Some Issues With Security Permissions

-

hi all

i asked question in general forum , guys said me ask in here in order better help

http://social.technet.microsoft.com/forums/en-us/winservergen/thread/f8e12b8c-2cce-4fa8-bd6b-bf5f63d6d63a

i did admt previous domain new 1 , after had problems. thankful help.

my domain 2008 r2 1 way.

the problem security ntfs permission on file server hosts more 2 million files (about 2 tb of data)

we have 500 users different permissions on different files.

what gonna these :

1- many of permissions duplicated. example see john@olddomain.com twice in ace. remove them

2- permissions of previous domain there. except permission john@newdomain.com both seen in ace (john@newdomain.com , john@olddomain.com)

3- remove permissions assigned users disabled. (those wont return company related ace not needed).

4- there many ace entries users have been deleted ace looks s1-2324-***

i delete entry users deleted ad.

do need script these done or can them via windows server self.

by way ! have 2 file servers. 1 w2k3 sp2 , 1 win2k8r2 (and domain 2008 r2 told you)

thanks in advance

i found answer 4. seems subinacl can , utility named removeunknown not find

but other questions still without answer me

hello,

you can use setacl tool (also free tool). setacl created helge klein (mvp).

download link:

setacl: windows acl management

examples:

managing file system permissions setacl.exe

now problem, use command (example share folder):

setacl.exe -on "c:\share" -ot file -dom "n1:old-domain;da:remdom;w:sacl,dacl" -actn domain –rec cont_obj

quick description:

-on name of object

-ot data type (here: files , folders; setacl can registry, printers, etc.)

-dom refers activities domain related permissions

da:remdom removed permissions specified domain n1

-actn performs specified action

-recursion rec indicates child objects edited

for clear sidhistories, microsoft has vbscript, kb295758.

how use visual basic script clear sidhistory

you can use powershell , remove sidhistories.

how remove sid history powershell - ashley mcglone (msft)

as additional info, can use adfind with admod tool , clear sidhistories in domain. adfind & admod created joe richards (mvp).

clearing sidhistories in domain

regards




Windows Server  >  Directory Services



Comments

Post a Comment

Popular posts from this blog

Azure MFA with Azure AD and RDS

-
i have setup following lab in azure , need help. a server (domain controller) , remote desktop services. and server multi factor authentication server. i have setup following one http://www.rdsgurus.com/uncategorized/step-by-step-using-windows-server-2012-r2-rd-gateway-with-azure-multifactor-authentication/ and when im connecting got following error. the user "domain\username", on client computer "xxx.xxx.xxx.xxx", did not meet connection authorization policy requirements , therefore not authorized access rd gateway server. authentication method used was: "ntlm" , connection protocol used: "rpc-http". following error occurred: "23003". also on security log i've got following authentication details: connection request policy name: ts gateway authorization policy network policy name: - authentication provider: radius proxy authentication server: test.test.local authenticati...
Read more

Failed to setup initiator portal. Error status is given in the dump data.

-
hi team, server configured boot san  after booting  facing issue windows server 2008 r2 system logs continuously generating iscsi port error event id 5 failed setup initiator portal. error status given in dump data. eventdata \device\raidport1 000004000100000000000000050000c0000000000000000000000000000000000000000000000000070200c0 binary data: in words 0000: 00040000 00000001 00000000 c0000005 0008: 00000000 00000000 00000000 00000000 0010: 00000000 00000000 c0000207 in bytes 0000: 00 00 04 00 01 00 00 00 ........ 0008: 00 00 00 00 05 00 00 c0 .......À 0010: 00 00 00 00 00 00 00 00 ........ 0018: 00 00 00 00 00 00 00 00 ........ 0020: 00 00 00 00 00 00 00 00 ........ 0028: 07 02 00 c0 ...À hi, please read through article below troubleshoot issue: error event id 5 logged in system log on computer uses iscsi software initiator connect iscsi target device http://suppo...
Read more

Invalid pointer on gpresult /h gpreport.html

-
hello guys i getting following error when trying generate gpresult /h  xxx.html invalid pointer this happening on windows 7 pc using test group policy. tried pc same thing when same gpo applied . hi, try apply some other gpo clients, html report generated succefully? if no, may caused unregistered .dll files, try register .dll files previous thread suggested: http://social.technet.microsoft.com/forums/en-us/winservergp/thread/0ea20c5d-c0ae-457d-89d4-a1686a359e72 if yes, please tell detailed information problematic gpo settings reproduce problem , troubleshooting it. regards, cicely Windows Server  >  Group Policy
Read more