I stumbled through this toll recently and found it useful for scenarios when you need to Migrate NTFS permissions from one Microsoft domain to another. A term known as re-acling where you setting permissions for users which are migrated to another domain. The tool can do more than that.
SetACL 3.0 handles NTFS permissions, ownership and auditing information of files/folders by automating the process that is manual through the Windows GUI. It's very complete command line utility.
The author's name is Helge Klein and the tool is called SetACL 3.0. There are many examples on the author's site, for example, you can reset the whole directory tree, to re-assign the ownership of the whole directory and subdirectories back to admin (or Administrators group), for example… very useful.
There is two versions of this tool available:
- Command Line version – can be used in batches files or scripts.
- COM version – provided as two DLL that can be used in programming languages.
SetACL 3.0 – What's the features?
- Edit permission and auditing entries
- Set the owner to any user/group
- List permissions, auditing and ownership information
- Backup and restore entire security descriptors or only DACL/SACL/owner
- Copy permissions between users or domains
Migrate ntfs permissions – Example.
Example for copying permissions from one domain to another:
SetACL -on D:\Data -ot file -actn domain -dom n1:MyOldDomain;n2:MyNewDomain;da:cpydom -rec cont_obj
This copies permissions for all files and directories below D:\Data from MyOldDomain to MyNewDomain.
Exemple of reseting of ownership for whole directory tree:
SetACL.exe -on “\\server1\share1\users” -ot file -actn setprot
-op “dacl:np;sacl:nc”
-rec cont_obj
-actn setowner -ownr “n:S-1-5-32-544”
Source and Links:
- Helge Klein Blog
- download the software.
- Here are more examples
- Main documentation set
- FAQ
