Re: Restore file permissions using xcacls.exe

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 10/25/05

  • Next message: Paul Adare: "Re: Digital ID"
    Date: Tue, 25 Oct 2005 16:19:23 -0500
    
    

    It is a little late now but there are better ways to migrate permissions
    such as xcopy /o or Robocopy. From what I can see showacls does not
    accurately reflect special permissions as in exactly what it applies to as
    seen in the "apply onto" box in special permissions for folder only, files
    only, etc. You may have to make a best guess starting with conservative
    permissions for non default groups. System and administrators always have
    full control other the administrators may not have permissions to users
    profile or home folders. Users usually have full control permissions to
    their profile and home folders. Beyond that users usually have no more than
    read/list/execute permissions. Showacls /? will show more information about
    what its entries mean. It looks like d is read data and f might be file
    execute. --- Steve

    showacls /s /u:domain\user filespec

    /s include sub-directories
    /u specify domain\user

    ACE header values:

    0x1 - Object Inherit ACE
    0x2 - Container Inherit ACE
    0x4 - No Propagate Inherit ACE
    0x8 - Inherit Only ACE

    Access mask values:

    A Generic All l List Directory
    R Generic Read d Read Data
    W Generic Write S Synchronize
    X Generic Execute r File Read
    w File Write a File Append
    fx File Execute D Delete
    rE Read EA rW Write EA

    "Anekwe via WinServerKB.com" <u13021@uwe> wrote in message
    news:565d7fd8f3d64@uwe...
    > How does one restore file or folder permissions after an upgrade
    > completely?
    > I used showaccs.exe to download file permissions before a server rebuild.
    > Now I need to restore the permissions of all the files to their state
    > before
    > the rebuild. I was able to do for many, but some I'm having problems.
    > For
    > example, I have downloads like (+SPECIAL[f][d]) and
    > (-SPECIAL[f][d]+SPECIAL[f]
    > [d]) in which I can't figure out the codes to use in xcacls.exe to restore
    > the file. Can anyone help?
    >
    >
    > --
    > Message posted via WinServerKB.com
    > http://www.winserverkb.com/Uwe/Forums.aspx/windows-security/200510/1


  • Next message: Paul Adare: "Re: Digital ID"

    Relevant Pages

    • showacls limitations
      ... Windows 2000 Server Resource Kit? ... entire listing of permissions. ... There is limited information on the "showacls" tool... ...
      (microsoft.public.win2000.file_system)
    • Re: [opensuse] cifs files always created as owner root
      ... trying to set permissions and uids. ... This only works when uids are matched ... the samba server to manage permissions and ownership. ...
      (SuSE)
    • Re: [opensuse] cifs files always created as owner root
      ... How can I create files on the mount as user:group no matter who logs in? ... This only works when uids are matched among all workstations ... to attempt to manage permissions and UIDs of files it creates on a server share. ...
      (SuSE)
    • Re: Why my users cant change their home folder permissions while they ...
      ... If they want to change the permissions in order to accomplish ... sharing, then provide server based sharing areas that meet their ... permission on their home folders, but one day they told me ... can't change z: drive permissions. ...
      (microsoft.public.windows.server.security)
    • Re: Permissions
      ... to create the home folders manually and assign permissions ... >> What's the best approach to the following scenario? ... >> permissions for each user eclusively. ... >> with Win2K3 permissions. ...
      (microsoft.public.windows.file_system)