Solved

Need script to set ownership of folders & give admin full rights

Posted on 2009-05-12
6
353 Views
Last Modified: 2012-05-06
I manage a Terminal server farm that utilizes group policies to redirect Desktop, Application Data, My Documents, and start menu. The group policy is failing to execute after working for 5 years. I found I had to make users owners of their home folders when I originally set up this policy. One caveat was the admin does not have permissions to access some folders because of it. I am not entirely sure why we are having the problem, but I need to start by setting users so they own their folder and all subfolders, and secondly, set permissions so the administrator has full control of the same folders. Years back I used xcacls , but I must have the syntax wrong, and cannot get it to work. It may be that the admin needs to first assume ownership of the user folder, then assign full control and ownership to the user.

I need help asap on this.


Thank you
0
Comment
Question by:tamray_tech
6 Comments
 
LVL 4

Expert Comment

by:delyan_valchev
ID: 24364972
Hi,
For all the ACL stuff I use the great program SetACL (http://setacl.sourceforge.net). The syntax is quite peculiar to get used to but it's very powerful. Here is how you can do your task (assume that the users home folders are located in \\myserver\users\):
1. Setting the correct owner:
setacl -on \\myserver\users\<username> -ot file -actn setowner -ownr "n:mydomain\<username>;s:n"
2. Adding Administrators/FULL access to the folder:
setacl -on \\myserver\users\<username> -ot file -actn ace -ace "n:Administrators;p:write,del_child,write_owner,write_dacl,delete;i:so,sc;m:grant;w:dacl"
Hope it helps!
0
 
LVL 6

Accepted Solution

by:
akrdm earned 500 total points
ID: 24364978
Here is a microsoft linke that talks about how to take ownership of files and folders.  Hope this helps
http://support.microsoft.com/kb/320046
0
 

Author Comment

by:tamray_tech
ID: 24365669
I would rather have something like an xcacls command. This script does not indicate it is for 2003 server
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 4

Expert Comment

by:delyan_valchev
ID: 24365837
You cannot use cacls or xcacls to change the ownership. You can use either use third party tool like SetACL or the Perl script akrdm suggested safely on 2003.
0
 
LVL 38

Expert Comment

by:Shift-3
ID: 24367112
If you're uncomfortable with third-party tools, you can take ownership and set permissions using the Microsoft utility SubinACL, e.g.


subinacl /file "c:\files" /setowner=youraccount

subinacl /subdirectories "c:\files\*" /setowner=youraccount

Open in new window

0
 

Author Closing Comment

by:tamray_tech
ID: 31580534
This answer was correct for my question. However, I prefer the SubInACL.exe answer, since it does not rely on third party tools.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Installing a printer using group policy preferences is not that hard let’s take a look at it. First lets open up your group policy console and edit the policy you want to add it to. I recommend creating a new policy for each printer makes it a l…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now