Home NT Commands
NT Syntax

SUBINACL.exe (Resource kit)

Download Latest update (2004)
Display or modify Access Control Entries (ACEs) for file and folder Permissions, Ownership and Domain.

Access Control Lists apply only to files stored on an NTFS formatted drive, each ACL determines which users (or groups of users) can read or edit the file. When a new file is created it normally inherits ACL's from the folder where it was created.

Syntax
      SUBINACL [/noverbose] /object_type object_name [/action=parameter]
	  
Key
    object_type: service        e.g.  /service Messenger \\ServerName\Messenger
                 keyreg         e.g.  /keyreg HKEY_CURRENT_USER\Software
                                      /keyreg \\Srv\HKEY_LOCAL_MACHINE\KeyPath
                 file           e.g.  /file *.obj  /file c:\test.txt
                                      /file \\ServerName\Share\Path
                 subdirectories manipulate files in specified directory and all subdirectories

   object_name : This will vary according to the object_type - see the examples above

   action      : setowner=owner
                 will change the owner of the object e.g. /setowner=MyDomain\Administrators

                 replace=SamName\OldAccount=DomainName\New_Account
                 will replace all ACE (Audit and Permissions) in the object
                 e.g. /replace=MyOldDomain\Finance=NEWDOM\Finance

                 changedomain=OldDomainName=NewDomainName
                 will replace all ACEs with a Sid from OldDomainName
                 with the equivalent Sid found in NewSamServer 
                 e.g. /changedomain=MyOldDomain=NEWDOMAIN
                 This option requires a trust relationship with the server containing the object.

Examples:

See subinacl /help for examples of changing a domain

"Whether a pretty woman grants or withholds her favours, she always likes to be asked for them" - Ovid (Ars Amatoria)

Related Commands:

ATTRIB - Display or change file attributes
PERMS - Show permissions for a user
FIXACLS - Restore default privs (Resource Kit supplement 2)
SHOWACL - Show file Access Control Lists (Windows 2000)
XCACLS - Display or modify Access Control Lists (ACLs) for files and folders

Q245031 - Change Registry Permissions from the command line
Q265360 - Change multiple Subdirectory Permissions
Q288129 - Grant users the right to manage services

Equivalent Linux BASH commands:

chmod - Change access permissions
chown - Change file owner and group


Simon Sheppard
 SS64.com