Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Script to change file ownership?

Posted on 2006-06-27
16
Medium Priority
?
2,084 Views
Last Modified: 2008-03-10
Anyone have a script that you can point at the top of a directory tree, give it new and old file ownership, and have it go through all folders and files in the tree and change any with the old file ownership to have the new ownership?
0
Comment
Question by:hberenson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 10
  • 4
16 Comments
 
LVL 26

Expert Comment

by:Pber
ID: 16995073
download xcacls.vbs

http://support.microsoft.com/?id=825751

then do a

cscript xcacls.vbs *.* /S /T /E /G domain\user:D

0
 
LVL 26

Expert Comment

by:Pber
ID: 16995108
Forget that, you don't need the vbs version, just use xcacls from the support tools

xcacls.exe *.* /T /E /C /G domain\user:O
0
 
LVL 26

Expert Comment

by:Pber
ID: 16995304
woops, my bad.  That's the take ownership permission.

0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 
LVL 3

Author Comment

by:hberenson
ID: 16995625
xcacls.vbs will let me change ownership, but it doesn't seem to have a way to do it conditional to who the current owner is.
0
 
LVL 26

Expert Comment

by:Pber
ID: 16995788
Try the following vbs Script...

path = "c:\"
Const oldOwner = "BUILTIN\Administrators"
Const newOwner = "domain\user"

'do not change below this point


Recurse(path)

Public Sub Recurse(path)
      Set fso = CreateObject("Scripting.FileSystemObject")
      Set fldr = fso.GetFolder(path)

      dim subfolders,files,folder,file
       Set subfolders = fldr.SubFolders
       Set files = fldr.files
       
         'Display the path and all of the folders.
         Wscript.Echo ""
         Wscript.Echo fldr.Path
         For Each folder in subfolders
            Wscript.Echo folder.path
            'WScript.Echo folder.path
               setOwner oldOwner,newOwner,folder.path
         Next
 
   'Display all of the files.
       For Each file in files
               wscript.echo file.path
           setOwner oldOwner,newOwner,file.path
           
       Next  
   'Recurse all of the subfolders.
       For Each folder in subfolders
          Recurse folder
       Next  
       Set subfolders = Nothing
         Set files = Nothing
End Sub


Sub setOwner(oldOwner,newOwner,path)
      Dim dACL, ace, sd
      
      Set sec = CreateObject("AdsSecurity")
      Set sd = sec.GetSecurityDescriptor("FILE://" & path)
      Set dACL = sd.DiscretionaryAcl
      WScript.Echo " - Old Owner: " & sd.owner
      
      If lcase(sd.owner) = lcase(oldOwner) Then
            'WScript.Echo " - Old Owner: " & sd.owner
            WScript.Echo " - New Owner: " & newOwner
            sd.owner = newOwner
             sd.DiscretionaryAcl = dACL
             sec.SetSecurityDescriptor sd
      End if
       
       Set dACL = nothing
       Set sd = Nothing
       Set sec = nothing
 End sub
0
 
LVL 26

Expert Comment

by:Pber
ID: 16996207
Sorry failed to mention you'll need to install the AdsSecurity.dll

http://download.microsoft.com/msdownload/adsi/2.5/sdk/x86/en/Sdk.zip
0
 
LVL 3

Author Comment

by:hberenson
ID: 16996759
It runs ok, echos appropriately when a match is found, but doesn't actually seem to change the ownership.
0
 
LVL 26

Expert Comment

by:Pber
ID: 16997844
Hmmm interesting.  It was working for me.  I'll take a look when I get back to work... maybe I trimmed something out before I posted it
0
 
LVL 26

Expert Comment

by:Pber
ID: 17000874
It would seem the problem is a priviledge level to be able to set the owner.  You can only take ownership yourself or you can set it to the builtin\administrators.

See this article from microsoft:
http://support.microsoft.com/?kbid=318744

Unfortunately you can't do this in vbs, only vb.

You said the xcacls.vbs file changed your ownership.  Did it set it to the owner you wanted or to your userid?
0
 
LVL 3

Author Comment

by:hberenson
ID: 17001000
I didn't actually run xcacls.vbs, just looked at it.  I am able to change the owner to whatever I want from Explorer.  The account I'm using for all of this is an Administrator account.
0
 
LVL 26

Expert Comment

by:Pber
ID: 17001345
Are you familiar with programming?  Do you have VB6?
0
 
LVL 26

Accepted Solution

by:
Pber earned 2000 total points
ID: 17002097
Try using subinacl.exe - download the latest version from microsoft (as the !@#$!@# old one doesn't work): http://www.microsoft.com/downloads/details.aspx?FamilyId=E8BA3E56-D8FE-4A91-93CF-ED6985E3927B&displaylang=en


Then use the following script ro run it:


path = "c:\"
Const oldOwner = "BUILTIN\Administrators"
Const newOwner = "domain\user"

'do not change below this point


Recurse(path)

Public Sub Recurse(path)
     Set fso = CreateObject("Scripting.FileSystemObject")
     Set fldr = fso.GetFolder(path)

     dim subfolders,files,folder,file
      Set subfolders = fldr.SubFolders
      Set files = fldr.files
     
        'Display the path and all of the folders.
        Wscript.Echo ""
        Wscript.Echo fldr.Path
        For Each folder in subfolders
           Wscript.Echo folder.path
           'WScript.Echo folder.path
             setOwner oldOwner,newOwner,folder.path
        Next
 
   'Display all of the files.
      For Each file in files
             wscript.echo file.path
          setOwner oldOwner,newOwner,file.path
         
      Next  
   'Recurse all of the subfolders.
      For Each folder in subfolders
         Recurse folder
      Next  
      Set subfolders = Nothing
        Set files = Nothing
End Sub

 Sub setOwner(oldOwner,newOwner,path)
    Set sec = CreateObject("AdsSecurity")      
    Set sd = sec.GetSecurityDescriptor("FILE://" & path)
    WScript.Echo " - Old Owner: " & sd.owner
     
    If lcase(sd.owner) = lcase(oldOwner) Then
        WScript.Echo " - New Owner: " & newOwner
        Set CommandLine = CreateObject("WScript.Shell")
        commandline.run "subinacl /file " & path & " /setowner=" & newOwner
    End if
     
    Set sd = Nothing
    Set sec = nothing
 End Sub
 
0
 
LVL 3

Author Comment

by:hberenson
ID: 17002181
Oh I think I can program a bit :-)  Let me try your last example, and if that doesn't work I'll go ahead and write something.
0
 
LVL 26

Expert Comment

by:Pber
ID: 17019337
Did you ever get this working?
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question