| Author |
Message |
SWarrior
Guest
|
 Posted:
Wed Nov 30, 2005 5:17 pm Post subject:
Removing extinct file permissions |
|
|
I have a problem getting rid of OLD file permissions. It's not that I can't
remove them, it's that I need to remove them from about 120GB worth of files.
Uuuuugh... The problem stems from an old domain that was set up several
years ago and trusts between the two domains were established. That old
domain no longer exists, but these old file permissions still do. Is there
ANY way that you can use CACLS to remove ALL permissions from files/folders
that are NOT known or part of the existing domain? This is only an issue
because we are replacing an old file server and would like to have all these
OLD DEAD permissions eliminated.
Here is an example of what these permissions look like.
Authenticated User
Domain Admins
S-1-5-21-1047886722-1192775343-1539857752-512
SYSTEM
Sometimes there is one of these rogue permissions, sometimes there are
several.
MANY MANY thanks in advance!!!
-SWarrior |
|
| Back to top |
|
 |
Jerold Schulman
Guest
|
| Posted:
Wed Nov 30, 2005 5:17 pm Post subject:
Re: Removing extinct file permissions |
|
|
On Wed, 30 Nov 2005 08:35:11 -0800, "SWarrior" <SWarrior@discussions.microsoft.com> wrote:
| Quote: | I have a problem getting rid of OLD file permissions. It's not that I can't
remove them, it's that I need to remove them from about 120GB worth of files.
Uuuuugh... The problem stems from an old domain that was set up several
years ago and trusts between the two domains were established. That old
domain no longer exists, but these old file permissions still do. Is there
ANY way that you can use CACLS to remove ALL permissions from files/folders
that are NOT known or part of the existing domain? This is only an issue
because we are replacing an old file server and would like to have all these
OLD DEAD permissions eliminated.
Here is an example of what these permissions look like.
Authenticated User
Domain Admins
S-1-5-21-1047886722-1192775343-1539857752-512
SYSTEM
Sometimes there is one of these rogue permissions, sometimes there are
several.
MANY MANY thanks in advance!!!
-SWarrior
|
Possibly tip 8741 » How can I remove invalid domain SIDs from the my file system permissions?
in the 'Tips & Tricks' at http://www.jsifaq.com
Jerold Schulman
Windows Server MVP
JSI, Inc.
http://www.jsiinc.com
http://www.jsifaq.com |
|
| Back to top |
|
|
SWarrior
Guest
|
| Posted:
Thu Dec 01, 2005 1:17 am Post subject:
Re: Removing extinct file permissions |
|
|
"Jerold Schulman" wrote:
| Quote: | On Wed, 30 Nov 2005 08:35:11 -0800, "SWarrior" <SWarrior@discussions.microsoft.com> wrote:
I have a problem getting rid of OLD file permissions. It's not that I can't
remove them, it's that I need to remove them from about 120GB worth of files.
Uuuuugh... The problem stems from an old domain that was set up several
years ago and trusts between the two domains were established. That old
domain no longer exists, but these old file permissions still do. Is there
ANY way that you can use CACLS to remove ALL permissions from files/folders
that are NOT known or part of the existing domain? This is only an issue
because we are replacing an old file server and would like to have all these
OLD DEAD permissions eliminated.
Here is an example of what these permissions look like.
Authenticated User
Domain Admins
S-1-5-21-1047886722-1192775343-1539857752-512
SYSTEM
Sometimes there is one of these rogue permissions, sometimes there are
several.
MANY MANY thanks in advance!!!
-SWarrior
Possibly tip 8741 » How can I remove invalid domain SIDs from the my file system permissions?
in the 'Tips & Tricks' at http://www.jsifaq.com
|
I tried this with the following syntax:
subinacl /subdirectories D:\*.* /cleandeletedsidsfrom=MyDomainName
and it appears as though it did nothing. I still have all the
S-1-xxxxxxxxxxx SIDS...
Any ideas of what might be the problem? Is it possible that one of the
former domains was actually the same name? We did re-build one of the
domain's using the same name quite some time ago.
HELP!!!!
hahahah
-SWarrior |
|
| Back to top |
|
|
Jerold Schulman
Guest
|
| Posted:
Thu Dec 01, 2005 5:17 pm Post subject:
Re: Re: Removing extinct file permissions |
|
|
On Wed, 30 Nov 2005 11:50:24 -0800, "SWarrior" <SWarrior@discussions.microsoft.com> wrote:
| Quote: |
"Jerold Schulman" wrote:
On Wed, 30 Nov 2005 08:35:11 -0800, "SWarrior" <SWarrior@discussions.microsoft.com> wrote:
I have a problem getting rid of OLD file permissions. It's not that I can't
remove them, it's that I need to remove them from about 120GB worth of files.
