The only alternative that I know about is SetACL (https://helgeklein.com/setacl/ but it seems ist as old as subinacl.

Never tried if you could achieve similar things with Windows PowerShell but I'd expect that you can replace subinacl with some scripting.

Please give an example of a command that does not work as expected with subinacl and name the OS Win10 version (10240, 1511, 1607?) that you are using, please.

it is getting hung on Cortana translation in Windows 10. In particular, it gets hung on interactive user.


C:\Users\john.doe\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\RZUQKOVI\4\a669bb36[1].js : 1 change(s)
C:\Users\john.doe\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\RZUQKOVI\4\ab445dca[1].js : new ace for testtarget\john.doe
C:\Users\john.doe\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\RZUQKOVI\4\ab445dca[1].js : 1 change(s)
C:\Users\john.doe\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\RZUQKOVI\4\appcache[1].man : new ace for testtarget\john.doe
C:\Users\john.doe\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\RZUQKOVI\4\appcache[1].man : 1 change(s)
C:\Users\john.doe\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\RZUQKOVI\4\container.dat : new ace for testtarget\john.doe
C:\Users\john.doe\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\RZUQKOVI\4\container.dat : 1 change(s)
C:\Users\john.doe\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\RZUQKOVI\4\d64c2fba[1].css : new ace for testtarget\john.doe
C:\Users\john.doe\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\RZUQKOVI\4\d64c2fba[1].css : 1 change(s)
C:\Users\john.doe\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\RZUQKOVI\4\Init[1].htm : new ace for testtarget\john.doe
C:\Users\john.doe\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\RZUQKOVI\4\Init[1].htm : 1 change(s)
C:\Users\john.doe\AppData\Local\Packages\Microsoft.Windows.

this is the anniversary edition Windows 10 14393 build

I believe subinacl.exe was not updated because the built-in icacls.exe should do much of what it used to do and you don't have to go download it.

Please tell me the command itself. You only quoted the output of the command.

Command line:
"C:\Windows\TEMP\SubInAcl.exe"  /outputlog="C:\Windows\TEMP\SubInACL.txt" /playfile "C:\Windows\TEMP\MSM-WMS\SubInACL_cmd.txt"

Let me know if this is it.

Look, still I cannot see what is inside the playfile, so it needs to be quoted as well.
Or better, give a simple example of something that fails.

Here you go. See attached. this is the log of subinacle that failed at Cortana for interactive user. This user was logged in. It is at the very end.
subinaclFailedonCortana.txt

Let me know if you also want a successful Log were it didn't hang and finished. Like I said it is intermittent. Sometimes it works and sometimes it doesn't.

Do you know what is the best approach to organize this data into readable format so that I can understand what permissions are changed and were?


Once I know what and were we need to modify, then at least I know what script is needed.

 Also, need to learn what changes have been made to security in Win 10 so that the right script can be found that does security translation.

Please help.
thank you very much.

Again... please upload the playfile. It is C:\Windows\TEMP\MSM-WMS\SubInACL_cmd.txt

here it is
SubinACL_cmd.txt

Hey McKnife, you are the best!! thank you so much! I didn't know you could generate playfile! I used the existing subinacle_cmd and it worked because it was on the same computer. But now with your help I was able to generate a new playfile and test it a different way.

So, I ran it and it failed on Cortana step as well.

Could you please check out my other related question that I just opened. Thank you again.