G
Guest
I'm trying to change the ownership of a folder on my Windows 2000 server.
First I tried xcacls.exe but this tool doesn't change the ownership so I
tried it with xcacls.vbs. When I use this tool I do get the following error
message:
Error: This security ID may not be assigned as the owner of this object.
(Msg#543)
Who knows how I can solve this problem or maybe another tool to do the trick?
Here is the full output of xcacls.vbs:
t:\tools>cscript T:\Tools\xcacls.vbs T:\Tools\TEST /O nl\testnl2 /G
nl\testnl2:F /F /S /T /DEBUG
Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.
Starting XCACLS.VBS (Version: 5.2) Script at 5-11-2004 9:57:16
Main: Enter
IsOSSupported: Enter
IsOSSupported: OSVer = 5.0
IsOSSupported: Return = True
IsOSSupported: Exit
PrintArguments: Enter
Startup directory:
"T:\Tools"
Arguments Used:
DisplayPathString: Enter
DisplayPathString: Return = TRUE
GetServerNameString: Exit
Filename = "T:\Tools\TEST"
/F (All Files under current directory)
/S (All Sub Directories under current directory)
/T (Traverse Directories)
/G (Grant rights)
nl\testnl2:F
/O (Change Ownership)
nl\testnl2
/DEBUG
PrintArguments: Exit
SetMainVars: Enter
GetServerNameString: Enter
GetServerNameString: Return = FALSE
GetServerNameString: Exit
HasWildcardCharacters: Enter
HasWildcardCharacters: Return = FALSE
HasWildcardCharacters: Exit
SetMainVars: Return = TRUE
SetMainVars: Exit
CheckTrustees: Enter
CheckTrustees: Checking Users to make sure they are proper Trustee's
GetDefaultNames: Enter
GetDefaultNames: Exit
GetDefaultDomainSid: Enter
GetDefaultDomainSid: Exit
CheckTrustees: Checking /G users
FixListOfTrustees: Enter
FixThisTrustee: Enter
SetTrustee: Enter
GetStandardSid: Enter
GetStandardSid: Return = NOTHING
GetStandardSid: Exit
GetAccountObj: Enter
GetUserObj: Enter
GetUserObj: strDomain = NL
GetUserObj: strName = TESTNL2
GetUserObj: Return = Win32_UserAccount object
GetUserObj: Exit
GetAccountObj: Return = Win32_UserAccount or Win32_Group object
GetAccountObj: Exit
SetTrustee: Return = Win32_Trustee object
SetTrustee: Exit
TrusteesDisplay: Enter
TrusteesDisplay: Exit
FixThisTrustee: Return = True
FixThisTrustee: Exit
AddObjectToArray: Enter
AddObjectToArray: Return = True
AddObjectToArray: Exit
FixListOfTrustees: Return = True
FixListOfTrustees: Exit
CheckTrustees: Checking /O user
FixThisTrustee: Enter
SetTrustee: Enter
GetStandardSid: Enter
GetStandardSid: Return = NOTHING
GetStandardSid: Exit
GetAccountObj: Enter
GetUserObj: Enter
GetUserObj: strDomain = NL
GetUserObj: strName = TESTNL2
GetUserObj: Return = Win32_UserAccount object
GetUserObj: Exit
GetAccountObj: Return = Win32_UserAccount or Win32_Group object
GetAccountObj: Exit
SetTrustee: Return = Win32_Trustee object
SetTrustee: Exit
TrusteesDisplay: Enter
TrusteesDisplay: Exit
FixThisTrustee: Return = True
FixThisTrustee: Exit
CheckTrustees: Return = True
CheckTrustees: Exit
DisplayPathString: Enter
DisplayPathString: Return = TRUE
GetServerNameString: Exit
No Wildcard characters detected for "T:\Tools\TEST"
DoesPathNameExist: Enter
DoesPathNameExist: Return = 1
DoesPathNameExist: Exit
DoTheWorkOnThisItem: Enter
**************************************************************************
DisplayPathString: Enter
DisplayPathString: Return = TRUE
