JSI Tip 8741. How can I remove invalid domain SIDs from the my file system permissions?

Using the corrected version of SubInAcl, you can remove invalid domain SIDs from your file system permissions.

The syntax is:

subinacl /subdirectories <FileSystemObject> /cleandeletedsidsfrom=<NetBIOS_Domain_Name>

Example:

subinacl /subdirectories C:\*.* /cleandeletedsidsfrom=JSIINC

The default is to scan the entire security descriptor, but you can specify \[=dacl|sacl|owner|primarygroup|all\] after the domain name.

NOTE: If the owner SID is removed, it is replaced with the Administrators group. If the Primary Group is removed, it is replaced with the Users group.



Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish