Q: I'm trying to programmatically set cluster file-share permissions on our Windows 2000 Advanced Server cluster. I've tried using the subinacl.exe command- line tool but to no avail because subinacl.exe wants to know the SID for each trustee I want to grant permissions to. Is there another command-line tool I can use to automate the configuration of file-share permissions on a cluster?
A: Yes, you can use cluster.exe to configure your cluster's file-share permissions. To learn more about this command-line tool, see the Microsoft article "How to Create a Server Cluster File Share with Cluster.exe" (http:// support.microsoft.com/?kbid=284838).
A word of caution: Unlike Microsoft Cluster Administrator, which sets the Everyone group's permissions to readonly by default, cluster.exe sets the Everyone group's permissions to full control by default. So, depending on your situation, you might need to change the default permissions. I should also point out that, in addition to SIDs, subinacl.exe supports the standard DomainName\Username syntax that's commonly used to identify a trustee. You might want to take a second look at SubInAcl's usage instructions, which you can obtain by running the command
subinacl /help /full