Posted On 2007-04-25 by FortyPoundHead
Keywords: Command Reference Resource Kit
Tags: Windows Commandline Windows
Views: 2368

Display or modify Access Control Entries (ACEs) for file and folder Permissions, Ownership and Domain.

Access Control Lists apply only to files stored on an NTFS formatted drive, each ACL determines which users (or groups of users) can read or edit the file. When a new file is created it normally inherits ACL''s from the folder where it was created.

SUBINACL [/noverbose] /object_type object_name [/action=parameter] [/help]

object_type: service e.g. /service Messenger \\ServerName\Messenger
keyreg e.g. /keyreg HKEY_CURRENT_USER\Software
/keyreg \\Srv\HKEY_LOCAL_MACHINE\KeyPath
file e.g. /file *.obj /file c:\test.txt
/file \\ServerName\Share\Path
subdirectories manipulate files in specified directory and all subdirectories

object_name : This will vary according to the object_type - see the examples above

action : setowner=owner
will change the owner of the object e.g. /setowner=MyDomain\Administrators

will replace all ACE (Audit and Permissions) in the object
e.g. /replace=MyOldDomain\Finance=NEWDOM\Finance

will replace all ACEs with a Sid from OldDomainName
with the equivalent Sid found in NewSamServer
e.g. /changedomain=MyOldDomain=NEWDOMAIN
This option requires a trust relationship with the server containing the object. Examples:

subinacl can do everything that cacls and xcacls can do and more besides.

List permissions to log file:
subinacl /noverbose /nostatistic /outputlog=my.log /subdirectories "C:\Program Files\My Folder" /display

Restore Permissions:
subinacl /nostatistic /playfile my.log

Change owner :
subinacl /file C:\demofile.doc /setowner=MYDOMAIN\BillG


Running subinacl against a subfolder, as in the example above will affect just that folder and it''s contents. However if you run subinacl against a folder in the root of the drive it will scan the entire drive for folders matching that name (which can take some time).
subinacl /subdirectories "C:\Spud"
Will also match
C:\Program Files\Spud
C:\Documents and Settings\Spud etc

About the Author

FortyPoundHead has posted a total of 1974 articles.

Comments On This Post

No comments on this post yet!

Do you have a thought relating to this post? You can post your comment here. If you have an unrelated question, you can use the Q&A section to ask it.

Or you can drop a note to the administrators if you're not sure where you should post.

Your IP address is:

Before you can post, you need to prove you are human. If you log in, this test goes away.

Code Links