Skip to main content

vserver security file-directory ntfs dacl remove

Contributors
Suggest changes

Remove a DACL entry from NTFS security descriptor.

Availability: This command is available to cluster and Vserver administrators at the admin privilege level.

Description

The vserver security file-directory ntfs dacl remove command removes a discretionary access control entry from a security descriptor.

You can unambiguously define which DACL entry to remove by specifying the following four parameters in the command:

  • Vserver associated with the security descriptor that contains the DACL entry

  • Name of the security descriptor that contains the DACL entry

  • Whether the DACL is an allow or deny type of DACL entry

  • The account name or SID to which the DACL is applied

Parameters

-vserver <vserver name> - Vserver

Specifies the name of the Vserver associated with the security descriptor from which you want to remove a discretionary access control entry.

-ntfs-sd <ntfs sd name> - NTFS Security Descriptor Name

Specifies the name of the security descriptor that contains the discretionary access control entry that you want to remove.

-access-type {deny|allow} - Allow or Deny

Specifies whether the discretionary access control entry you want to remove is an allow or deny of access control.

-account <name or sid> - Account Name or SID

Specifies the account name or SID associated with the discretionary access control entry that you want to remove.

Examples

The following example removes a DACL entry from the security descriptor named “sd2” with “allow” access type for the "BUILTIN\Administrators" account on Vserver vs1.

cluster1::> vserver security file-directory ntfs dacl remove -ntfs-sd sd2 -access-type allow -account BUILTIN\Administrators -vserver vs1