I have quite a few folders on the NTFS partition (in Windows 2008) that do not inherit their permissions from their parents.
I would like to reset them to enable these parent permissions (equivalent to checking the "Enable inherited permissions from this parent object" checkbox in the "Advanced Security Settings" area).
Since we use Python for some other system management tasks here, I would like to do it in Python, if possible (I know how I can do this in VBScript, but it will not be one of the script, but run regularly, so it should integrate with the rest of our code base).
I used the excellent pywin32 extensions and examples from http://timgolden.me.uk/python/win32_how_do_i.html and Google to get started, but I don't see any way to just say “inherit permissions from parent”.
Using AddAccessAllowedAceEx, I can even fake the inheritance of something by adding the INHERITED_ACE flag to something like: does it really come from the parent or not:
dacl.AddAccessAllowedAceEx( \ win32security.ACL_REVISION_DS \ , win32security.OBJECT_INHERIT_ACE | win32security.CONTAINER_INHERIT_ACE | win32security.INHERITED_ACE \ , ntsecuritycon.FILE_GENERIC_READ | ntsecuritycon.FILE_GENERIC_EXECUTE \ , some_sid_here \ )
But how in the world do I know what things to inherit if I do not go all the way from the root folder and draw the inheritance to the end?
source share