Main Menu
Articles Home
Most Popular Articles
Top Authors
Submit Articles
Submission Guidelines
Link to Us
Bookmark
Contact Us

Articles Categories
  ·  Computer Certification
  ·  Data Recovery
  ·  Databases
  ·  E-Learning
  ·  Hardware
  ·  Information Technology
  ·  Intra-net
  ·  Networks
  ·  Operating Systems
  ·  Programming
  ·  Security
  ·  Software
 


Partners
 
Home / Computers / Data Recovery

XCACLS, SUNINACL, And Other Permissions Security Recovery Tools

By:Darren Miller


You Have 50GB Of Data To Move Along With Permissions Security

----------------------------

This article is about several tools that can save a Windows administrators you know what in the event of a large scale permissions security problem.



Here is a fictional scenario we can use to illustrate the use of the XCACLS tool. We need to move or copy 50GB worth of data that is comprised of several thousand directories containing hundreds of thousands of small files from one storage system to another. These systems happen to part of a Windows 2000 Domain and permissions are quite granular in definition. We start the replication of that data using a favorite replication or synchronization tool and walk away for the evening. When we return the next day, everything has copied and all looks well. That is until you try to access the data.



The Data Is Copied, But I Cannot Access It: Permissions Security Problem

--------------------------------------------------

What you did not know, until just now, is that the root directory of the drive that you copied the data to had the wrong permissions assigned to it. In addition, inheritance was configured such that any data that is placed on the drive is over written with the permissions of the root directory. In this case, it was an old account that no longer existed. Believe it or not, that can happen, and system administrators will know what I am talking about. Now you are left with trying to figure out what to do. Do I format the new drive, change the permissions and inheritance on the root directory so they are correct and start all over again? Do I make the changes on the root drive so they have the correct permissions and wait hours upon hours for the permissions to propagate? No, there is another, very fast way of resolving this issue with XCACLS or another tool called SUBINACL.



XCALCS Quickly Resets Permissions On Directories And Files

----------------------------

Becasue I have limited space in this article, I am going to use XCACLS as the tool to correct this problem. However, in complex permissions structures, you will most likely want to use SUBINACL to fix the issue. I will talk about SUBINACL briefly at the end of the article.



XCACLS as a very fast tool that can set, remove, add, and change permissions on files and directories. For intance, the following command replaces all existing access rights and accounts with that of "dmiller" on the file "file.txt" with read-only access: "xcalcs file.txt /Y /T /G domaindmiller:r". Although that is pretty easy and helpful, what about changing all my directories and files, which I have thousands of, to allow the domaindmiller account to have full access? To do this in a very fast fashion you could execute the following from the root directory of the drive: "for /d %g IN (*.*) DO xcacls "%g" /Y /T /G domaindmiller:f". This will go through every directory, subdirectory, and file and replace the current permissions with dmiller having full access to the object. You'll notice I put "" around the %g in the example. This is not required, but if you have directories that have names with spaces in them you will need to have the "".



What Other Ways Can I Use XCACLS To Change Security Permissions

----------------------------------------------------------

To give you a few additional handy examples of how you can use this tool take a look at the follow command prompt methods for replacing, updating and removing accounts and permissions from large numbers of directories and files.



The following command replaces all existing access rights an accounts with that of dmiller with read only access rights:

for /d %g IN (*.*) DO xcacls "%g" /Y /T /G domaindmiller:r



The following command does not replace existing account permissions, instead, it adds the account, in the example the local admin account, with read only permissions:

for /d %g IN (*.*) DO xcacls "%g" /Y /E /T /G administrator:r



The following command removes the account "administrator" permissions from all directories, files, and subdirectories: for /d %g IN (*.*) DO xcacls "%g" /Y /E /T /R administrator



This command should update all the directories and their contents to allow Domain Admins full access:

for /d %g IN (*.*) DO xcacls "%g" /Y /T /G "Domain Admins:f"



I did a test on my XP Pro workstation and was able to change the permissions on approximately 10000 directories and files in less 1 minute. On one of my servers I was able to achieve a 500% increase in speed. It is blazingly fast.



