You can also view and manage security permissions with command line utilities such as cacls and xcacls.vbs and my favorite is fileacl. Both xcacls.vbs and fileacl can also change ownership of folders or files.
http://www.gbordier.com/gbtools/fileacl.htm --- fileacl
http://support.microsoft.com/?id=825751 --- xcacls.vbs
I have tried using xcacls, but I am getting an access denied message
there as well when I attempt to change the permissions.
- Webtools Tutorial
- User Guide
- A quick look at the Windows 2003 support tools
- Setting ownershp and permissions from the command line
- How to use Xcacls.vbs to modify NTFS permissions
- SWXCACLS - a binary implementation of XCACLS.vbs
- HOW TO: Use Xcacls.exe to modify NTFS permissions
- ACL Tutorial
- Using the Command Line to Edit Multiple Subdirectory Permissions
A program titled NTFSFIX has solved my problems. See below for the link:
- Windows 2000, XP or 2003 Server
- .NET Framework version 1.1 (Download from Microsoft or Windows Update)
- A user account that has full control permissions on the work areas, or has ownership of the folders.
- Select Mode (Add or Replace)
- Add custom permissions to the work area (Default permissions shown below)
- Select the root folder. (UNC or local path supported) You can also exlude folders here.
- Confirm the selection & start the permissions change.
In the above screenprint two folders were not configured properly. This is because no users exist in the domain with the same name as the folder.
You can use subinacl.exe or fileacl.exe to replace the current owner.
The syntax for fileacl.exe is much easier than for subinacl.exe.
Denied message. I omitted the /c option so
"Replace owner on subcontainers and objects"
Got it to work (mostly, haha)
Had to run "fileacl.exe \\server\share /o Administrators /s Administrators /SUB /FILES" twice (for whatever reason the
files don't take the first time around). In theory after that "fileacl.exe //server/share /replace /inherit" should
have worked, but it causes fileacl to fault on large trees.
So SetACL/xcacls/whatever works to reset inheritance after that.
Set Up and Use Xcacls.vbs
To set up and to use Xcacls.vbs, follow these steps:
- Obtain the latest version of Xcacls.vbs from the following Microsoft Web site:
- Double-click Xcacls_Installer.exe. When you are prompted for a location to place the extracted files, specify a folder that is in your computer's search-path setting, such as C:\Windows.
- Change the default scripting engine from Wscript to
Cscript. (The Xcacls.vbs script works best in Cscript.) To do this,
type the following at a command prompt, and then press ENTER:cscript.exe /h:cscriptNote Changing the default scripting engine to Cscript only affects how scripts write to the screen. Wscript writes each line individually to an OK dialog box. Cscript writes each line to the command window. If you do not want to change the default scripting engine, you must run the script by using the following commandcscript.exe xcacls.vbswhereas if you change the default to Cscript, you can run the script with the following command:xcacls.vbs.
- To see the Xcacls.vbs command syntax, type the following at a command prompt:xcacls.vbs /?