Improve company productivity with a Business Account.Sign Up

x
?
Solved

Problem setting ownership with xcacls.vbs - "this security ID may not be assigned as the owner of this object (Error 543)"

Posted on 2009-03-31
5
Medium Priority
?
2,168 Views
Last Modified: 2012-05-06
When attempting to fix permissions on a roaming profiles share.

I first took ownership of all files + subfolders for the administrator.
then edited the ACL to grant "domain admins" full control of all the folders.

When trying to change the ownership back to the original owners, i'm getting:

Error: This security ID may not be assigned as the owner of this object. (Msg#54
3)

when checking permissions via the GUI, the user account has full control.

the command being run is

cscript %systemroot%\system32\xcacls.vbs folder /E /O DOMAIN\user /F /T

any ideas?
based on http://support.microsoft.com/kb/825751 the syntax seems correct, NTFS perms should allow the owner to be changed to that user.





0
Comment
Question by:jspaziano
  • 4
5 Comments
 
LVL 48

Expert Comment

by:Don
ID: 24035431
Try the script from here


 http://wasteil.blogspot.com/2007/04/reset-permissions-home-folder.html

'============================================================================
' VBScript Source File
' NAME: Permissions Home Folder
' AUTHOR: Ruudvdh (WASTEIL)
' WEBSITE : http://wasteil.blogspot.com
' DATE  : 19-3-2007
' COMMENT: This script changes the permissions of all the subfolders in the
' specified folders. It uses the folder name and matches this with a username
' in Active Directory. Therefore the foldername must be equal to the username.
'
' Permissions  (See CONST UsrPerm1 & UsrPerm2:
' R = Read
' C = Change (write)
' F = Full control
' P = Change Permissions (Special access)
' O = Take Ownership (Special access)
' X = EXecute (Special access)
' E = REad (Special access)
' W = Write (Special access)
' D = Delete (Special access)
'
' !!!NEEDED PROGRAMS!!!
' XCACLS.EXE 
' This program is part of the Support Tools
' DOWNLOAD: 
' http://support.microsoft.com/kb/892777
'
'============================================================================
 
' DECLARING VARIABLES
Option Explicit
DIM Commando, Counter, Domain 
DIM Folder, iReturn, objFSO
DIM objShell, objSysInfo, rootFolder
DIM strFolder, strUser, SubFolders
 
' INSTANTIATING AN OBJECT PART1
SET objSysInfo     =     CreateObject("ADSystemInfo")
SET objFSO         =     CreateObject("Scripting.FileSystemObject")
SET objShell     =     wscript.createObject("wscript.shell")
 
' ASSIGNING VALUES TO VARIABLES
strFolder     =    Lcase(Inputbox(Ucase("Enter path Home folder") &VbCr &VbCr _
                &"Use the following syntax:" &VbCr _
                &"D:\Users\","Home-Folder","D:\Users\"))
Domain        =    objSysInfo.ForestDNSName & "\"
 
' INSTANTIATING AN OBJECT PART2
SET rootFolder     =     objFSO.GetFolder(strFolder)
SET SubFolders     =     rootFolder.SubFolders
 
' ASSIGNING VALUES TO CONSTANTS
' INFO: You can find the possible permissions in the comment
CONST Usr1        =    "Domain Admins" 
CONST UsrPerm1    =    "F"
CONST UsrPerm2    =    "RWC"
 
'================================CODE=========================================
 
IF objFSO.FolderExists(strFolder) THEN
    FOR Each Folder In SubFolders
        strUser     =     replace(Lcase(Folder),strFolder,"")
        commando     =     "xcacls " &Folder &" /g ""Domain Admins"":" &UsrPerm1 _ 
                        &" """ &Domain &strUser &""":" &UsrPerm2 &" /T /C /Y"
        iReturn     =     objShell.Run(commando)
        Counter     =     Counter + 1
        ' This sleep is specially done to not overload the system with 
        ' xcacls screens.
        wscript.sleep 1500
    NEXT
    wscript.echo "Finished!" &VBCR &Counter &" folders are reset."
ELSE
    wscript.Echo "Folder: " &Ucase(strFolder) &"  doesn't exist." &VbCr _
    &"Verify the location and try again."
    END IF
 
SET objSysInfo     =     NOTHING
SET objFSO         =     NOTHING
SET objShell     =     NOTHING
SET rootFolder     =     NOTHING
SET SubFolders     =     NOTHING
'=============================END=OF=CODE=====================================
wscript.quit

Open in new window

0
 
LVL 2

Author Comment

by:jspaziano
ID: 24035450
thanks,

i'll do testing with that.

This is driving me nuts.

from what i can tell, it SHOULD work OK but isn't.
The users have rights to be assigned perms to that folder, etc.

What i'm really doing.

is i dumped a list of all the subfolders of the profiles share.

i.e. dir /B > dirlist.txt

then am running this;

for /F %i in (dirlist.txt) do cscript %systemroot%\system32\xcacls.vbs %i /E /O DOMAIN\user /F /T

which basically runs the command noted in my original post for each subfolder and all the files and folders within it.

i've done some google searches and it seems that the xcacls.vbs supplied by microsoft may be buggy.
0
 
LVL 2

Author Comment

by:jspaziano
ID: 24035456
actually the script is

for /F in (dirlist.txt) do cscript %systemroot%\system32\xcacls.vbs %i /E /O DOMAIN\%i /F /T

0
 
LVL 2

Author Comment

by:jspaziano
ID: 24035470
sorry for all the typos.

for /F %i in (dirlist.txt) do cscript %systemroot%\system32\xcacls.vbs %i /E /O DOMAIN\%i /F /T
0
 
LVL 2

Accepted Solution

by:
jspaziano earned 0 total points
ID: 24115641
it was determined that xcacls.vbs is buggy and does not always work as expected.

The script given here did not help me as i had vista profiles that have .V2 in the name and that script always expects that the folder name matches the users' name.

I wound up just setting ownership to "domain admins" as that did work and it was acceptable as far as roaming profile permissions were concerned.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

A simple method to resolve a "keyboard not working" problem by modifying the Windows registry. This issue can often be encountered after using the VMware vCenter Converter Standalone Agent to perform a Physical-to-Virtual (P2V) conversion process.
In a question here at Experts Exchange, a member was looking for "a little app that would allow sound to be turned OFF and ON by simply clicking on an icon in the system tray". This article shows how to achieve that, as well as providing the same OF…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

584 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question