SUBINACL Is More Complex But Man Can It Really Save The Day

-----------------------------------------------

I cannot go into specifics about this tool in this article but I will tell you what it can do. And again, it does it very very fast. Using the same scenario as above, let's say that you had to fix the permissions on thousands of home directories. With SUBINACL, you can actually go to the original directories and files, use the tool to create what is called a "play file", a text file that contains the right account and permissions from the source files, then use that same file to tell SUBINACL to fix the permissions on the target storage system, the one with the screwed up permissions. It's quite the life saver if you ever find yourself in the type of predicament.



Also check out "CACLS". This command is inherent to Windows XP Professional.



Conclusion

----------

These tools are contained in the Windows 2000 and 2003 server resource tool kit, however several of them also exist native to the Windows XP environment. Check them out if you don't already know about them. Even if you have no use for them right now it may save you hours of hard work and stress in the event of a future permissions problem.



You may reprint or publish this article free of charge as long as the bylines are included.



Original URL (The Web version of the article)

------------

http://www.defendingthenet.com/NewsLetters/XCACLS-SUBINACL-AndOtherPermissionSecurityRecoveryTools.htm



Digg del.icio.us Blink Stumble Spurl Reddit Netscape Furl

Article keywords: XCACLS, SUNINACL, CACLS, permissions security, perms, chmod, Domain Permissions, attrib, fast permissions recovery, lost file permissions

Article Source: http://www.articles2k.com

About The Author
----------------
Darren Miller is an Information Security Consultant with over seventeen years experience. He has written many technology & security articles, some of which have been published in nationally circulated magazines & periodicals. If you would like to contact Darren you can e-mail him at Darren.Miller@defendingthenet.com. If you would like to know more about computer security please visit us at www.defendingthenet.com.
Top Data Recovery Articles
  • 2). XCACLS, SUNINACL, And Other Permissions Security Recovery Tools  By : Darren Miller
    You Have 50GB Of Data To Move Along With Permissions Security ---------------------------- This article is about several tools that can save a Windows administrators you know what in the event of a large scale permissions security problem. Here is a fictional scenario we can use to illustrate the use of the XCACLS tool. We need to move or copy 50GB worth of data that is comprised of several thousand directories containing hundreds of thousands of small files from one storage system to another.
  • 4). Hard Disk Failure and Data Recovery  By : Bharat Bista
    Hard Disk: An Introduction Hard disk is a non-volatile data storage device that stores electronic data on a magnetic surface layered onto hard disk platters. Word Hard is use to differentiate it from a soft, or floppy disk. Hard disks hold more data and can store from 10 to more than 100 gigabytes, whereas most floppies have a maximum storage capacity of 1.
  • 5). How To Recover Data Or Survive A Hard Disk Disaster  By : frank vanderlugt
    Disk failure occurs when a hard disk drive no longer operates and the information on it can no longer be accessed by the computer. This can happen for no reason at all or due to an external factor such as exposure to fire or water or High Magneticwaves or suffering a sharp impact How seriously the disk failure is varies.
  • 6). Data Recovery - It May Not be to Late After All  By : Tyson J Stevenson
    The salvaging of lost data or making available the previously damaged data stored on various damaged media such as hard disk drives, magnetic tapes, magnetic disks, zip disks, CD-Rom, flash cards and other storage media is known as Data recovery.
  • 7). Data Recovery - What To Do When Your Hard Drive Fails  By : Jim Grayson
    How many times have you experienced that sickening feeling when your hard drive suddenly fails? How many times have you experienced that your hard disk just does not boot and all the data may be gone forever? A hard drive failure is one of the most common problems and worst nightmares faced by computer operators all over the world. Precious data is lost either at home or in big corporate environments.
  • 8). Can USB Data Recovery Be Recovered?  By : Chelsea Aubin
    When you store important information on a USB device, you take the chance of losing that information. Losing data on a USB can be kind of a mystery, but there are companies out there that can help you get that data back. These companies use engineering that can recover your lost data over ninety six percent of the time. These companies can even recover data that has been stored on a damaged USB device.
  • 10). Compact Flash Memory and Data Recovery  By : Bharat Bista
    Flash memory gets its name due to its microchip arrangement in such a way, that its section of memory cells gets erased in a single action or "Flash". Both NOR and NAND Flash memory were invented by Dr. Fujio Masuoka from Toshiba in 1984.The name 'Flash' was suggested because the erasure process of the memory contents reminds a flash of a camera, and it's name was coined to express how much faster it could be erased "in a flash".


