none
How to change NTFS rights and ownership of files to new domain user?

    Pergunta

  • I need a script which looks up the NTFS rights of files and replace these rights for the same user in a new domain. I ran into SetACL.exe and tested it with the following commands:

    SetACL.exe -on "c:\temp" -ot file -actn domain -rec cont_obj -dom "n1:OldDomain;n2:NewDomain;da:repldom;w:dacl" -log c:\sharename.txt

    This works fine for the NTFS rights but it will not change the ownership of the file. Is there another way eg with powershell to accomplish both (NTFS and ownership)?

    Thnx Remco

    sexta-feira, 16 de março de 2012 08:11

Respostas

  • I need a script which looks up the NTFS rights of files and replace these rights for the same user in a new domain. I ran into SetACL.exe and tested it with the following commands:

    SetACL.exe -on "c:\temp" -ot file -actn domain -rec cont_obj -dom "n1:OldDomain;n2:NewDomain;da:repldom;w:dacl" -log c:\sharename.txt

    This works fine for the NTFS rights but it will not change the ownership of the file. Is there another way eg with powershell to accomplish both (NTFS and ownership)?

    Thnx Remco

    SubInAcl is the Microsoft tool that was designed to beused to edit ACLs.  It can find an replace all instances of a users ACEs blindly.  That is to say we give it an old userid and a new userid and it will find and replace the IDs.  I wil also find and replace owners.  No other tool can do that as far as I know.

    SubInAcl is also set up to just do domain moves.  It can take aa domain name and update all users to the new domain. This is the function that you are asking about.


    ¯\_(ツ)_/¯

    • Marcado como Resposta Remco Tiel sexta-feira, 16 de março de 2012 12:54
    sexta-feira, 16 de março de 2012 12:03

Todas as Respostas

  • Have a look at the examples on Helge Kleins site:

    http://helgeklein.com/setacl/examples/managing-file-system-permissions-with-setacl-exe/ 

    It lists:

    Example 1.12 – Setting the Owner

    SetACL.exe -on "\\server1\share1\users" -ot file -actn setprot
               -op "dacl:np;sacl:nc"
               -rec cont_obj
               -actn setowner -ownr "n:S-1-5-32-544;s:y"

    You could try that command.

    Also this is not scripting related but a 3rd party tool which you might be calling from script or batch. It is a good tool though.

    sexta-feira, 16 de março de 2012 09:15
  • I need a script which looks up the NTFS rights of files and replace these rights for the same user in a new domain. I ran into SetACL.exe and tested it with the following commands:

    SetACL.exe -on "c:\temp" -ot file -actn domain -rec cont_obj -dom "n1:OldDomain;n2:NewDomain;da:repldom;w:dacl" -log c:\sharename.txt

    This works fine for the NTFS rights but it will not change the ownership of the file. Is there another way eg with powershell to accomplish both (NTFS and ownership)?

    Thnx Remco

    SubInAcl is the Microsoft tool that was designed to beused to edit ACLs.  It can find an replace all instances of a users ACEs blindly.  That is to say we give it an old userid and a new userid and it will find and replace the IDs.  I wil also find and replace owners.  No other tool can do that as far as I know.

    SubInAcl is also set up to just do domain moves.  It can take aa domain name and update all users to the new domain. This is the function that you are asking about.


    ¯\_(ツ)_/¯

    • Marcado como Resposta Remco Tiel sexta-feira, 16 de março de 2012 12:54
    sexta-feira, 16 de março de 2012 12:03