This tool can be found on the microsoft website and is a powerful tool.
After installing the tool complete HTML documentation with useful examples.
You must run this command with administrator privileges.
Also, they tell us about this tool:
SubInACL is a command-line tool that enables administrators to obtain security information about files, registry keys, and services and transfer this information from user to user, from local or global group to group, and from domain to domain.
For example, if a user has moved from one domain (DomainA) to another (DomainB), the administrator can replace DomainA\User with DomainB\User in the security information for the user’s files. This gives the user access to the same files from the new domain.
SubInACL enables administrators to do the following:
Display security information associated with files, registry keys, or services. This information includes owner, group, permission access control list (ACL), discretionary ACL (DACL), and system ACL (SACL).
Change the owner of an object.
Replace the security information for one identifier (account, group, well-known security identifier (SID)) with that of another identifier.
Migrate security information about objects. This is useful if you have reorganized a network’s domains and need to migrate the security information for files from one domain to another.
For example:
1 | subinacl /file C:\TMP\*.* /display |
come with info like :
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 | +File C:\TMP\Image00.png =========================== /control=0x400 SE_DACL_AUTO_INHERITED-0x0400 /owner =desktop-00\catafest /primary group =desktop-00\none /audit ace count =0 /perm. ace count =4 /pace =builtin\administrators ACCESS_ALLOWED_ACE_TYPE-0x0 INHERITED_ACE-0x10 Type of access: Full Control Detailed Access Flags : FILE_READ_DATA-0x1 FILE_WRITE_DATA-0x2 FILE_APPEND_DATA-0x4 FILE_READ_EA-0x8 FILE_WRITE_EA-0x10 FILE_EXECUTE-0x20 FILE_DELETE_CHILD-0x40 FILE_READ_ATTRIBUTES-0x80 FILE_WRITE_ATTRIBUTES-0x100 DELETE-0x10000 READ_CONTROL-0x20000 WRITE_DAC-0x40000 WRITE_OWNER-0x80000 SYNCHRONIZE-0x100000 /pace =system ACCESS_ALLOWED_ACE_TYPE-0x0 INHERITED_ACE-0x10 Type of access: Full Control Detailed Access Flags : FILE_READ_DATA-0x1 FILE_WRITE_DATA-0x2 FILE_APPEND_DATA-0x4 FILE_READ_EA-0x8 FILE_WRITE_EA-0x10 FILE_EXECUTE-0x20 FILE_DELETE_CHILD-0x40 FILE_READ_ATTRIBUTES-0x80 FILE_WRITE_ATTRIBUTES-0x100 DELETE-0x10000 READ_CONTROL-0x20000 WRITE_DAC-0x40000 WRITE_OWNER-0x80000 SYNCHRONIZE-0x100000 /pace =builtin\users ACCESS_ALLOWED_ACE_TYPE-0x0 INHERITED_ACE-0x10 Type of access: Read Detailed Access Flags : FILE_READ_DATA-0x1 FILE_READ_EA-0x8 FILE_EXECUTE-0x20 FILE_READ_ATTRIBUTES-0x80 READ_CONTROL-0x20000 SYNCHRONIZE-0x100000 /pace =authenticated users ACCESS_ALLOWED_ACE_TYPE-0x0 INHERITED_ACE-0x10 Type of access: Change Detailed Access Flags : FILE_READ_DATA-0x1 FILE_WRITE_DATA-0x2 FILE_APPEND_DATA-0x4 FILE_READ_EA-0x8 FILE_WRITE_EA-0x10 FILE_EXECUTE-0x20 FILE_READ_ATTRIBUTES-0x80 FILE_WRITE_ATTRIBUTES-0x100 DELETE-0x10000 READ_CONTROL-0x20000 SYNCHRONIZE-0x100000 Elapsed Time: 00 00:00:02 Done: 1, Modified 0, Failed 0, Syntax errors 0 Last Done : C:\TMP\Image00.png |