[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4647
  • Last Modified:

Using XCACLS to Add Permissions to Profiles or Take Ownership

Hello,

I have a roaming profile directory \\servername\profiles where our users are storing their profiles.  The profiles are contained in Directories that are username.domain style.  I am having problems with various files in these directories that I would like to remove.  I do not have access or ownership of these directories.  I have tried to use XCACLS to add servername\administrators group.  I have included the command below.  I do not want to destroy the permissions that are assigned, however, I would like to add administrators to the profiles so that I can remove a few problem files that are replicated back to the user and causing problems.  The account that I am performing this under is a Domain Admin account.

c:\windows\system32\cscript.exe c:\tools\xcacls.vbs "erictest.DOMAIN" /E /G servername\administrators:F;F /F /T /S

The result is as follows
D:\DFS\profiles>c:\windows\system32\cscript.exe c:\tools\xcacls.vbs "erictest.DOMAIN" /E /G servername\administrators:F;F /F /T /S
Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.

Starting XCACLS.VBS (Version: 5.2) Script at 11/30/2007 4:45:57 PM

Startup directory:
"D:\DFS\profiles"

Arguments Used:
        Filename = "erictest.DOMAIN"
        /F (All Files under current directory)
        /S (All Sub Directories under current directory)
        /T (Traverse Directories)
        /E (Edit ACL leaving other users intact)
        /G (Grant rights)
                servername\administrators:F;F


 - Changing /G user/group: "servername\administrators" to "BUILTIN\Administrators"


**************************************************************************
Directory: D:\DFS\profiles\erictest.MVGAD
Error -2147217406:  occurred setting Win32_LogicalFileSecuritySetting object. (M
sg#501)
Error description: Not found
**************************************************************************
Error 70:  occurred while in the DoTheWorkOnEverythingUnderDirectory routine. (M
sg#204)
Error description: Permission denied


Operation Complete
Elapsed Time: 0.3125 seconds.

Ending Script at 11/30/2007 4:45:57 PM



D:\DFS\profiles>

0
mdflannery
Asked:
mdflannery
2 Solutions
 
chandru_solCommented:
You can use setacl.exe for setting permission.

Download it from here. http://www.helge.mynetcologne.de/setacl/

regards
Chandru
0
 
deaditeCommented:
The problem is most likely caused from ownership.  Just take ownership of the root folder and all sub folder /files.  Then your script should work.  I do this to set permissions using XCACLS on over 1000 user folders, and here is the BAT script I use.  Just add/remove any additional users or groups you want on their folder
@echo off
 
setlocal
IF {%1}=={} GOTO bad
IF {%2}=={} GOTO bad
IF NOT EXIST %1 GOTO bad
IF {%3}=={} set perm=C&goto ok
if {%3}=={C} set perm=C&goto ok
if {%3}=={F} set perm=F&goto ok
goto bad
:ok
set pf=%1
set dom=%2
set pf=%pf:"=%
set dom=%dom:"=%
for /f "Tokens=*" %%a in ('dir "%pf%" /AD /B') do set user=%%a&call :parse
endlocal
GOTO :EOF
:bad
@echo Usage: SetPermStu "Drive:\Directory of Users Parent Folder" "NetBIOS Domain Name" [C or F]
@echo.
endlocal
goto :EOF
:parse
REM ============================================================================================================
REM Specify Permissions by Manually Adding Users with CACLS Commands and Auto Adds User Account by Folder Name:
REM ***** Edit User/Group Accounts
REM ============================================================================================================
for /f "Tokens=5*" %%c in ('echo Y^| cacls "%pf%\%user%" /T /G Administrators:F "Backup Operators":R "%dom%\%user%":%perm% "%dom%\Enterprise Admins":F "%dom%\Domain Admins":F') do @echo %%d

Open in new window

0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now