Force ownership of folder structure without replacing other permissions - Windows Server 2008 R2 - takeown is erasing all other permissions
Ended up achieving what I wanted with Setacl. I wrote the following script which ripped through the entire folder structure and files, and gave ownership to the local Administrators group, then went through again and added a full control ACE for our IT domain group. It did this without replacing or removing the existing permissions/ACEs (other than replacing the owner), and I didn't get any access denied errors:
setlocal
set logDir=%1
set targetDir=%2
set logFileName=%~n2
set logFileNameEnding=%3
SetACL.exe -on %targetDir% -ot file -actn setowner -ownr "n:S-1-5-32-544;s:y" -rec cont_obj -log "%logDir%\%logFileName%-TAKEOWN-%LogFileNameEnding%.txt" -silent
SetACL.exe -on %targetDir% -ot file -actn ace -ace "n:domain\group;p:full;s:n;m:set;w:dacl" -rec cont_obj -log "%logDir%\%logFileName%-ADD-DOMAIN-GROUP-%LogFileNameEnding%.txt" -silent
endlocal
Related videos on Youtube
09 : 43
09 : 07
05 : 00
15 : 11
01 : 55
jaymitt
Updated on September 17, 2022Comments
-
jaymitt over 1 year
Logged on as local Administrator. Trying to put Administrator as owner of all files and folders on a drive. The drive contains an existing folder structure with securities/permissions/acls copied from another server using robocopy which is why the local administrator or administrators group does not have access to all folders. This happens at various places where the inheritance has been broken.
If I use icacls /setowner, I get access denied at the broken inheritance. If I use the takeown command, it works to force taking ownership, but it also removes all other permissions resulting in only the local administrator being listed in the permissions. I need to preserve the existing permissions, but take ownership so my other restore and copy jobs don't fail at the broken inheritance points.
-
jaymitt over 13 yearsNo unknowns, same domain. A drive in our array failed. Replace and rebuild were failing and a second drive started to get media errors, so disabled shares and started robocopying to another server array. Fearing that the old array would fail, I started with /maxage:30 switch to get the most recent files first - because I used this with the /e and /copy:datsou switches, it copied the entire folder structure with permissions. Then had to restore many files/folders from backup to the new structure, but getting access denied in some places because of broken inheritance no admin rights in some dirs