v92 FileComponent ICACLS.EXE

The documentation for v92/v93 states that, under Windows,  the FileComponent process component requires ICACLS to edit permissions: 

https://docs.oneidentity.com/bundle/one-identity-manager_configuration_9.2/page/sources/proc/processes/proccomponentoverview.html

We've setup a new jobserver on Windows 2022 and noticed that both icacls.exe and cacls.exe are present, although this latter is being deprecated according to Microsoft. However, the filecomponent stil uses cacls according to the logs:

(...) [837012] Cacls.Exe failed with return code 1332  (...)

How/Where in the configuration can we replace cacls.exe by icacls.exe ?

Thanks!

Parents
  • Hi Juan Carlos,

    you cannot replace cacls.exe with icacls. But you can use the process task MODIFYFILEACCESS_DOTNET for your custom processes. All out-of-the-box processes have already been modified to use MODIFYFILEACCESS_DOTNET.

    The FileComponent has 3 tasks:

    • MODIFYFILEACCESS_UNIVERSAL - uses Cacls.Exe under Windows
    • MODIFYFILEACCESS_WIN32 - uses Cacls.Exe or XCacls.Exe under Windows if the option UseXCacls=true
    • MODIFYFILEACCESS_DOTNET - Windows Only - does not use an external executable, but .NET provided methods

    HtH



Reply
  • Hi Juan Carlos,

    you cannot replace cacls.exe with icacls. But you can use the process task MODIFYFILEACCESS_DOTNET for your custom processes. All out-of-the-box processes have already been modified to use MODIFYFILEACCESS_DOTNET.

    The FileComponent has 3 tasks:

    • MODIFYFILEACCESS_UNIVERSAL - uses Cacls.Exe under Windows
    • MODIFYFILEACCESS_WIN32 - uses Cacls.Exe or XCacls.Exe under Windows if the option UseXCacls=true
    • MODIFYFILEACCESS_DOTNET - Windows Only - does not use an external executable, but .NET provided methods

    HtH



Children