Need a tool to clear share permissions on Windows NT

File Server: WINDOWS NT Server
-----------------------------------------
Hi

I have a Windows NT Server which also acts as a file server. We have about 200 user home directories which are individually shared. Currently we are migrating the domain and the user accounts have been created in the new domain. My boss has asked me to reassign the share level permissions on these 200 home folders so that

1. Only the user has change access (account from Old domain)
2. Domain Admins have Full access (from old domain)
3. The user has change access (accout from new domain)
4. Delegated Group in AD (from new domain) has Full access

Now the trouble is, a lot of these shares have incosistent permissioning. The users had Full control earlier and because of that they started giving permissions to others. So its a real mess. I have the old user and new user accounts from 2 domains in a text file, I have all the share names and paths in the text file and what I want to do is go one by one on each share and clear all the ACE from shares. Then assign the above 4 ACEs. Obviously I want to script this operation however my problem is this

RMTSHARE - works good for assigning and removing specific SIDs but desn't give me to option to clear all ACEs from share.

SUBINACL - I used the version 5. something and it doesn't work on NT. the earlier version doesn't seem to have the /SHARE option.

So how what tool can I use to clear all ACEs in share ? (Note: This question is for share permissions only, please donot reply with solutions like Xcacls etc. I'm not doing anything on NTFS side right now)
Also I dodnot need the script. If anyone knows any tool I can use to clear ACEs? thats what I would like to know. Thanks, Gaurang
gtrivediAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

gtrivediAuthor Commented:
ok I think I got the solution. Simply using the /remove switch will clear all ACEs but will add everyone to Full control. So having a combination will achive what is required.

RMTSHARE \\SERVER\SHARE$ /REMOVE '
RMTSHARE \\SERVER\SHARE$ /GRANT DOM1\USER1:F'
........
RMTSHARE RMTSHARE \\SERVER\SHARE$ /REMOVE EVERYONE '


0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows OS

From novice to tech pro — start learning today.