subinacl, a wonderbox of command-line ACL power, is part of the Windows Resource Kit.
Here's syntax to transfer one user's access pattern onto another user.
subinacl /subdirectories \\server\departments\accounts\* /replace=ark=gru
This goes through all of the folders in accounts, and replaces ark's SID with gru's SID.
gru now has all the same folder permissions that ark had.
Note: According to the help file (subinacl /help /replace) :
SubInAcl version 5.2.3790.1180
/REPLACE
--------
/replace=DomainName\OldAccount=DomainName\New_Account
replace all ACEs (Audit and Permissions) in the object
Ex: /replace=DOM_MARKETING\ChairMan=NEWDOM\NewChairMan will replace
all ACEs containing DOM_MARKETING\ChairMan with NewChairMan SID
retrieves from NEWDOM domain
Warning: if DomainName\New_Account has already an ACE, ACE replacement is
skipped
Because /replace is supposed to _replace_ ark's SID with gru's, one would expect to find no more references to ark via the Sharing and Security GUI for a folder.
However, in my system, I found that gru now had an entry alongside every one of the ark's entries.
12 years ago
Posts
No comments:
Post a Comment