Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Remove File Permissions

Status
Not open for further replies.
SWarrior

SWarrior

MIS
Dec 19, 2003
111
US
I have a problem getting rid of OLD file permissions. It's not that I can't remove them, it's that I need to remove them from about 120GB worth of files. Uuuuugh... The problem stems from an old domain that was set up several years ago and trusts between the two domains were established. That old domain no longer exists, but these old file permissions still do. Is there ANY way that you can use CACLS to remove ALL permissions from files/folders that are NOT known or part of the existing domain? This is only an issue because we are replacing an old file server and would like to have all these OLD DEAD permissions eliminated.

Here is an example of what these permissions look like.

Authenticated User
Domain Admins
S-1-5-21-1047886722-1192775343-1539857752-512
SYSTEM

Sometimes there is one of these rogue permissions, sometimes there are several.

MANY MANY thanks in advance!!!

-SWarrior
 
Sort by date Sort by votes
Is it possible to re-setup all the permissions?

If so I'd replace the permissions on all files to something like Domain Admins and then go about setting up all permissions again...

Otherwise, I don't think theres an easy way out of this

P
 
Upvote 0 Downvote
In that you see a SID, it didn't resolve. The SID, S-1-5-...-512 is the Domain Admins group and 21-1047886722-1192775343-153987752 is the RID for the domain this group is from. Based on this I would say that this represents a failure to clean up permissions on decomissioning of the old NT domain, and not some rouge process.

To replace permissions use xcacls.


Example 1
 
Upvote 0 Downvote
I have found that MS has a utility to do just what I need, but it does not seem to be actually working. I know I know... Microsoft WORK properly ?? hahahhahahah

Anyway, the command line that should work is this, but it looks like it's working, but when I check the permissions on some files/folders they have not changed.

(all one line below)
subinacl /subdirectories D:\*.* /cleandeletedsidsfrom=MyDomainName

Any Assistence on this will be greatly appreciated. There is no way that I can possibly do this manually. We have hundreds of thousands of files.

-SWarrior
 
Upvote 0 Downvote
If you wish to make all the permissions uniform, try the following:

COPY the files from one hard drive to a second hard drive (i.e. hdd on the new file server you want to set up). The files will inherit the permissions of the root drive\folder they are copied to. Generate new shares on the copy of the files.

A+/MCP/MCSE/MCDBA
 
Upvote 0 Downvote
SeasprayO,

I need all of the existing NTFS Permissions in tact, with the exception of the UNKNOWN permissions that have been lingering for a few years since we've decommissioned old domains.

-SWarrior
 
Upvote 0 Downvote
I used a tool named DumpSec from SysInternals.com thazt was very helpful to display/print all non-inherited security/rights settings. While it just reported but didn't remove anything, I used it to see what I missed.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

microsGuy16
  • Locked
  • Question
Can not copy files to Mapped drive
Replies
0
Views
222
microsGuy16
microsGuy16
JScannell
  • Locked
  • Question
File saving from browsers
Replies
1
Views
90
DrB0b
DrB0b
shmoes
  • Locked
  • Question
Delegating file admin permission
Replies
3
Views
103
SamBones
SamBones
kurio71
  • Locked
  • Question
Clean Install of 2016 - NTFS permissions
Replies
1
Views
78
hairlessupportmonkey
hairlessupportmonkey
gbaughma
  • Locked
  • Question
Shared folder permissions
Replies
0
Views
49
gbaughma
gbaughma

Part and Inventory Search

Sponsor

Back
Top