New Data Recovery Articles
  • 1). PC Crash! How To Find The Best Data Recovery Consultant  By : Stu Pearson
    Everyone’s PC crashes now and again. So what can you do after that dreaded crash? Hire a Data Recovery Consultant. You wouldn’t let somebody throw away important documents or files of yours, would you? Well, don’t let your computer get away with that either. Even if your business has backup files, your data is still at risk of deletion. That is why it’s nice to have a Data Recovery Consultant on your side.
  • 2). Data Recovery Procedures For Hard Drives  By : Stu Pearson
    Your computer’s data is at risk. Whether you use a Mac or a PC, viruses, power surges, hackers, human error, natural disasters, hardware failures, and more are real everyday threats. To keep your data safe and sound, you will first need to back up your files on a regular basis. Secondly, when hard drive failure does occur, data recovery is the only solution.
  • 3). Data Recovery Services: What To Do When Your Hard Drive Fails  By : Stu Pearson
    According to most people, there are two types of hard drives: those that have failed and those that will fail. But for folks who use Data Recovery Services, there is a third type of hard drive: one that does not fail. A hard drive is the most vulnerable part of a computer; it has moving gears and is hence prone to wear and tear. So when you need hard disk data recovery, you must deeply consider the service and practice of the various repair companies in your area.
  • 4). Data Recovery and Your Computer  By : Kathy Crawford
    Have you ever wondered if what you know about data recovery is accurate? Consider the following paragraphs and compare what you know to the latest info on data recovery. Sooner or later your company could become the victim of a natural disaster, or something much more common like a lightning storm or downed power lines. Just because your company may be a small business doesn't mean it's immune to data disasters.
  • 5). Consequences of data loss and Why should Offsite Backup be used  By : Mozza
    There is a calculated trend in all business corporations and firms: when the enterprise is getting bigger, its support of data increases its complexity, volume and value. The larger your enterprise is, the more significant your data files become. The traditional tape backup can no longer produce in-depth data information about all the important features of your business.
  • 6). The Drama of Data Recovery  By : Khieng Chho
    Data loss is often a tragic and traumatic experience for most computer users. It is often due to hard drive failure, accidental formatting, electronic malfunctioning or a product of "natural calamities". This seems to be not much of a problem when there are viable data back-ups that the user creates. However, the problem comes when we tarry on making our back-up files, which is not a rare practice by the way.
  • 7). Data Recovery - What To Do When Your Hard Drive Fails  By : Jim Grayson
    How many times have you experienced that sickening feeling when your hard drive suddenly fails? How many times have you experienced that your hard disk just does not boot and all the data may be gone forever? A hard drive failure is one of the most common problems and worst nightmares faced by computer operators all over the world. Precious data is lost either at home or in big corporate environments.
  • 8). Can USB Data Recovery Be Recovered?  By : Chelsea Aubin
    When you store important information on a USB device, you take the chance of losing that information. Losing data on a USB can be kind of a mystery, but there are companies out there that can help you get that data back. These companies use engineering that can recover your lost data over ninety six percent of the time. These companies can even recover data that has been stored on a damaged USB device.
  • 9). Secrets of Microsoft new file system revealed by Data Recovery Engineer  By : Hugo Galilea
    Hi friends, let’s talk this time about the new concept in file manager that will be introduced by Microsoft in its new Operating system Windows Vista. The name of this new file administration is “WinFS”. WinFS is a new file system that it’s being developed by Microsoft to be used in its new operating system Windows Vista. At the begining this name means Windows Future Storage, but now is only Windows File System.
  • 10). Compact Flash Memory and Data Recovery  By : Bharat Bista
    Flash memory gets its name due to its microchip arrangement in such a way, that its section of memory cells gets erased in a single action or "Flash". Both NOR and NAND Flash memory were invented by Dr. Fujio Masuoka from Toshiba in 1984.The name 'Flash' was suggested because the erasure process of the memory contents reminds a flash of a camera, and it's name was coined to express how much faster it could be erased "in a flash".


 

© 2006 articles2k.com - Privacy Policy