mdflannery
asked on
Using XCACLS to Add Permissions to Profiles or Take Ownership
Hello,
I have a roaming profile directory \\servername\profiles where our users are storing their profiles. The profiles are contained in Directories that are username.domain style. I am having problems with various files in these directories that I would like to remove. I do not have access or ownership of these directories. I have tried to use XCACLS to add servername\administrators group. I have included the command below. I do not want to destroy the permissions that are assigned, however, I would like to add administrators to the profiles so that I can remove a few problem files that are replicated back to the user and causing problems. The account that I am performing this under is a Domain Admin account.
c:\windows\system32\cscrip t.exe c:\tools\xcacls.vbs "erictest.DOMAIN" /E /G servername\administrators: F;F /F /T /S
The result is as follows
D:\DFS\profiles>c:\windows \system32\ cscript.ex e c:\tools\xcacls.vbs "erictest.DOMAIN" /E /G servername\administrators: F;F /F /T /S
Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.
Starting XCACLS.VBS (Version: 5.2) Script at 11/30/2007 4:45:57 PM
Startup directory:
"D:\DFS\profiles"
Arguments Used:
Filename = "erictest.DOMAIN"
/F (All Files under current directory)
/S (All Sub Directories under current directory)
/T (Traverse Directories)
/E (Edit ACL leaving other users intact)
/G (Grant rights)
servername\administrators: F;F
- Changing /G user/group: "servername\administrators " to "BUILTIN\Administrators"
************************** ********** ********** ********** ********** ********
Directory: D:\DFS\profiles\erictest.M VGAD
Error -2147217406: occurred setting Win32_LogicalFileSecurityS etting object. (M
sg#501)
Error description: Not found
************************** ********** ********** ********** ********** ********
Error 70: occurred while in the DoTheWorkOnEverythingUnder Directory routine. (M
sg#204)
Error description: Permission denied
Operation Complete
Elapsed Time: 0.3125 seconds.
Ending Script at 11/30/2007 4:45:57 PM
D:\DFS\profiles>
I have a roaming profile directory \\servername\profiles where our users are storing their profiles. The profiles are contained in Directories that are username.domain style. I am having problems with various files in these directories that I would like to remove. I do not have access or ownership of these directories. I have tried to use XCACLS to add servername\administrators group. I have included the command below. I do not want to destroy the permissions that are assigned, however, I would like to add administrators to the profiles so that I can remove a few problem files that are replicated back to the user and causing problems. The account that I am performing this under is a Domain Admin account.
c:\windows\system32\cscrip
The result is as follows
D:\DFS\profiles>c:\windows
Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.
Starting XCACLS.VBS (Version: 5.2) Script at 11/30/2007 4:45:57 PM
Startup directory:
"D:\DFS\profiles"
Arguments Used:
Filename = "erictest.DOMAIN"
/F (All Files under current directory)
/S (All Sub Directories under current directory)
/T (Traverse Directories)
/E (Edit ACL leaving other users intact)
/G (Grant rights)
servername\administrators:
- Changing /G user/group: "servername\administrators
**************************
Directory: D:\DFS\profiles\erictest.M
Error -2147217406: occurred setting Win32_LogicalFileSecurityS
sg#501)
Error description: Not found
**************************
Error 70: occurred while in the DoTheWorkOnEverythingUnder
sg#204)
Error description: Permission denied
Operation Complete
Elapsed Time: 0.3125 seconds.
Ending Script at 11/30/2007 4:45:57 PM
D:\DFS\profiles>
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.