Fwd: Re: BDC to W2K via XXCOPY [XARC 9176]



[<<]Message[>>]    [<<]Author[>>]        Subject            Thread    

Number   :  9176
Date     :  2004-11-09
Author   :  rotaiv
Subject  :  Fwd: Re: BDC to W2K via XXCOPY
Size(KB) :  2


I thought I'd send a copy of my response to Craig to the list as it has 
more details on SUBINCAL - specifically, that it does not use SID's as I 
may have inferred. In fact, it uses the "human" format of the account name 
which makes it very convenient. See below for more details.

>Date: Tue, 09 Nov 2004 11:41:36 -0500
>To: "craig_dayton" 
>From: rotaiv 
>Subject: Re: BDC to W2K via XXCOPY
>
>In reading your email, I just remembered another advantage of 
>subinacl. Unlike other command line apps, it does not use SID - it uses 
>the actual "human" name for the account (whether it is a local or domain 
>account).
>
>Since you recreated the groups with the same name, you won't have to make 
>any changes at all :) Simply dump the old server's permissions then apply 
>to the new server and you should be all set.
>
>Here is some sample output from the command: subinacl /noverbose /file * 
>/display
>
>=======================
>+File C:\Program Files
>=======================
>/owner =mydomain\rotaiv
>/primary group =mydomain\domain users
>/audit ace count =0
>/perm. ace count =7
>/pace =builtin\administrators Type=0x0 Flags=0x3 AccessMask=0x1f01ff
>/pace =system Type=0x0 Flags=0x3 AccessMask=0x1f01ff
>/pace =mydomain\rotaiv Type=0x0 Flags=0x0 AccessMask=0x1f01ff
>/pace =creator owner Type=0x0 Flags=0xb AccessMask=0x10000000
>/pace =builtin\users Type=0x0 Flags=0x3 AccessMask=0x1200a9
>/pace =builtin\users Type=0x0 Flags=0x2 AccessMask=0x4
>/pace =builtin\users Type=0x0 Flags=0x2 AccessMask=0x2
>
>As you can see, the domain (mydomain) and username (rotaiv) is in plaint 
>text and not the SID. If you wanted to drop access for the domain account 
>"rotaiv" simply pipe this file through "find /v "rotaiv" and everything 
>EXCEPT lines containing rotaiv will be sent to the new file.
>
>If you want to move directories around and/or change directory names, you 
>can do it two ways:
>
>1) Dump old permissions, edit playfile with text editor to match new 
>directory structure then apply.
>2) Recreate new directory structure exactly (using xxcopy), dump/apply 
>permissions then rename/add/delete the new directory structure as desired.
>
>This method is great in another way. Say you use subinacl to dump 
>permissions on the old server; apply permissions to the new server; a 
>user's account (who has specific permissions) is deleted; user account is 
>recreated but now SID is changed so previous permissions no longer valid; 
>just re-apply the saved subinacl playfile and because it uses "username" 
>and not SID, it will fix the permissions :)
>
>As discussed, the backup software won't work because of the SID issue.
>
>It's been a while since I messed with subinacl but if you get stuck, let 
>me know and I'll try to help.
>
>rotaiv



This message if part of XXCOPY's message Archive.
The archive contains all the messages posted at Yahoo!Groups: XXCOPY.