What xcacls.exe command will allow me to shift ownership to the user?

  • Thread starter Thread starter Spin
  • Start date Start date
S

Spin

Notable Gurus,

I am an admin of a Home Directory File Server and have many directories of
users. I want to use the xcacls.exe utility to give away ownership of
selected folders to users when necessary, for example, in Windows 2000 and
above, I need to ensure the user is the OWNER of their profile folder or
else their roaming profile will not work. What xcacls.exe command will
allow me to shift ownership to the user?
 
Spin said:
Notable Gurus,

I am an admin of a Home Directory File Server and have many directories of
users. I want to use the xcacls.exe utility to give away ownership of
selected folders to users when necessary, for example, in Windows 2000 and
above, I need to ensure the user is the OWNER of their profile folder or
else their roaming profile will not work. What xcacls.exe command will
allow me to shift ownership to the user?
Click to expand...
Hi

You can't use xcacls.exe for this as far as I know.

The command line tool SUBINACL is able to set ownership:

subinacl /noverbose /file \\server\share\dir /setowner=whoever
subinacl /noverbose /subdirectories \\server\share\dir\* /setowner=whoever


An updated SubInACL.exe is available for download here
(Win2k/WinXP/Win2k3):

http://www.microsoft.com/downloads/details.aspx?FamilyID=e8ba3e56-d8fe-4a91-93cf-ed6985e3927b
 
XCACLS and pretty much any other MS tool will only allow you to "take"
ownership, not "give" it.

The original idea here was part of the usual "security through obscurity", in
that a user was supposed to be able to tell if an administrator had looked at
their files by seeing that the ownership had been taken by an administrator,
which was (supposedly) the only way an administrator could change the
permissions to get at the file.

You can get few freewares called things like setowner that will allow you to
set the owner of a folder/files. Some links to these follow:

http://www.securityfocus.com/tools/1424
http://ntsecurity.nu/toolbox/setowner/
http://peter.verhas.com/progs/c/nt/pvt/index.html


|Notable Gurus,
|
|I am an admin of a Home Directory File Server and have many directories of
|users. I want to use the xcacls.exe utility to give away ownership of
|selected folders to users when necessary, for example, in Windows 2000 and
|above, I need to ensure the user is the OWNER of their profile folder or
|else their roaming profile will not work. What xcacls.exe command will
|allow me to shift ownership to the user?
|
|
|
|
 
Back
Top