Uuuuugh... The problem stems from an old domain that was set up several
years ago and trusts between the two domains were established. That old
domain no longer exists, but these old file permissions still do. Is there
ANY way that you can use CACLS to remove ALL permissions from files/folders
that are NOT known or part of the existing domain? This is only an issue
because we are replacing an old file server and would like to have all these
OLD DEAD permissions eliminated.
Here is an example of what these permissions look like.
Authenticated User
Domain Admins
S-1-5-21-1047886722-1192775343-1539857752-512
SYSTEM
Sometimes there is one of these rogue permissions, sometimes there are
several.
MANY MANY thanks in advance!!!
-SWarrior
Possibly tip 8741 » How can I remove invalid domain SIDs from the my file system permissions?
in the 'Tips & Tricks' at http://www.jsifaq.com
I tried this with the following syntax:
subinacl /subdirectories D:\*.* /cleandeletedsidsfrom=MyDomainName
and it appears as though it did nothing. I still have all the
S-1-xxxxxxxxxxx SIDS...
Any ideas of what might be the problem? Is it possible that one of the
former domains was actually the same name? We did re-build one of the
domain's using the same name quite some time ago.
HELP!!!!
hahahah
-SWarrior
Wouldn't MyDomainName be the OldDomainName. |
Jerold Schulman
Windows Server MVP
JSI, Inc.
http://www.jsiinc.com
http://www.jsifaq.com |
|
| Back to top |
|
|
SWarrior
Guest
|
| Posted:
Thu Dec 01, 2005 5:17 pm Post subject:
Re: Re: Removing extinct file permissions |
|
|
Not according to the syntax provided. Besides that, if you don't remember
the domain name(s) that would make it kind of hard to do...
/cleandeletedsidsfrom=DomainName [=dacl | =sacl | =owner | =primarygroup |
=sdsize]
Deletes all ACEs containing deleted (not valid) SIDs from DomainName. The
optional parameters allow you to specify certain parts of the security
descriptor in which to search for invalid SIDs
-SWarrior |
|
| Back to top |
|
|
SWarrior
Guest
|
| Posted:
Thu Dec 01, 2005 5:17 pm Post subject:
Re: Re: Removing extinct file permissions |
|
|
| Quote: | Wouldn't MyDomainName be the OldDomainName.
|
From all the research that I can find, it appears that if the domain does
not exist any longer, you're SOL!
Picture this:
Domain1\Fileserver1
Domain2
Domain3
Rights/Trusts have been established on Domain1\Fileserver1 to allow access
from Domain2 & Domain3
All 3 domains are migrated over time into one domain. Domain1 remains.
Domain2 and Domain3 are De-Commissioned. Time goes by.. Tic Toc Tic Toc.
Domain1\Fileserver1 is getting old and full. New Server is added.
Domain1\Fileserver2. Now we want to migrate all files from Fileserver1 to
Fileserver2. This task is a breaze with XCOPY. However we would like to
clean up all of the non-existent SID's.(from the former Domain2 & Domain3.
XCOPY copies all of our files over WITH all the ACL's.
Now how can we dump all the SID's from the NEW server that still linger from
the two de-commissioined domains? I am SURE that we are not the only ones
that have ever done this.
Many Many Thanks to everyone that might be able to assist.
-SWarrior |
|
| Back to top |
|
|
Jerold Schulman
Guest
|
| Posted:
Fri Dec 02, 2005 5:17 pm Post subject:
Re: Re: Re: Removing extinct file permissions |
|
|
See tip 9942 » How can I remove unknown users or groups from NTFS permission?
in the 'Tips & Tricks' at http://www.jsifaq.com, which I wrote in response to your problem.
On Thu, 1 Dec 2005 07:12:01 -0800, "SWarrior" <SWarrior@discussions.microsoft.com> wrote:
| Quote: | Wouldn't MyDomainName be the OldDomainName.
From all the research that I can find, it appears that if the domain does
not exist any longer, you're SOL!
Picture this:
Domain1\Fileserver1
Domain2
Domain3
Rights/Trusts have been established on Domain1\Fileserver1 to allow access
from Domain2 & Domain3
All 3 domains are migrated over time into one domain. Domain1 remains.
Domain2 and Domain3 are De-Commissioned. Time goes by.. Tic Toc Tic Toc.
Domain1\Fileserver1 is getting old and full. New Server is added.
Domain1\Fileserver2. Now we want to migrate all files from Fileserver1 to
Fileserver2. This task is a breaze with XCOPY. However we would like to
clean up all of the non-existent SID's.(from the former Domain2 & Domain3.
XCOPY copies all of our files over WITH all the ACL's.
Now how can we dump all the SID's from the NEW server that still linger from
the two de-commissioined domains? I am SURE that we are not the only ones
that have ever done this.
Many Many Thanks to everyone that might be able to assist.
-SWarrior
|
Jerold Schulman
Windows Server MVP
JSI, Inc.
http://www.jsiinc.com
http://www.jsifaq.com |
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in