Merging ACLs

Just wondering if anyone can recommend a tool that can export NTFS ACLs from one folder and apply them to another folder while preserving the ACLs already present there. I have migrated data across domains and exported/imported ACLs using SubinACLs.exe. This works great but overwrites any ACLs present on the target folder.

I need to export ACLs of \\domain1\folder to txtfile, edit text file, replace permissions of domain1\folder\*.* with domain2\folder\*.* and play this file to \\domain2\folder.

Any suggestions for a tool that can do this?

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

Claymoore

My first thought was using powershell with a get-acl and set-acl command. However, I think that will replace the acl on the destination folder instead of merging. Also, I am pretty sure that the dirty work of the set-acl is done using the SDDL entries rather than the easier-to-read domainm\user permission level that we see in Explorer. Editing permissions using SIDs and security descriptor language is never fun.

mikedisd2

Claymoore wrote: »

My first thought was using powershell with a get-acl and set-acl command. However, I think that will replace the acl on the destination folder instead of merging. Also, I am pretty sure that the dirty work of the set-acl is done using the SDDL entries rather than the easier-to-read domainm\user permission level that we see in Explorer. Editing permissions using SIDs and security descriptor language is never fun.

Definitely not fun. I've had a word with the PM and in lack of an effective tool, we're going to half-arse the new permissions then write over the top of them after the user migrations. Another quality job coming up...

Cheers for the response.

RomBUS

Hmmm...I am tagging this for knowledge. Could come across a helpful tool here