Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Problem setting ownership with xcacls.vbs - "this security ID may not be assigned as the owner of this object (Error 543)"

Posted on 2009-03-31
5
Medium Priority
?
2,146 Views
Last Modified: 2012-05-06
When attempting to fix permissions on a roaming profiles share.

I first took ownership of all files + subfolders for the administrator.
then edited the ACL to grant "domain admins" full control of all the folders.

When trying to change the ownership back to the original owners, i'm getting:

Error: This security ID may not be assigned as the owner of this object. (Msg#54
3)

when checking permissions via the GUI, the user account has full control.

the command being run is

cscript %systemroot%\system32\xcacls.vbs folder /E /O DOMAIN\user /F /T

any ideas?
based on http://support.microsoft.com/kb/825751 the syntax seems correct, NTFS perms should allow the owner to be changed to that user.





0
Comment
Question by:jspaziano
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
5 Comments
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 24035431
Try the script from here


 http://wasteil.blogspot.com/2007/04/reset-permissions-home-folder.html

'============================================================================
' VBScript Source File
' NAME: Permissions Home Folder
' AUTHOR: Ruudvdh (WASTEIL)
' WEBSITE : http://wasteil.blogspot.com
' DATE  : 19-3-2007
' COMMENT: This script changes the permissions of all the subfolders in the
' specified folders. It uses the folder name and matches this with a username
' in Active Directory. Therefore the foldername must be equal to the username.
'
' Permissions  (See CONST UsrPerm1 & UsrPerm2:
' R = Read
' C = Change (write)
' F = Full control
' P = Change Permissions (Special access)
' O = Take Ownership (Special access)
' X = EXecute (Special access)
' E = REad (Special access)
' W = Write (Special access)
' D = Delete (Special access)
'
' !!!NEEDED PROGRAMS!!!
' XCACLS.EXE 
' This program is part of the Support Tools
' DOWNLOAD: 
' http://support.microsoft.com/kb/892777
'
'============================================================================
 
' DECLARING VARIABLES
Option Explicit
DIM Commando, Counter, Domain 
DIM Folder, iReturn, objFSO
DIM objShell, objSysInfo, rootFolder
DIM strFolder, strUser, SubFolders
 
' INSTANTIATING AN OBJECT PART1
SET objSysInfo     =     CreateObject("ADSystemInfo")
SET objFSO         =     CreateObject("Scripting.FileSystemObject")
SET objShell     =     wscript.createObject("wscript.shell")
 
' ASSIGNING VALUES TO VARIABLES
strFolder     =    Lcase(Inputbox(Ucase("Enter path Home folder") &VbCr &VbCr _
                &"Use the following syntax:" &VbCr _
                &"D:\Users\","Home-Folder","D:\Users\"))
Domain        =    objSysInfo.ForestDNSName & "\"
 
' INSTANTIATING AN OBJECT PART2
SET rootFolder     =     objFSO.GetFolder(strFolder)
SET SubFolders     =     rootFolder.SubFolders
 
' ASSIGNING VALUES TO CONSTANTS
' INFO: You can find the possible permissions in the comment
CONST Usr1        =    "Domain Admins" 
CONST UsrPerm1    =    "F"
CONST UsrPerm2    =    "RWC"
 
'================================CODE=========================================
 
IF objFSO.FolderExists(strFolder) THEN
    FOR Each Folder In SubFolders
        strUser     =     replace(Lcase(Folder),strFolder,"")
        commando     =     "xcacls " &Folder &" /g ""Domain Admins"":" &UsrPerm1 _ 
                        &" """ &Domain &strUser &""":" &UsrPerm2 &" /T /C /Y"
        iReturn     =     objShell.Run(commando)
        Counter     =     Counter + 1
        ' This sleep is specially done to not overload the system with 
        ' xcacls screens.
        wscript.sleep 1500
    NEXT
    wscript.echo "Finished!" &VBCR &Counter &" folders are reset."
ELSE
    wscript.Echo "Folder: " &Ucase(strFolder) &"  doesn't exist." &VbCr _
    &"Verify the location and try again."
    END IF
 
SET objSysInfo     =     NOTHING
SET objFSO         =     NOTHING
SET objShell     =     NOTHING
SET rootFolder     =     NOTHING
SET SubFolders     =     NOTHING
'=============================END=OF=CODE=====================================
wscript.quit

Open in new window

0
 
LVL 2

Author Comment

by:jspaziano
ID: 24035450
thanks,

i'll do testing with that.

This is driving me nuts.

from what i can tell, it SHOULD work OK but isn't.
The users have rights to be assigned perms to that folder, etc.

What i'm really doing.

is i dumped a list of all the subfolders of the profiles share.

i.e. dir /B > dirlist.txt

then am running this;

for /F %i in (dirlist.txt) do cscript %systemroot%\system32\xcacls.vbs %i /E /O DOMAIN\user /F /T

which basically runs the command noted in my original post for each subfolder and all the files and folders within it.

i've done some google searches and it seems that the xcacls.vbs supplied by microsoft may be buggy.
0
 
LVL 2

Author Comment

by:jspaziano
ID: 24035456
actually the script is

for /F in (dirlist.txt) do cscript %systemroot%\system32\xcacls.vbs %i /E /O DOMAIN\%i /F /T

0
 
LVL 2

Author Comment

by:jspaziano
ID: 24035470
sorry for all the typos.

for /F %i in (dirlist.txt) do cscript %systemroot%\system32\xcacls.vbs %i /E /O DOMAIN\%i /F /T
0
 
LVL 2

Accepted Solution

by:
jspaziano earned 0 total points
ID: 24115641
it was determined that xcacls.vbs is buggy and does not always work as expected.

The script given here did not help me as i had vista profiles that have .V2 in the name and that script always expects that the folder name matches the users' name.

I wound up just setting ownership to "domain admins" as that did work and it was acceptable as far as roaming profile permissions were concerned.
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows how to use a free utility called 'Parkdale' to easily test the performance and benchmark any Hard Drive(s) installed in your computer. We also look at RAM Disks and their speed comparisons.
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question