Changing ownership and deleting unknown accounts from objects

Yesterday I decided to fix an old problem. I had some directories and files with the unknown accounts in the access control lists(ACL). This can occur when you migrate user files to a new server. The easy way to fix this problem is right click on the directory and follow the menus to change ownership, delete the unknown account, and grant full access to the new owner. Another way of changing ownership is to use the command line utility, SubInACL. That is what I chose to use yesterday.

Sometime ago I had downloaded and installed the Windows 2003 Resource Kit which includes SubInACL. This is the utility to change ownership. After a lot of attempts and re-reading the help multiple times, I gave up. It did not work. So I downloaded FileACL and after a few attempts I figured out the command line to change the object. As an example the following command will grant full access to user1, revoke access to the unknown account, and change ownership of the directory, subdirectory, and files.

fileacl "Pinnacle Studio" /s user1:f /r S-1-5-21-73586283-1644491937-682003330-1123 /o user1 /sub /files

It bothered me that SubInACL did not work properly so I decided to spend a few minutes to find out why. After a little searching I found that the version(4.0) included in the resource kit did not work for several people and that there was a newer version, Download details: SubInACL (SubInACL.exe). The new version(5.2) works Windows 2003. I wonder how this slipped by quality control.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.