justacruzr2 Posted April 3 Posted April 3 (edited) I found some orphaned SIDs' in my xp pro system and I'd like to get rid of them. Using acceschk if found that some of them are the owners of some files/folders. Is there a way to use SetACL to locate the invalid (orphaned) SID as the "OWNER" and replace it with the Administrator account. I know I can use subinacl to delete all the occurances of the orphaned SID with the cleandeletedsidsfrom= command but this will also remove them from the "OWNER" field as well and will leave the file/folder with no owner. That might cause problems so I would like to avoid that. This is the logic of the command I would like to do: Look at the "OWNER" field in every file/folder If the "OWNER" field contains the orphaned SID Then Replace it with the Administrator account Endif Can this be done with SetACL? If so could you provide the proper syntax for the command? This is the command that Google's AI gave me but it doesn't look right: SetACL -on "D:\Program Files" -ot file -actn setowner -ownr "n:S-1-5-21-299502267-113007714-1177238915-1004;s:y" -rec cont_obj .-on: The object name (your path) .-ot: Object type (file/directory) .-actn setowner: Targets only the owner field .-ownr: The "n:" denotes the new owner (or you can use "n:Administrators") .-rec cont_obj: Recursively applies this to files and subfolders. I don't see where it's replacing the orphaned SID with the Administrator account. It looks more like a global replace of all "OWNERS" with the orphaned SID or the administrator account. That's not what I want since that will also replace "NT AUTHORITY/SYSTEM" on files that are rightfully owned by the system. Edited April 3 by justacruzr2
user57 Posted April 3 Posted April 3 im not a expert with SetACL.exe but that SetACL is something that suppose to be able to change that you might figure out it´s command line and how to use it https://helgeklein.com/setacl/ you might write him a message somehow you certainly can write a programmical solution too https://learn.microsoft.com/en-us/windows/win32/fileio/file-security-and-access-rights
justacruzr2 Posted April 3 Author Posted April 3 Just now, user57 said: im not a expert with SetACL.exe but that SetACL is something that suppose to be able to change that you might figure out it´s command line and how to use it https://helgeklein.com/setacl/ you might write him a message somehow you certainly can write a programmical solution too https://learn.microsoft.com/en-us/windows/win32/fileio/file-security-and-access-rights Thanks. I'll check it out.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now