GetServerNameString: Exit
Directory: T:\Tools\TEST
SetACLForObject: Enter
SetACLForObject: Working on "T:\Tools\TEST"
SetACLForObject: Sorting DACL array and modifying rights if needed
SetACLForObject: Granting Rights for Users (that haven't been granted already)
AccessMask_New: Enter
StringAceFlag: Enter
StringAceFlag: Return = This Folder, Subfolders and Files
StringAceFlag: Exit
SetACE: Enter
SetACE: Return = Win32_Ace object
SetACE: Exit
AddObjectToArray: Enter
AddObjectToArray: Return = True
AddObjectToArray: Exit
Granting NTFS rights (F access for This Folder, Subfolders and Files) for
"NL\TestNL2"
AccessMask_New: Return = True
AccessMask_New: Exit
SetACLForObject: Forming new DACL array
AddObjectToArray: Enter
AddObjectToArray: Return = True
AddObjectToArray: Exit
SetACLForObject: Saving new Descriptor
SetACLForObject: Changing Ownership
TrusteesMatch: Enter
TrusteesMatch: Checking Users to see if they match
TrusteesMatch: No Match
TrusteesMatch: Exit
TrusteesDisplay: Enter
TrusteesDisplay: Exit
Changing Ownership to "NL\TestNL2"
Error: This security ID may not be assigned as the owner of this object.
(Msg#543)
SetACLForObject: Exit
**************************************************************************
DoTheWorkOnThisItem: Exit
DoTheWorkOnEverythingUnderDirectory: Enter
DoTheWorkOnEverythingUnderDirectory: Directory passed: "T:\Tools\TEST"
DoTheWorkOnThisItem: Enter
**************************************************************************
DisplayPathString: Enter
DisplayPathString: Return = TRUE
GetServerNameString: Exit
File: T:\Tools\TEST\hallo.txt
SetACLForObject: Enter
SetACLForObject: Working on "T:\Tools\TEST\hallo.txt"
SetACLForObject: Sorting DACL array and modifying rights if needed
SetACLForObject: Granting Rights for Users (that haven't been granted already)
AccessMask_New: Enter
StringAceFlag: Enter
StringAceFlag: Return = This Folder and Files
StringAceFlag: Exit
SetACE: Enter
SetACE: Return = Win32_Ace object
SetACE: Exit
AddObjectToArray: Enter
AddObjectToArray: Return = True
AddObjectToArray: Exit
Granting NTFS rights (F access for This Folder and Files) for "NL\TestNL2"
AccessMask_New: Return = True
AccessMask_New: Exit
SetACLForObject: Forming new DACL array
AddObjectToArray: Enter
AddObjectToArray: Return = True
AddObjectToArray: Exit
SetACLForObject: Saving new Descriptor
SetACLForObject: Changing Ownership
TrusteesMatch: Enter
TrusteesMatch: Checking Users to see if they match
TrusteesMatch: No Match
TrusteesMatch: Exit
TrusteesDisplay: Enter
TrusteesDisplay: Exit
Changing Ownership to "NL\TestNL2"
Error: This security ID may not be assigned as the owner of this object.
(Msg#543)
SetACLForObject: Exit
**************************************************************************
DoTheWorkOnThisItem: Exit
DoTheWorkOnEverythingUnderDirectory: Exit
Main: Exit
ClearObjectArray: Enter
ClearObjectArray: Return = TRUE
ClearObjectArray: Exit
ClearObjectArray: Enter
ClearObjectArray: Return = TRUE
ClearObjectArray: Exit
ClearObjectArray: Enter
ClearObjectArray: Return = TRUE
ClearObjectArray: Exit
ClearObjectArray: Enter
ClearObjectArray: Return = TRUE
ClearObjectArray: Exit
ClearObjectArray: Enter
ClearObjectArray: Return = TRUE
ClearObjectArray: Exit
Operation Complete
Elapsed Time: 1,015625 seconds.
