none
subinacl or other tool to list, edit, and add permissions again

    Domanda

  • Hello,

    We're going to migrate users to a new domain, and before doing that I'd like to configure the permissions on the fileserver.
    Currently on the fileserver, ntfs permissions are in place for the old AD accounts.

    I've created a dump of the permissions via subinacl.
    eg :
    subinacl /noverbose /outputlog=.\subinacl_save.txt  /subdirectories  d:\data  /display

    My goal is to add permissions for the new accounts.
    So for this I edit the txt file, and modify "olddomain\username" to "newdomain\usersname"

    I use the /playfile subinacl_save.txt to grant the permissions again.

    I don't see an option however to add permissions, so by default it'll overwrite the permissions.. And I don't want to modify any permissions, only add them.

    Does anyone know how I can perform it with subinacl? I've used Icacls in the past, but want to do it with subinacl.
    I was hoping on using subinacl since it's a really straightforward way for setting the permissions.

    Do you know another tool to use to set the permissions this way :

    1) list permissions to file
    2) change permissions "olddomain\user" to "newdomain\user"n (by editing)
    3) add permissions with the modified file

    giovedì 18 aprile 2013 12:15

Risposte

  • Hi,

    i prefer the powershell cmdlet get-acl and set-acl

    for example: to get ACL and write to CSV or textfile. 

    Get-ChildItem D:\ -Recurse | Get-Acl | export-CSV c:\myacl.csv

     In this example i wrote to a csv.

    then you can modify the CSV and write it back withe set-acl


    Meine Antwort war hilfreich? dann freue ich mich über eine Bewertung. If my answer was helpful, I'm glad about a rating!



    giovedì 18 aprile 2013 18:09

Tutte le risposte

  • Hi,

    i prefer the powershell cmdlet get-acl and set-acl

    for example: to get ACL and write to CSV or textfile. 

    Get-ChildItem D:\ -Recurse | Get-Acl | export-CSV c:\myacl.csv

     In this example i wrote to a csv.

    then you can modify the CSV and write it back withe set-acl


    Meine Antwort war hilfreich? dann freue ich mich über eine Bewertung. If my answer was helpful, I'm glad about a rating!



    giovedì 18 aprile 2013 18:09
  • Thanks a lot Phillipp!!

    Since the servers need to be migrated to the new domain too, I'll use ADMT with SID history, and afterwards assign duplicate ACE's (old + new domain)

    venerdì 19 aprile 2013 11:36
  • Hi,

    icacls could also help modify permission with "/grant"


    TechNet Subscriber Support in forum |If you have any feedback on our support, please contact tnmff@microsoft.com.

    sabato 20 aprile 2013 10:58