GiveAccess - Set access permissions on files or folders
GA.exe sets access permissions of one or more files or folders, or on registry keys. It is a small program (9 KB) that can be used to adjust permissions during installation by running it in a custom action (QuickInstall 2) or Run Program action (ExpertInstall 3, Installer 5, InstallMate 7, InstallMate 9).
This program is copyright © 1990-2012 Tarma Software Research Pty Ltd.
You may freely use this program for personal or internal business uses only. You may not incorporate the program either wholly or in part into any product or publication, or otherwise distribute the program without express written permission from Tarma Software Research Pty Ltd. However, you may provide links to this program's web page.
As a special exception, Tarma Software Research Pty Ltd hereby allows you to incorporate and distribute GA.exe with installers that you create with InstallMate 9, InstallMate 7, Tarma Installer 5, Tarma ExpertInstall 3, or Tarma QuickInstall 2.
Tarma Software Research Pty Ltd is not liable for errors or omissions in this program.
- Download GiveAccess (version 184.108.40.20615, 27 November 2012)
Contents: The download archive contains the following versions of the GiveAccess tool:
|GA.exe||32-bit version of GiveAccess; intended for distribution and use on 32-bit Windows systems.|
|GA-Debug.exe||32-bit debug version of GiveAccess; intended for diagnostic and testing use (only) on 32-bit Windows systems. Not intended for redistribution.|
|GAx64.exe||64-bit version of GiveAccess; intended for distribution and use on x64 Windows systems (not suitable for IA64 systems).|
|GAx64-Debug.exe||64-bit debug version of GiveAccess; intended for diagnostic and testing use (only) on x64 Windows systems (not suitable for IA64 systems). Not intended for redistribution.|
System requirements: Runs on Windows NT4, 2000, XP, Vista, 7, 8, their Server editions, and later, both 32-bit and 64-bit versions. It does not run on Windows 9x systems, because those systems have no concept of access permissions.
GA GA access name_or_SID path
The first form displays a syntax summary and exits. The second form applies the access permissions to path for the account name or SID name_or_SID.
|GA||Name of the program; .exe is implied. You may have to use a fully qualified file path if GA.exe is located in a folder that does not appear in your PATH environment variable.|
|(none)||Display a message box with version info and syntax summary; exit when the user closes the message box.|
Desired access rights. This can be a combination of the following:
Name or SID (Security IDentifier) of the party to whom the rights are conveyed. This must be a name or SID of an existing built-in, local, or domain account.
If name_or_SID starts with the sequence S-, then GA interprets it as a security identifier; else it's assumed to be an account name. This implies that GA will fail if you are trying to use an account name that starts with S-.
Path to the file or folder, or to a registry key.
Be sure to "quote" the path if it contains spaces.
The following table lists some well-known security identifiers that you can use for name_or_SID. Consult the MSDN documentation for more.
|Everyone||S-1-1-0||The Everyone group; allows access to all users and groups.|
|Creator Owner||S-1-3-0||Pseudo-identifier that represents the account that created the file or folder.|
|Interactive||S-1-5-4||Users who are loggen in for an interactive session.|
|Authenticated||S-1-5-11||All authenticated users.|
|Users||S-1-5-32-545||Local Users group. Note that this is not to the same as Everyone; the Users group only includes accounts that are explicitly added to it (usually designated restricted users).|
|Power Users||S-1-5-32-547||Local Power Users group.|
|Administrators||S-1-5-32-544||Local Administrators group.|
|Guests||S-1-5-32-546||Local Guests group.|
- GA adds the permissions to any existing or inherited permissions. If the target is a folder or a registry key, then the additional permissions will be inherited by files and subfolders in the folder (in the case of a folder) or the subkeys (in case of a registry key).
- File and folder permissions are only supported on Windows NT-based systems (i.e., NT4, 2000, XP, Vista, 7, 8, and later) that use NTFS as their file system. Registry key permissions are only supported on Windows NT-based systems.
- On 64-bit Windows systems you must use the x64 version of GA.exe to access the 64-bit view of the registry. If you use the 32-bit version of GA.exe on a 64-bit Windows system, the tool will try to modify the 32-bit registry keys, not the 64-bit keys.
- GA.exe will not run on Windows 9x systems (i.e., Windows 95, 98, Me) and if you use GA.exe in an installer action, then you should make sure that GA.exe is not run on these systems (for example, by clearing the action's Platforms boxes for Windows 95, 98, Me).
Here are some usage examples.
- Displays a message box with the syntax summary and version info, and exits when the message box is closed.
- GA A Everyone *.*
- Gives full access to all files and folders in the current folder.
- GA A S-1-1-0 *.*
- Does the same, but in a language-independent way.
- GA RW S-1-5-32-547 Data.mdb
- Gives users in the Power Users group read/write access to the file Data.mdb.
- GA A S-1-1-0 "<CommonProductAppDataFolder>\Data.mdb"
- Gives everyone full access to the Data.mdb file in the product's application data folder. Note the use of quotes to catch any spaces that might result from the expansion of <CommonProductAppDataFolder>.
- GA A S-1-1-0 MACHINE\Software\Microsoft\Windows\CurrentVersion
- Gives everyone full access to the HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion registry key and all of its subkeys (unless a subkey has permissions that block propagation of inherited access rights). Note that this is not recommended and only used here as an example of a registry key modification.