Download
latest version (2004)
Display or modify Access Control
Entries (ACEs) for file and folder Permissions, Ownership and Domain.
Access Control Lists apply only to files stored on an NTFS formatted drive,
each ACL determines which users (or groups of users) can read or edit the file.
When a new file is created it normally inherits ACL's from the folder where
it was created.
Syntax
SUBINACL [/noverbose] /object_type object_name [/action=parameter] [/help]
Key
object_type: service e.g. /service Messenger \\ServerName\Messenger
keyreg e.g. /keyreg HKEY_CURRENT_USER\Software
/keyreg \\Srv\HKEY_LOCAL_MACHINE\KeyPath
file e.g. /file *.obj /file c:\test.txt
/file \\ServerName\Share\Path
subdirectories manipulate files in specified directory and all subdirectories
object_name : This will vary according to the object_type - see the examples above
action : setowner=owner
will change the owner of the object e.g. /setowner=MyDomain\Administrators
replace=SamName\OldAccount=DomainName\New_Account
will replace all ACE (Audit and Permissions) in the object
e.g. /replace=MyOldDomain\Finance=NEWDOM\Finance
changedomain=OldDomainName=NewDomainName
will replace all ACEs with a Sid from OldDomainName
with the equivalent Sid found in NewSamServer
e.g. /changedomain=MyOldDomain=NEWDOMAIN
This option requires a trust relationship with the server containing the object.
When running subinacl against a subfolder, its important to include the trailing backslash, (or \*.*) if they are missed out subinacl may interpret the path as a filename and search the entire drive for it, this can be very slow. (This is the opposite behaviour of Robocopy but you didn't expect consistency did you! )
Examples:
subinacl can do everything that cacls and xcacls can do and more besides.
List permissions to log file:
subinacl /noverbose /nostatistic /outputlog=my.log /subdirectories "C:\Program Files\My Folder\*.*" /display
Restore Permissions:
subinacl /nostatistic /playfile my.log
Change owner :
subinacl /file C:\demofile.doc /setowner=MYDOMAIN\BillG
"Whether a pretty woman grants or withholds her favours, she always likes to be asked for them" - Ovid (Ars Amatoria)
Related:
ATTRIB - Display or change file attributes
CACLS - Change file permissions
XCACLS - Display or modify Access Control Lists (ACLs) for files and folders
PERMS - Show permissions for a user
FIXACLS - Restore default privs (Resource Kit supplement 2)
SHOWACL - Show file Access Control Lists (Windows 2000)
XCACLS - Display or modify Access Control Lists (ACLs) for files and folders
Q288129 - Grant users the right to manage services
Powershell: Set-Acl - Set permissions
Equivalent bash command (Linux): chmod - Change access permissions
