icacls Problem, any Ideas ?

  • Thread starter Thread starter Schellhaas
  • Start date Start date
S

Schellhaas

Hello ppl,

i want to replace a SID on a Network Share, its an EMC Cellerra Fileserver.
The SID belongs to a non existent local Group of a Computer, and shall be
replaced with the Domain Admins.
Now the Problem is: i can see the SID when i do a icacls . /save blabla /t eg:
D:AI(A;;FA;;;S-1-5-21-843271493-14817-88053947-544)(A;ID;FA;;;S-1-5-21-3293502084-2983367093-3279364434-3974)(A;ID;FA;;;DA)
../\gempc.doc
its the first SID.
Now i can do a search fo my own SID by Number:
icacls . /findSID *S-1-5-21-3293502084-2983367093-3279364434-3974 /t
and it is found. now i do a search for the SID to be replaced:
icacls ./ /findSID *S-1-5-21-843271493-14817-88053947-544 /t
Es wurde keine Dateien mit übereinstimmender SID gefunden. <-- none is found

how can that be ? what do i do wrong ? my own SID is inherited, the other is
added explcitely

thanks for hints
 
Why not just delete the permissions for the unknown SID then create the new
permissions for Domain Admins? It seems like you're trying to do something
that is overly complicated to achieve a simple goal.
 
Well i have those SIDs in various locations. Only the Share for users
homefolders has >700k folders alone. If i would know icacls could search and
replace this SID i would give icacls like 2 Days of work.....
 
Back
Top