SUBINACL.exe (Windows 2003 Resource kit)

Download latest version (2004)
Display or modify Access Control Entries (ACEs) for file and folder Permissions, Ownership and Domain.

Access Control Lists apply only to files stored on an NTFS formatted drive, each ACL determines which users (or groups of users) can read or edit the file. When a new file is created it normally inherits ACL's from the folder where it was created.

      SUBINACL [/noverbose] /object_type object_name [/action=parameter] [/help]

   object_type:  service        e.g.  /service Messenger \\ServerName\Messenger
                 keyreg         e.g.  /keyreg HKEY_CURRENT_USER\Software
                                      /keyreg \\Srv\HKEY_LOCAL_MACHINE\KeyPath
                 file           e.g.  /file *.obj  /file c:\test.txt
                                      /file \\ServerName\Share\Path
                 subdirectories manipulate files in specified directory and all subdirectories

   object_name : This will vary according to the object_type - see the examples above

   action      : setowner=owner
                 will change the owner of the object e.g. /setowner=MyDomain\Administrators

                 will replace all ACE (Audit and Permissions) in the object
                 e.g. /replace=MyOldDomain\Finance=NEWDOM\Finance

                 will replace all ACEs with a Sid from OldDomainName
                 with the equivalent Sid found in NewSamServer 
                 e.g. /changedomain=MyOldDomain=NEWDOMAIN
                 This option requires a trust relationship with the server containing the object.

  Help           Run SUBINACL /Help (or SUBINACL /Help /action) for more
                 detail on the many other options.

SUBINACL is a powerful command that can do everything cacls and xcacls can do and more besides.

When running subinacl against a subfolder, its important to include the trailing backslash, (or \*.*) if this is missed out subinacl will interpret the path as a filename and search the entire drive for it, this can be very slow!


Save permissions to a log file:
subinacl /noverbose /nostatistic /outputlog=SS64.log /subdirectories "C:\Program Files\My Folder\*.*" /display

Restore Permissions from a log file:
subinacl /nostatistic /playfile SS64.log

Change owner :
subinacl /file C:\demofile.doc /setowner=SS64Dom\AliceT

“It's easier to ask forgiveness than it is to get permission” ~ Rear Admiral Grace Hopper


TAKEOWN - Take ownership of a file
ATTRIB - Display or change file attributes
CACLS - Change file permissions
XCACLS - Display or modify Access Control Lists (ACLs) for files and folders
PERMS - Show permissions for a user
FIXACLS - Restore default privs (Resource Kit supplement 2)
SHOWACL - Show file Access Control Lists (Windows 2000)
XCACLS - Display or modify Access Control Lists (ACLs) for files and folders
Q288129 - Grant users the right to manage services
Powershell: Set-Acl - Set permissions
Equivalent bash command (Linux): chmod - Change access permissions

Copyright © 1999-2017
Some rights reserved