SetACL by Helge Klein

Homepage:        http://setacl.sourceforge.net
Version:         2.0.0.6
Copyright:       Helge Klein
License:         GPL

-V-E-R-S-I-O-N--2.0.0.6-----------------------------------------------------------------------

a)	Bugfixes:

-	Fixed bug 783703: Compiler warning with VC++ 7.1 due to signed/unsigned mismatch.

-	Fixed bug 787612: SetACL could crash under certain circumstances (for example, when setting
	the owner) due to incorrect pointer handling / freeing memory.

-V-E-R-S-I-O-N--2.0.0.5-----------------------------------------------------------------------

a)	Bugfixes:

-	Fixed a bug with action "reset children" which was introduced in 2.0.0.3: the object itself
	was also reset, not only it's children.
	
-	Fixed bug 776277: when using one of the three trustee actions (remove/replace/copy trustee)
	with more than one trustee (ie. remove all ACEs belonging to two different trustees) it
	could happen that too many ACEs were affected by the operation.
	
-	Fixed bug 778943: When using a command like: 'SetACL -on c:\test -ot file -actn ace -ace 
	"n:everyone;p:read;m:set;w:dacl" -rec cont_obj' SetACL correctly walked down the tree and
	displayed the objects it should be processing, but permissions were applied to the base
	object only.
	
-	Fixed bug 780246: This is related to bug #778943. Due to recursion not working correctly
	resetting child objects took very (!) long and did not process all child objects.
	Additionally the parameter "-rst <Where> was partly ignored.

-V-E-R-S-I-O-N--2.0.0.4-----------------------------------------------------------------------

a) Setting permissions:

-	Disabled a new "feature" I introduced in version 2.0.0.3 regarding the use of restore
	privileges:

	All read/write operations from/to the ACL/security descriptor were moved to the new class
	CSD in 2.0.0.3. The function CSD::SetSD () is now the single spot where write operations to
	the SD are performed. In SetSD () I first tried to set the SD via SetKernelObjectSecurity()
	which can write the SD without performing access checks, i.e. you could set permissions
	on objects you have no access to and do not own. The BIG disadvantage of
	SetKernelObjectSecurity() is that it is a low-level security API function and therefore does
	not handle inheritance at all: permissions are not propagated to sub-objects, and the
	"inherited" flag of the object's ACEs is not set/cleared as necessary. Since SetACL does
	not do this either, this normally results in incorrect ACLs.
	
	SetKernelObjectSecurity () is not used any more; SDs are set the way they were before
	version 2.0.0.3.

b)	Bugfixes:

-	Fixed Bug 773933: The exception handling in Split () was incompatible with Visual C++ 7.1.
	This has been corrected.
	
-	Fixed a bug: the security descriptor is now only written to the object if there have been
	actual changes. Before, it could happen that by writing to the SD the SD's control bits
	were cleared, resulting in the deletion of the "auto inherited" bit. This was a minor bug
	which had no severe consequences and occured only under special circumstances. An example
	that invoked the bug follows here:
	
	SetACL.exe -on c:\temp\test1 -ot file -actn setprot -op "dacl:nc"

-V-E-R-S-I-O-N--2.0--f-i-n-a-l-(2-0-0-3)------------------------------------------------------

a) Listing permissions

-	Use of privileges: permissions are displayed even if access is denied to the object in
	question. This works in the (local and remote) file system and in the local registry.
	The privilege "SeBackupPrivilege" is needed for this.
	
-	If access to an object is denied and the "SeBackupPrivilege" is not held, the object in
	question is ignored and SetACL proceeds with the next object.

b)	Setting permissions

-	Use of privileges: permissions are set even if access is denied to the object in
	question. This works in the (local and remote) file system and in the local registry.
	The privilege "SeRestorePrivilege" is needed for this.
	
-	If access to an object is denied and the "SeRestorePrivilege" is not held, the object in
	question is ignored and SetACL proceeds with the next object.

c) Various changes

-	Fixed bug 738227: A missing section ("Where") on the help page (printed when 
	"setacl -help" is typed) has been added.

-	Fixed bug 745861: The SYNCHRONIZE flag was set on auditing ACEs, too, which resulted in
	all kinds of access being audited, not only the type specified.
	
-	Fixed bug 739013: If enabling the backup and restore privileges failed, the program would
	exit with an error. This effectively limited the use of SetACL to administrators.
	Now, if these privileges cannot be enabled, only an info message is displayed.
	
-	Fixed a bug: When resetting permissions using action -rstchldrn the parameter "-rst Where"
	was ignored.
	
-	Fixed bug 761666: When setting "man_docs" or "full" permissions on printers a third,
	unnecessary ACE (which had no effect) was generated.
	
-	If SetACL is run on an unsupported OS version an error message is displayed and the program
	exits cleanly.

-V-E-R-S-I-O-N--2.0--B-e-t-a--2---------------------------------------------------------------

a) Listing permissions

-	The listing is written to the screen, too, if not in silent mode.
-	If a backup file is specified, a listing in UNICODE format will be written there. If not,
	the listing is written to the screen only. In other words, the parameter '-bckp' is
	optional.
-	List options need only be set if the default values (csv format, list only DACL, do not
	list inherited permissions) are not suitable. In other words, the parameter '-lst' is
	optional.
-	Inherited permissions are listed only if explicitly specified in the list options (e.g.:
	-lst "f:own;w:d;i:y").
-	Owner and primary group are now listed in own format, too, if requested.
-	The "own" list format has been renamed to "csv".
-	A third, tabular, list format has been added: "tab".
-	Trustees can now be listed using their names, SIDs, or both.
	
b) Various changes

-	Several unnecessary newlines removed from output.
-	Standard permission "list_folder" (file system) was not implemented correctly. Now it works
	as expected. This bug with the ID 737212 has been fixed.

-V-E-R-S-I-O-N--2.0--B-e-t-a--1---------------------------------------------------------------

This is the first public beta version of SetACL version 2. Please visit the program's homepage
for information, bug reports, feature requests, and general discussion.