Ending Script at 5-11-2004 9:57:17
First I tried xcacls.exe but this tool doesn't change the ownership so I
tried it with xcacls.vbs. When I use this tool I do get the following error
message:
Error: This security ID may not be assigned as the owner of this object.
(Msg#543)
Who knows how I can solve this problem or maybe another tool to do the trick?
Here is the full output of xcacls.vbs:
t:\tools>cscript T:\Tools\xcacls.vbs T:\Tools\TEST /O nl\testnl2 /G
nl\testnl2:F /F /S /T /DEBUG
Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.
Starting XCACLS.VBS (Version: 5.2) Script at 5-11-2004 9:57:16
Main: Enter
IsOSSupported: Enter
IsOSSupported: OSVer = 5.0
IsOSSupported: Return = True
IsOSSupported: Exit
PrintArguments: Enter
Startup directory:
"T:\Tools"
Arguments Used:
DisplayPathString: Enter
DisplayPathString: Return = TRUE
GetServerNameString: Exit
Filename = "T:\Tools\TEST"
/F (All Files under current directory)
/S (All Sub Directories under current directory)
/T (Traverse Directories)
/G (Grant rights)
nl\testnl2:F
/O (Change Ownership)
nl\testnl2
/DEBUG
PrintArguments: Exit
SetMainVars: Enter
GetServerNameString: Enter
GetServerNameString: Return = FALSE
GetServerNameString: Exit
HasWildcardCharacters: Enter
HasWildcardCharacters: Return = FALSE
HasWildcardCharacters: Exit
SetMainVars: Return = TRUE
SetMainVars: Exit
CheckTrustees: Enter
CheckTrustees: Checking Users to make sure they are proper Trustee's
GetDefaultNames: Enter
GetDefaultNames: Exit
GetDefaultDomainSid: Enter
GetDefaultDomainSid: Exit
CheckTrustees: Checking /G users
FixListOfTrustees: Enter
FixThisTrustee: Enter
SetTrustee: Enter
GetStandardSid: Enter
GetStandardSid: Return = NOTHING
GetStandardSid: Exit
GetAccountObj: Enter
GetUserObj: Enter
GetUserObj: strDomain = NL
GetUserObj: strName = TESTNL2
GetUserObj: Return = Win32_UserAccount object
GetUserObj: Exit
GetAccountObj: Return = Win32_UserAccount or Win32_Group object
GetAccountObj: Exit
SetTrustee: Return = Win32_Trustee object
SetTrustee: Exit
TrusteesDisplay: Enter
TrusteesDisplay: Exit
FixThisTrustee: Return = True
FixThisTrustee: Exit
AddObjectToArray: Enter
AddObjectToArray: Return = True
AddObjectToArray: Exit
FixListOfTrustees: Return = True
FixListOfTrustees: Exit
CheckTrustees: Checking /O user
FixThisTrustee: Enter
SetTrustee: Enter
GetStandardSid: Enter
GetStandardSid: Return = NOTHING
GetStandardSid: Exit
GetAccountObj: Enter
GetUserObj: Enter
GetUserObj: strDomain = NL
GetUserObj: strName = TESTNL2
GetUserObj: Return = Win32_UserAccount object
GetUserObj: Exit
GetAccountObj: Return = Win32_UserAccount or Win32_Group object
GetAccountObj: Exit
SetTrustee: Return = Win32_Trustee object
SetTrustee: Exit
TrusteesDisplay: Enter
TrusteesDisplay: Exit
FixThisTrustee: Return = True
FixThisTrustee: Exit
CheckTrustees: Return = True
CheckTrustees: Exit
DisplayPathString: Enter
DisplayPathString: Return = TRUE
GetServerNameString: Exit
No Wildcard characters detected for "T:\Tools\TEST"
DoesPathNameExist: Enter
DoesPathNameExist: Return = 1
DoesPathNameExist: Exit
DoTheWorkOnThisItem: Enter
**************************************************************************
DisplayPathString: Enter
DisplayPathString: Return = TRUE
GetServerNameString: Exit
Directory: T:\Tools\TEST
