Wednesday, December 19, 2007

take ownership of files & folders

Administrator Cannot Access Another User's Redirected My Documents Folder
Even if an administrator has not permissions he should be able to take ownership via Explorer to access the folder properties for security. If that does not work for you for some reason take a look at the free utility fileacl that is also shown on the Microsoft website as it has an option to force ownership. If you still have problems check the user rights on that computer via secpol.msc to make sure that administrators have the user right to take ownership. I believe xcacls.vbs will also let you take ownsership

Download details: SubInACL (SubInACL.exe)

Download details: FILEACL

XCACLS Gui

> Note - I'm not a scripting guru either. And as much as I love command lines, > this particular sort of thing makes me nervous. Last time I did this, I used > the GUI in the link I originally posted for you - and *added* the group > Administrators, without changing anything else. Sorry I can't help further; > you might post in m.p.windows.server.scripting if you want to do this > without the little gui helper.
After a few hours of trial and error, this is what I came up with:
@echo off for /F "tokens=*" %%* in ('dir /ad /b *') do call :Sub %%* goto :eof
:Sub echo Processing %* ... subinacl.exe /file %* /objectcopysecurity=templateuser >> fix.log subinacl.exe /file %* /replace=templateuser=%* >> fix.log fileacl.exe %* /INHERIT /REPLACE /NOROOT /SUB /FILES >> fix.log fileacl.exe %* /O %* /NOROOT /SUB /FILES >> fix.log
It iterates through all directories and for each directory does the following:
1. Copies the permissions from the folder templateuser to the current directory (this also changes the owner). 2. Replaces the permissions for "templateuser" that were copied in step 1 with the username that matches the current directory. 3. Removes all non-standard permissions from subdirectories and files in the current directory and sets the inherit flag (inherit from parent). 4. Sets the owner back to the current user.
At first I was attempting to set the permissions manually as opposed to copying them from a folder with the correct permissions, but I was unable to replicate the permissions perfectly. subinacl.exe with the / objectcopysecurity and /replace switches really came to the rescue.
I just ran it overnight. I'm going to browse through fix.log to see if there were any problems, but looking at a sample of maybe 10 folders, it appears to have worked beautifully! Thanks for the help.
Cheers, Rickard
Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)