(转自:NTFS Permission issue with TAKEOWN & ICACLS - SAUGATA 原文日期:2013.11.19)
Most of us using TAKEOWN or ICACLS for taking ownership from command prompt, and both of them are simple to use.
We generally use TAKEOWN or ICACLS with following switches to taking the ownership.
takeown /F “PATH” /R /D Y /A
icacls “PATH” /T /setowner Administrators
But unfortunately, TAKEOWN & ICACLS both might failed on certain scenario, as there are some undocumented limitation. We had incident where we tried to take ownership of a shared location hosted on NetApp Filer. While using TAKEOWN, we are getting following error.
ERROR: The data area passed to a system call is too small.
And, while using ICACLS, we are getting Access Denied error, we are also getting same error while using windows GUI for taking the ownership. We tried almost everything, but still no luck. Additionally if we are using TAKEOWN command to take the ownership of a shared location, all existing permission getting replaced by Administrators group.
Finally we found SubInACL, which is a command-line tool from Microsoft that enables administrators to view / modify security information about files, registry keys, and services. This tool is much more complex and powerful than TAKEOWN & ICACLS. To execute this tool, user must be the member of the Administrators group of that shared location. We tried this tool with following switch to obtain the ownership.
First we took the root folder ownership using following
subinacl /file “PATH” /setowner=Administrators
Later we use following switches to take the ownership on all subfolders & files.
subinacl /subdirectories “PATH*.*” /setowner=Administrators
Once done, you will get following message.
Note: Using this tool unlike TAKEOWN, your existing permission will be intact.
Update: If you want to update permission of any folder, where you are not the owner, you can use this tool to update the permission without taking the ownership of that folder. You just have to be the member of local administrator group of that server or CIFS.