SetACLForObject: Enter
SetACLForObject: Working on "T:\Tools\TEST"
SetACLForObject: Sorting DACL array and modifying rights if needed
SetACLForObject: Granting Rights for Users (that haven't been granted already)
AccessMask_New: Enter
StringAceFlag: Enter
StringAceFlag: Return = This Folder, Subfolders and Files
StringAceFlag: Exit
SetACE: Enter
SetACE: Return = Win32_Ace object
SetACE: Exit
AddObjectToArray: Enter
AddObjectToArray: Return = True
AddObjectToArray: Exit
Granting NTFS rights (F access for This Folder, Subfolders and Files) for
"NL\TestNL2"
AccessMask_New: Return = True
AccessMask_New: Exit
SetACLForObject: Forming new DACL array
AddObjectToArray: Enter
AddObjectToArray: Return = True
AddObjectToArray: Exit
SetACLForObject: Saving new Descriptor
SetACLForObject: Changing Ownership
TrusteesMatch: Enter
TrusteesMatch: Checking Users to see if they match
TrusteesMatch: No Match
TrusteesMatch: Exit
TrusteesDisplay: Enter
TrusteesDisplay: Exit
Changing Ownership to "NL\TestNL2"
Error: This security ID may not be assigned as the owner of this object.
(Msg#543)
SetACLForObject: Exit
**************************************************************************
DoTheWorkOnThisItem: Exit
DoTheWorkOnEverythingUnderDirectory: Enter
DoTheWorkOnEverythingUnderDirectory: Directory passed: "T:\Tools\TEST"
DoTheWorkOnThisItem: Enter
**************************************************************************
DisplayPathString: Enter
DisplayPathString: Return = TRUE
GetServerNameString: Exit
File: T:\Tools\TEST\hallo.txt
SetACLForObject: Enter
SetACLForObject: Working on "T:\Tools\TEST\hallo.txt"
SetACLForObject: Sorting DACL array and modifying rights if needed
SetACLForObject: Granting Rights for Users (that haven't been granted already)
AccessMask_New: Enter
StringAceFlag: Enter
StringAceFlag: Return = This Folder and Files
StringAceFlag: Exit
SetACE: Enter
SetACE: Return = Win32_Ace object
SetACE: Exit
AddObjectToArray: Enter
AddObjectToArray: Return = True
AddObjectToArray: Exit
Granting NTFS rights (F access for This Folder and Files) for "NL\TestNL2"
AccessMask_New: Return = True
AccessMask_New: Exit
SetACLForObject: Forming new DACL array
AddObjectToArray: Enter
AddObjectToArray: Return = True
AddObjectToArray: Exit
SetACLForObject: Saving new Descriptor
SetACLForObject: Changing Ownership
TrusteesMatch: Enter
TrusteesMatch: Checking Users to see if they match
TrusteesMatch: No Match
TrusteesMatch: Exit
TrusteesDisplay: Enter
TrusteesDisplay: Exit
Changing Ownership to "NL\TestNL2"
Error: This security ID may not be assigned as the owner of this object.
(Msg#543)
SetACLForObject: Exit
**************************************************************************
DoTheWorkOnThisItem: Exit
DoTheWorkOnEverythingUnderDirectory: Exit
Main: Exit
ClearObjectArray: Enter
ClearObjectArray: Return = TRUE
ClearObjectArray: Exit
ClearObjectArray: Enter
ClearObjectArray: Return = TRUE
ClearObjectArray: Exit
ClearObjectArray: Enter
ClearObjectArray: Return = TRUE
ClearObjectArray: Exit
ClearObjectArray: Enter
ClearObjectArray: Return = TRUE
ClearObjectArray: Exit
ClearObjectArray: Enter
ClearObjectArray: Return = TRUE
ClearObjectArray: Exit
Operation Complete
Elapsed Time: 1,015625 seconds.
Ending Script at 5-11-2004 9:57:17