Re: subinacl: reordering ACEs
From: Alice (sungyan@bu.edu)
Date: 10/16/02
- Next message: Marlon Brown: "Deploying firewall, .msi GPO"
- Previous message: phoenix: "Re: Fake Net Sends"
- In reply to: Karl Levinson [x y] \(MVP\): "Re: subinacl: reordering ACEs"
- Next in thread: Karl Levinson [x y] \(MVP\): "Re: subinacl: reordering ACEs"
- Reply: Karl Levinson [x y] \(MVP\): "Re: subinacl: reordering ACEs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Alice" <sungyan@bu.edu> Date: Wed, 16 Oct 2002 13:18:11 -0700
Thanks for your replies.
-I can't use setacl.exe because what I really want to do
is to take ownership of the files/folders.
-Yes, I've tried SUBINACL and the problem is exactly what
you've described, having the pop-up box asking me if I
want to reorder the permissions. However, if I
hit "Cancel" instead of "OK", all the ACEs will be gone,
leaving "Everyone" full control to the files/folders.
It would be hazrous to leave the users themselves to
decide if they should like "OK" or "Cancel".
This problem only occurs when there are inherited ACEs in
the DACL since the directly applied ACEs are put to the
end of the DACL when SUBINACL is used. The directly
applied ACEs are supposed to be in front of the inherited
ACEs. Microsoft actually posted a script for reordering
the ACEs, but VB will have to be installed along with the
adsSecurity.dll.
http://support.microsoft.com/default.aspx?scid=KB;EN-
US;Q269159&
It would be nice if they've something that automatically
reorders the ACEs.
I'll give them a call...
>-----Original Message-----
>It sounds like you have already read article
>http://support.microsoft.com/default.aspx?scid=kb;en-
us;Q321557 which tells
>you how to contact Microsoft to try to request the fix
which is not
>completely ready for use. I just skimmed the article,
but it sounds to me
>like the problem is not necessarily with SUBINACL.EXE
but might also require
>changes to the NTFS drivers, registry, etc.
>
>Also, if this is the problem I'm thinking of, you should
still be able to
>use SUBINACL, you'll just get a popup box when you first
try to access the
>permissions screen for the file or directory, at which
point I believe the
>ACLs will be reordered for you. Again, I could be
wrong. Have you given it
>a try?
>
>I don't know if things have changed, but last time I
called trying to get
>files like this back in 1999, they wouldn't give them to
me. You should
>probably be prepared for a lot of questions and
documentation that you have
>already tried the workarounds they may suggest and that
they did not work.
>
>"This fix may receive additional testing. Therefore, if
you are not severely
>affected by this problem, Microsoft recommends that you
wait for the next
>Windows 2000 service pack that contains this fix."
>
>"Alice" <sungyan@bu.edu> wrote in message
>news:379401c2748c$0ec9e0f0$3aef2ecf@TKMSFTNGXA09...
>> I would like to know where I can get a copy of the
>> SUBINACL.EXE, version 2.6.0.1399. I current have the
>> Windows 2000 Resource Kit Supplement 1, but the
SUBINACL
>> tool is not up to date. I need the most recent version
>> in order to avoid the problem of the need to reorder
the
>> ACEs in the DACL due to the difference between the
>> inherited and directly applied ACEs, after changing the
>> ownership on the files/folders in a Windows 2000
server.
>>
>> --a-- W32i APP ENU 2.6.0.1399 shp 193,024 01-15-
>> 2002 subinacl.exe
>>
>> I couldn't find it from Microsoft's website or any
where
>> else online.
>>
>> Any help would be great!
>>
>
>
>.
>
- Next message: Marlon Brown: "Deploying firewall, .msi GPO"
- Previous message: phoenix: "Re: Fake Net Sends"
- In reply to: Karl Levinson [x y] \(MVP\): "Re: subinacl: reordering ACEs"
- Next in thread: Karl Levinson [x y] \(MVP\): "Re: subinacl: reordering ACEs"
- Reply: Karl Levinson [x y] \(MVP\): "Re: subinacl: reordering ACEs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
