tom-harmon
asked on
Non-existant account is owner of folders/files
Last summer we moved from a multiple domain NT 4.0 structure to a single domain Windows 2000 and AD. I have now found some folders and files in the users home folder that neither the user, administrator or domain administrator is able to access. Most of them are in thier ...\history\history.ie5 folders. I think that the owner of these folders/files is their account from the old NT domain that no longer exists. The only way we can gain access to them is by having an administrator take ownership of them and then change the acls on them so the user can get access to them again.
My question is... is there a command-line utility that would allow me to script this en-mass? I've tried xcacls.exe, subinacl.exe, fileowner.pl and takeowner.exe. The only one that seems to work is takeowner.exe but it doesn't have a resurse subdirectory option. I'd even settle for a way to 'blow-away' the folders if that's as good as I can get.
Thanks in advance for any help you can provide.
My question is... is there a command-line utility that would allow me to script this en-mass? I've tried xcacls.exe, subinacl.exe, fileowner.pl and takeowner.exe. The only one that seems to work is takeowner.exe but it doesn't have a resurse subdirectory option. I'd even settle for a way to 'blow-away' the folders if that's as good as I can get.
Thanks in advance for any help you can provide.
ASKER
Yes, I've tried xcacls data /t /e /c /g administrator:f;o /y
It works on all the folders and files up to the point of the first folder or file that I trying to change. It then stops and gives me a "unable to perform a security operation on an object that has no associated security."
If I run it without the /e for edit I get the message "The filename, directory name, or volume label syntax is incorrect" when it gets to the first folder or file that I'm having the problem with.
It works on all the folders and files up to the point of the first folder or file that I trying to change. It then stops and gives me a "unable to perform a security operation on an object that has no associated security."
If I run it without the /e for edit I get the message "The filename, directory name, or volume label syntax is incorrect" when it gets to the first folder or file that I'm having the problem with.
ok - possibly a silly question but is your partition FAT or NTFS?
If your partition is NTFS (which is what I hope it is) and you're having no joy with xcacls you could try another tool like supercacls http://www.trustedsystems.com/scacls.htm
Another thing to try is getting filemon from www.sysinternals.com and checking what's happening when the failure occurs (i.e. exactly what your problem file/folder is called).
Check you are able to view the ACL/take ownership on the problem file/folder directly (i.e. right-click, properties, security, etc)
Another thing to try is getting filemon from www.sysinternals.com and checking what's happening when the failure occurs (i.e. exactly what your problem file/folder is called).
Check you are able to view the ACL/take ownership on the problem file/folder directly (i.e. right-click, properties, security, etc)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The chown utility from the uk link did the trick.
Thanks much for all of your help!
Thanks much for all of your help!
http://www.jsiinc.com/SUBK/tip5100/rh5171.htm#3
something like> xcacls *.* /T /E /G administrator:F;O /Y
(the /T recurses subdirectories, /E is edit so you don't wipe out existing permissions, /Y will stop it asking you for confirmation, F is Full Access, O is Ownership)
but check the syntax out to see exactly what you want.