only restriction at this point is that this script needs to be able to run as a shutdown script in the local Group Policy. I don't trust myself to do it correctly, since I have little understanding of the syntax used in this registry modification. As such, it's pretty risky for me to try to do it myself. Who knows what damage I could cause if I got the syntax wrong.
Therefore I'm asking if anyone can point me in the right direction - bonus points for explicit examples.
BTW if you want to call ownandgrant.bat (or whatever you named it) from another batch file, don't forget to use "call ownandgrant.bat". If you don't, it won't go back to your script after running ownandgrant.bat. – Snark – 2009-09-10T09:39:31.423
The original uses && between the commands -- maybe just to get them on one "cmd /c" line -- but the side effect is that the icacls only runs if the takeown successfully completes. This may be important. – quack quixote – 2009-10-02T01:31:33.227