xcacls.vbs nuances

I needed to restore adminsitrator access to some folders where the ACLs had been modified to remove admin access. Using the GUI, this is a three-step dance: (1) take ownership of the files and folders, (2) re-enable inheritance and create appropriate ACEs, and (3) restore ownership.
I was tryuing to accomplish this with the xcacls.vbs script, but having trouble. I finally found out that I have to take ownership AND grant the administrator permission in the same operation. Thusly…
xcacls.vbs H:\home\gcd /G BUILTIN\Administrators:F /S /F /T /O BUILTIN\Administrators
followed by another pass to enable inheritance and restore ownership. Note that the inheritable ACLs need to be correct, so there might be an intervening ACL edit granting additional access.
if necessary: xcacls.vbs H:\home\gcd /E /G CAMPUS\gcd:F
xcacls.vbs H:\home\gcd /I ENABLE /S /F /T /O CAMPUS\gcd
And that accomplishes the same thing. and it’s scriptable. 🙂

Leave a Reply