Re: Folder Inheritance
From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 06/30/05
- Previous message: Roger Abell: "Re: Allowing a Domain User Admin Rights to a Couple of Domain Servers"
- In reply to: Damon Birrell: "Folder Inheritance"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 29 Jun 2005 21:02:50 -0700
FYI
I will be watching this thread very closely, and hope to see an MS response.
In the past I have attempted this a couple ways in script, adssecurity.dll,
Wmi
objects for the SD, etc. and all have found cases where they do not
correctly
detect the inheritance, especially if the disk had ever been touched once on
a time by NT 4. My current belief is one needs to do this with the w32 api
or the managed namespace.
-- Roger Abell Microsoft MVP (Windows Security) MCSE (W2k3,W2k,Nt4) MCDBA "Damon Birrell" <sophdamon.nospam@adsl.on.net> wrote in message news:%23cReOgJfFHA.3304@TK2MSFTNGP12.phx.gbl... > Howdy > > I rather urgently require a WSH VBS function to return whether or not a W2K3 > NTFS folder is inheriting its permissions from a parent folder. > I have scripts that audit folders using showacls, a script that parses the > audit logs for certain groups from one domain, and a third script that uses > xcacls.vbs to assign the permissions to the corresponding groups in another > domain. This is to aid a user migration process from one domain to another > as the ADMT tool does not migrate well known groups. i.e. we have NTFS > resources with permissions assigned to DOMAIN1\Domain Users. We would like > to grant the equivalent permissions to DOMAIN2\Domain Users and I can > achieve this with my current scripts. > > My problem is that the third script that calls the xcacls script is quite > dumb and doesnt take into account inheritance. As a result, the script takes > *many* hours to execute when really it just need to adjust permissions on > several of the several thousand folders and inheritance will take care of > the rest. At the moment it is attempting to adjust perms on every folder, > rather than the folders where inheritance is turned off. > > I dont mind using a a third party tool like setacl or something similar > (i.e. free :-). I need a function like: > > Function FolderInherits(sFolder) > > Returns True if sFolder inherits perms from its parent folder > Returns False if sFolder does not inherit perms from its parent folder > > End Function > > > step through the array of folders > if not FolderInherits(sFolder) > Perform the Xcacls stuff > end if > next > > > Can anyone help? It would be greatly appreciated! > > Regards > Damon > >
- Previous message: Roger Abell: "Re: Allowing a Domain User Admin Rights to a Couple of Domain Servers"
- In reply to: Damon Birrell: "Folder Inheritance"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
