Re: Security identifiers

From: Roger Abell (mvpNOSPAM@asu.edu)
Date: 06/07/02 

From: "Roger Abell" <mvpNOSPAM@asu.edu>
Date: Fri, 7 Jun 2002 07:20:41 -0700

You probably need to first Take Ownership
since the Access Denied indicates the account
you are using to try this does not have sufficient
permissions granted to it. First read up on Taking
Ownership (search on it in Help), and then if in
Home do this from an F8 safemode boot.
Since the account is only showing as a SID use of an
account name, such as /R JOHN will not work.
I have setup a test and determined that this does not
accept use of the SID itself either.
So, this appears to mean that you need to locate the
points of security inheritance and make changes there
using the security dialog interface (again, in Home this
must be in a Safe mode boot).
When you Take Ownership, which should also be done
at the points of inheritance or above, you will be given
the option to have this recurse over the entire substructure,
and also to have this include a grant of access to the account
you are using. Allowing it to do this will then result in a
storage area with a new permission-set, and you will need
to then modify this to you needs, such as by adding the new
account that replaces the old John account. 

--
Roger Abell
MVP (Windows Platform)  Associate Expert
The Expert Zone - www.microsoft.com/windowsxp/expertzone
"John Martin" <john.martin@runbox.com> wrote in message
news:ae4701c20df9$2916e7e0$a5e62ecf@tkmsftngxa07...
> Roger,
>   thanks for the post, unfortunately on my system the
> workaround you suggested using cacls didnt work,
>
> C:\Documents and Settings>cacls "John Martin" /C /E /T /R
> JOHN
>
> ....
>  ACCESS_DENIED: C:\Documents and Settings\John Martin\My
> Documents\rel_650.pdf
>  ACCESS_DENIED: C:\Documents and Settings\John Martin\My
> Documents\Research
> processed dir: C:\Documents and Settings\John Martin\My
> Documents\Restored Files
>  ACCESS_DENIED: C:\Documents and Settings\John Martin\My
> Documents\Tesseract
>  ACCESS_DENIED: C:\Documents and Settings\John Martin\My
> Documents\Tesseract.directory
>  ACCESS_DENIED: C:\Documents and Settings\John Martin\My
> Documents\Test
>  ACCESS_DENIED: C:\Documents and Settings\John Martin\My
> Documents\utils
>  ACCESS_DENIED: C:\Documents and Settings\John Martin\My
> Documents\vr.exe
>  ACCESS_DENIED: C:\Documents and Settings\John Martin\My
> Documents\Web Page Wizard.doc
> processed dir: C:\Documents and Settings\John Martin\My
> Documents\Web Pages
>  ACCESS_DENIED: C:\Documents and Settings\John Martin\My
> Documents\Website2.doc
>  ACCESS_DENIED: C:\Documents and Settings\John Martin\My
> Documents\wmmbackup.pst
>  ACCESS_DENIED: C:\Documents and Settings\John Martin\My
> Documents\x.pdf
> The filename, directory name, or volume label syntax is
> incorrect.
>
> on all the files it didnt like, I got access denied
> messages.
>
> Any other ideas greatfully accepted.
>
>
> >-----Original Message-----
> >Usually you can find a small number of inheritance points
> >in the file structure, and remove the SID-style permission
> >grant on only those points.
> >I have never tried using a SID in place of username in a
> >cacls c:\somedir /E /T /R username
> >command execution
> >When all else fails, just set new permissions from a point
> >above your permissions mess and force it to reset
> recursively
> >the permissions on all dependent subfolders and files.
> >--
> >Roger Abell
> >MVP (Windows Platform)  Associate Expert
> >The Expert Zone - www.microsoft.com/windowsxp/expertzone
> >
> >"David" <davidboutet@videotron.com> wrote in message
> >news:b6d601c20ca2$4002dd40$19ef2ecf@tkmsftngxa01...
> >> I did a backup restore from a previous windows xp
> >> installation and most everywhere I restore a file, my
> >> user "david[DAVID\David]" have been replace by the
> >> following security identifier: S-1-5-21- ...
> >>
> >> I guess that my security identifier corresponding
> >> to "david[DAVID\David]" on my previous windows xp
> >> installation was different from the one on my present
> >> installation and windows saw a conflict and replace this
> >> one by S-1-5-21.
> >>
> >> Does semeone knows what means that security identifier
> >> and knows if there is a solution to do an undo on it? If
> >> there is no automatic undo, is there a search engine
> able
> >> to make a search on all files and folders that contains
> >> the security identifier?
> >
> >
> >.
> >