Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Newer Security translation tools alike subinacl for Windows 10

Posted on 2016-11-02
14
Medium Priority
?
225 Views
Last Modified: 2016-11-08
Hello,
We are using subinacle for security translation of files. it is an old version and doesn't look that Microsoft updated this tool since 2012.

Does anyone know is there any newer tools available that do the same thing - Migrate security information about objects, replace the security information, etc


https://www.microsoft.com/en-us/download/details.aspx?id=23510
0
Comment
Question by:creative555
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
14 Comments
 
LVL 29

Expert Comment

by:Michael Pfister
ID: 41870434
The only alternative that I know about is SetACL (https://helgeklein.com/setacl/ but it seems ist as old as subinacl.

Never tried if you could achieve similar things with Windows PowerShell but I'd expect that you can replace subinacl with some scripting.
0
 
LVL 56

Expert Comment

by:McKnife
ID: 41871156
Please give an example of a command that does not work as expected with subinacl and name the OS Win10 version (10240, 1511, 1607?) that you are using, please.
0
 

Author Comment

by:creative555
ID: 41871175
it is getting hung on Cortana translation in Windows 10. In particular, it gets hung on interactive user.


C:\Users\john.doe\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\RZUQKOVI\4\a669bb36[1].js : 1 change(s)
C:\Users\john.doe\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\RZUQKOVI\4\ab445dca[1].js : new ace for testtarget\john.doe
C:\Users\john.doe\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\RZUQKOVI\4\ab445dca[1].js : 1 change(s)
C:\Users\john.doe\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\RZUQKOVI\4\appcache[1].man : new ace for testtarget\john.doe
C:\Users\john.doe\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\RZUQKOVI\4\appcache[1].man : 1 change(s)
C:\Users\john.doe\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\RZUQKOVI\4\container.dat : new ace for testtarget\john.doe
C:\Users\john.doe\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\RZUQKOVI\4\container.dat : 1 change(s)
C:\Users\john.doe\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\RZUQKOVI\4\d64c2fba[1].css : new ace for testtarget\john.doe
C:\Users\john.doe\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\RZUQKOVI\4\d64c2fba[1].css : 1 change(s)
C:\Users\john.doe\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\RZUQKOVI\4\Init[1].htm : new ace for testtarget\john.doe
C:\Users\john.doe\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache\RZUQKOVI\4\Init[1].htm : 1 change(s)
C:\Users\john.doe\AppData\Local\Packages\Microsoft.Windows.
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 

Author Comment

by:creative555
ID: 41871176
this is the anniversary edition Windows 10 14393 build
0
 
LVL 30

Expert Comment

by:serialband
ID: 41871191
I believe subinacl.exe was not updated because the built-in icacls.exe should do much of what it used to do and you don't have to go download it.
0
 
LVL 56

Expert Comment

by:McKnife
ID: 41871207
Please tell me the command itself. You only quoted the output of the command.
0
 

Author Comment

by:creative555
ID: 41871295
Command line:
"C:\Windows\TEMP\SubInAcl.exe"  /outputlog="C:\Windows\TEMP\SubInACL.txt" /playfile "C:\Windows\TEMP\MSM-WMS\SubInACL_cmd.txt"

Let me know if this is it.
0
 
LVL 56

Expert Comment

by:McKnife
ID: 41871298
Look, still I cannot see what is inside the playfile, so it needs to be quoted as well.
Or better, give a simple example of something that fails.
0
 

Author Comment

by:creative555
ID: 41871485
Here you go. See attached. this is the log of subinacle that failed at Cortana for interactive user. This user was logged in. It is at the very end.
subinaclFailedonCortana.txt
0
 

Author Comment

by:creative555
ID: 41871493
Let me know if you also want a successful Log were it didn't hang and finished. Like I said it is intermittent. Sometimes it works and sometimes it doesn't.

Do you know what is the best approach to organize this data into readable format so that I can understand what permissions are changed and were?


Once I know what and were we need to modify, then at least I know what script is needed.

 Also, need to learn what changes have been made to security in Win 10 so that the right script can be found that does security translation.

Please help.
thank you very much.
0
 
LVL 56

Expert Comment

by:McKnife
ID: 41871669
Again... please upload the playfile. It is C:\Windows\TEMP\MSM-WMS\SubInACL_cmd.txt
0
 

Author Comment

by:creative555
ID: 41872802
here it is
SubinACL_cmd.txt
0
 
LVL 56

Accepted Solution

by:
McKnife earned 2000 total points
ID: 41872847
Finally :-)
Ok, there is something wrong with your playfile, or at least it seems. Let's start by comparing our subinacl versions. Mine, when called by
subinacl /?
returns
SubInAcl version 5.2.3790.1180
Then, I created a playfile from a user profile folder (c:\users\admin) and I will quote some lines to make you aware how I think a playfile should look like:
=============================
+File C:\users\admin\AppData
=============================
/control=0x800
/owner             =zehn\admin
/primary group     =system
/audit ace count   =0
/perm. ace count   =3
/pace =system  Type=0x0 Flags=0x3 AccessMask=0x1f01ff
/pace =builtin\administrators  Type=0x0 Flags=0x3 AccessMask=0x1f01ff
/pace =zehn\admin  Type=0x0 Flags=0x3 AccessMask=0x1f01ff

==============================================
+ReparsePoint C:\users\admin\Application Data
==============================================
/control=0x800
/owner             =zehn\admin
/primary group     =system
/audit ace count   =0
/perm. ace count   =3
/pace =system  Type=0x0 Flags=0x3 AccessMask=0x1f01ff
/pace =builtin\administrators  Type=0x0 Flags=0x3 AccessMask=0x1f01ff
/pace =zehn\admin  Type=0x0 Flags=0x3 AccessMask=0x1f01ff
...

Open in new window

I created the playfile like this:
subinacl /noverbose /nostatistic /outputlog=d:\temp\playfile.txt /subdirectories "C:\users\admin\*.*" /display

Open in new window

Please compare to how you created your playfile.
0
 

Author Closing Comment

by:creative555
ID: 41879435
Hey McKnife, you are the best!! thank you so much! I didn't know you could generate playfile! I used the existing subinacle_cmd and it worked because it was on the same computer. But now with your help I was able to generate a new playfile and test it a different way.

So, I ran it and it failed on Cortana step as well.

Could you please check out my other related question that I just opened. Thank you again.
0

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are times when we need to generate a report on the inbox rules, where users have set up forwarding externally in their mailbox. In this article, I will be sharing a script I wrote to generate the report in CSV format.
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
In this video, viewers will be given step by step instructions on adjusting mouse, pointer and cursor visibility in Microsoft Windows 10. The video seeks to educate those who are struggling with the new Windows 10 Graphical User Interface. Change Cu…
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question