icacls or subinacl
Todd Hudson
Windows 2003 server. I tried looking at the syntax for subinacl and icacls,
but either I could not figure it out or it just did not work.
Can anyone help?
Thanks
Al Dunbar
"Todd Hudson" <tatu...@hotmail.com> wrote in message
news:69D2720B-577D-447A...@microsoft.com...
I assume you are thinking of using subinacl and icacls to extract
ownership/ntfs permission information in order to store it with the data so
that your restore script, program, or whatever, can re-apply the original
permissions that restored files previously had. That's fine, but I do no
think either utility will actually create a copy of the files themselves.
I'm not sure what to suggest here, as I do not know if you are doing a tape
backup, an image copy to a removable drive, or across the LAN to a storage
device.
/Al
Todd Hudson
can then restore if needed.
"Al Dunbar" <Alan...@hotmail.com.nospaam> wrote in message
news:O0HaXpOp...@TK2MSFTNGP06.phx.gbl...
Al Dunbar
*content* of the files in question, but only in restoring the *permissions*
of those files to a previous state. This seems a bit nonsensical, as if
users can change permissions, they are likely to delete, rename, or move
files too.
It would be somewhat tricky to restore permissions to such a set of files,
given that some of them might no longer exist. Even assuming this were not
the case, your script would need to:
- collect a listing of the current permission settings (easily done with
cacls.exe)
- parse through the listing to determine what permissions to apply to the
files.
I rather suspect that you want to backup the content, folder hierarchy, and
permissions of a set of files. If that is so, neither cacls nor subinacl
will do, at least they will not do *all* of the work.
Your options include acquiring a software product designed to perform data
backups or using ntbackup.exe. In either case, there is a relationship
between the available products and the media on which they can do their
backups. Another option would be to write a script to create a copy of the
data on another, perhaps removable, storage volume. This could be done using
xcopy, robocopy, xxcopy, or a variety of others. With robocopy, and assuming
the backup volume was formatted with NTFS, there would be no need to use
cacls to save a listing of the permissions, as the permissions could simply
be copied from the source to the backup media.
If the backup mechanism were incapable of including the permissions, then
you could use cacls to save this, and then write a script to parse that and
re-apply the permissions to any files you need to restore.
So I'll ask again: do you want your backup system to backup file data as
well as the permissions? and where and in what format do you intend to store
the backups (tape, disk, .zip file, other)?
/Al
"Todd Hudson" <tatu...@hotmail.com> wrote in message
news:usb1%23EPpI...@TK2MSFTNGP06.phx.gbl...
Todd Hudson
something and just look at the task. I want to use xcacls, subinacl, icacls,
cacls to collect the permissions of all files and folders of a directory by
pointing it at the drive letter and saying go.
Dont worry about whether something gets deleted, a user can change
permissions, etc. I am wanting to do x.
If you can help with this it woudl be appreciated. All I can see is that all
the above tools only backup permissions of a particular root directory, not
the entire drive.
Thanks
"Al Dunbar" <Alan...@hotmail.com.nospaam> wrote in message
news:e5KL3mZp...@TK2MSFTNGP03.phx.gbl...
Al Dunbar
So, you want to use xcacls, subinacl, icacls, cacls (or presumably other
similar tools) to "collect" the permissions. Later you say you want to use
these to "backup" the permissions. To me, the term "backup" implies that the
information is to be used later to "restore" the permissions. But since I
cannot assume the why here...
Referring to a directory in one case and a drive in another casts a certain
amount of vagueness to the specific "what" you are concerned with., but
since I cannot ask "why" to help me understand the "what", I will try to
work with what I know...
None of these utilities appear to me to be designed for "backup" purposes.
Rather they allow the permissions to be displayed in such a way that you can
determine what the permissions are. That said, if you type this:
cacls /?
you will see that cacls has a "/T" switch that allows the processing of
files in subdirectories. Therefore, this command might do the trick:
cacls "X:\target folder" /t >"saved permissions.txt"
the .txt file will contain a listing of all of the ACLs applied to all of
the files and folders within the specified target directory (which could be
the root directory of a drive), assuming the account you use has sufficient
permissions there.
QED: you only want to collect permission information (done), and you want to
do it not for a single folder's immediate contents, but for all of the files
and folders it contains (done).
As far as I can see the case is closed from the point of view of the "what".
If there is actually more that you were looking for, you will either need to
expand on the "what" concept, or explain the overall goal (i.e. the "why").
/Al
"Todd Hudson" <tatu...@hotmail.com> wrote in message
news:%23RuweVg...@TK2MSFTNGP06.phx.gbl...
Todd Hudson
the specified directory permissions and everythgi below there. I want to
back the entire drive's permissions.
If I backup the permissions only to a file, then later I can restore them if
something changes.Again, lets stay focused on what the goal is instead of
trying to troubleshoot what happens if a directory gets deleted, etc.
"Al Dunbar" <Alan...@hotmail.com.nospaam> wrote in message
news:eTH3Fqhp...@TK2MSFTNGP05.phx.gbl...
Al Dunbar
> This issue you provide wont work. The switch you describe will only backup
> the specified directory permissions and everythgi below there. I want to
> back the entire drive's permissions.
This is precisely why I pointed out that you introduced some ambiguity in
your definition of the problem by using the term folder in one place and
drive in another. I am not a mind reader.
Are you saying that you tried my suggestion, and found that this command:
cacls "X:\" /t >"saved permissions.txt"
failed to "backup the entire drive's permissions"? If so, what, precisely,
did it miss? On my system I found that it provides the same information
about the root folder of the drive as I get from right-clicking the drive,
selecting properties, security, advanced. Are you perhaps looking for the
share permissions in the case of a mapped share?
> If I backup the permissions only to a file, then later I can restore them
> if something changes.Again, lets stay focused on what the goal is instead
> of trying to troubleshoot what happens if a directory gets deleted, etc.
It is hard to stay focussed on exactly what you are looking for when, as I
have tried to point out, that is not as clear to me as it is to you. If you
re-read this sentence in your original post: "I am trying to figure out a
way to backup the entire drive (D, E, etc) of a Windows 2003 server", you
might realize why it was not clear at first that it is only permissions that
you want to backup, as you made no mention of that term, and I think most
people are referring to files when they use the term "backup".
I am also a little confused at your "troubleshooting" reference, as I have
made no further mention of such aspects of your situation since you first
advised me that it was of no consequence to you.
I am not complaining, just trying to demonstrate that your explanation of
your goal is not as clear in my mind as it is in yours.
/Al