Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 367
  • Last Modified:

Need script to set ownership of folders & give admin full rights

I manage a Terminal server farm that utilizes group policies to redirect Desktop, Application Data, My Documents, and start menu. The group policy is failing to execute after working for 5 years. I found I had to make users owners of their home folders when I originally set up this policy. One caveat was the admin does not have permissions to access some folders because of it. I am not entirely sure why we are having the problem, but I need to start by setting users so they own their folder and all subfolders, and secondly, set permissions so the administrator has full control of the same folders. Years back I used xcacls , but I must have the syntax wrong, and cannot get it to work. It may be that the admin needs to first assume ownership of the user folder, then assign full control and ownership to the user.

I need help asap on this.


Thank you
0
tamray_tech
Asked:
tamray_tech
1 Solution
 
delyan_valchevCommented:
Hi,
For all the ACL stuff I use the great program SetACL (http://setacl.sourceforge.net). The syntax is quite peculiar to get used to but it's very powerful. Here is how you can do your task (assume that the users home folders are located in \\myserver\users\):
1. Setting the correct owner:
setacl -on \\myserver\users\<username> -ot file -actn setowner -ownr "n:mydomain\<username>;s:n"
2. Adding Administrators/FULL access to the folder:
setacl -on \\myserver\users\<username> -ot file -actn ace -ace "n:Administrators;p:write,del_child,write_owner,write_dacl,delete;i:so,sc;m:grant;w:dacl"
Hope it helps!
0
 
akrdmCommented:
Here is a microsoft linke that talks about how to take ownership of files and folders.  Hope this helps
http://support.microsoft.com/kb/320046
0
 
tamray_techAuthor Commented:
I would rather have something like an xcacls command. This script does not indicate it is for 2003 server
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
delyan_valchevCommented:
You cannot use cacls or xcacls to change the ownership. You can use either use third party tool like SetACL or the Perl script akrdm suggested safely on 2003.
0
 
Shift-3Commented:
If you're uncomfortable with third-party tools, you can take ownership and set permissions using the Microsoft utility SubinACL, e.g.


subinacl /file "c:\files" /setowner=youraccount
subinacl /subdirectories "c:\files\*" /setowner=youraccount

Open in new window

0
 
tamray_techAuthor Commented:
This answer was correct for my question. However, I prefer the SubInACL.exe answer, since it does not rely on third party tools.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Tackle projects and never again get stuck behind a technical roadblock.
Join Now