Re: Problem to update ACL using ADsSecurity from VBScript
From: Roger Abell [MVP] (mvpNoSpam_at_asu.edu)
Date: 08/29/04
- Next message: 强: "how to list modules of a runnint process by wmi?"
- Previous message: Oli Restorick [MVP]: "Re: Active directory"
- In reply to: Kevin Debono: "Problem to update ACL using ADsSecurity from VBScript"
- Next in thread: Kevin Debono: "Re: Problem to update ACL using ADsSecurity from VBScript"
- Reply: Kevin Debono: "Re: Problem to update ACL using ADsSecurity from VBScript"
- Messages sorted by: [ date ] [ thread ]
Date: Sat, 28 Aug 2004 17:34:12 -0700
IMO you are taking the long (and messy) road, plus, as you mentioned
an Explorer step you still are not fully automated.
To do as you are correctly, you need to take note of the preexisting
ownership and permissions and then set them back that way after the
copy over to the other server. Note that taking ownership and settings
permissions for you to copy may need to be done recursively down inside
each home folder. The user, as owner, may have blocked inheritance.
If you try the shortcut way to avoid the recurse, then you will wipe out
permissions differences the user may have placed within.
The quick, easy way to do this is to use NTbackup to grab all the needed
home directories and then restore them with permissions to the new server
specifying to preserve permissions. Using an account with the backup and
the restore user rights will allow a registered backup/restore application
to
be immune from NTFS hinderances.
-- Roger Abell Microsoft MVP (Windows Server System: Security) MCDBA, MCSE W2k3+W2k+Nt4 "Kevin Debono" <KevinDebono@discussions.microsoft.com> wrote in message news:E2D1BAD8-AE26-4985-AD00-807880F29186@microsoft.com... > Hi everybody, > > At the moment I'm working on a VBScript with which I want to copy files > and > folders from one Server to another. While doing this I want also to > transfer > the NTFS permissions. > > The folders that I'm going to copy are user home directories and even if > I'm > an administrator I don't have the rights to access some of the folders. > To > overcome this problem I'm using the CIM_LogicalFile WMI class and its > TakeOwnership method. This works because I use Windows Explorer to verify > that I'm the new onwer of the folder/file. My next step is to add myself > to > the ACL of the file/folder so that I have enough right to perform the copy > operation. To do this I'm using ADsSecurity. I'm creating an ACE object > and > give myself ReadWrite permissions; the problem is that when I update the > ACL > using the SetSecurityDescriptor nothing happens i.e. the new ACE is not > added. > > It seems that the problem is coming from the fact that I don't have Change > permissions (BUT I CAN PERFORM THE SAME OPERATINO FROM WINODWS EXPLORER) > on > the target file/folder because when I executed the script against a file > on > which I have Change permissions the ACL is updated successfully. > > Can anybody out there help? > > Sorry if a bit long. > > Best regards, > > Kevin >
- Next message: 强: "how to list modules of a runnint process by wmi?"
- Previous message: Oli Restorick [MVP]: "Re: Active directory"
- In reply to: Kevin Debono: "Problem to update ACL using ADsSecurity from VBScript"
- Next in thread: Kevin Debono: "Re: Problem to update ACL using ADsSecurity from VBScript"
- Reply: Kevin Debono: "Re: Problem to update ACL using ADsSecurity from VBScript"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
