After reading this article - http://www.experts-exchange.com/articles/17526/Windows-File-Server-Folder-ownership-problems-and-resolution.html
- I found this utility - https://helgeklein.com/setacl/
that has a ton of features such as allowing one to assign static permissions to an existing ACL without affecting existing folder permissions, inheritance or ownership settings as an alternative to taking ownership of a folder and breaking existing permissions.
For example, for a directory that I did not have access to even as a Domain Admin, the command:
setacl -on "D:\example" -ot file -actn ace -ace "n:Domain Admins;p:full"
added Full Control permissions for the Domain Admin group to the D:\example folder.
I have several deep folder structures that have horribly broken permissions (a scenario I have inherited) and I have to migrate these files and folders with the EOL of Windows Server 2003. I don't want to break any of the existing permissions as these are going to eventually be completely redone, but access is otherwise what it's supposed to be. I obviously need permissions to the folders that I can't get to in order to perform the migration.
With the idea of inheritance, I don't want to change that, or ownership, on any existing folders, but still need to somehow add and propagate the single permission of Full Control of Domain Admins to each folder within entire folder structure.
Having come across this tool, I thought it might be possible to possibly script this to assign Full Control to Domain Admins to any folder without affecting the existing permissions, folder inheritance or ownership settings.
I have seen references to other tools such as ICACLS, but don't know if that is appropriate for what I'm attempting to accomplish. I would appreciate any insight on this matter as I don't have a lot of experience with tools like these. I already have a Robocopy script put together to copy the files. I'm just trying to get passed the dreaded 'Access Denied' problems that are inevitable.
Thank you in advance.