Merging ACLs

mikedisd2mikedisd2 Member Posts: 1,096 ■■■■■□□□□□
Just wondering if anyone can recommend a tool that can export NTFS ACLs from one folder and apply them to another folder while preserving the ACLs already present there. I have migrated data across domains and exported/imported ACLs using SubinACLs.exe. This works great but overwrites any ACLs present on the target folder.

I need to export ACLs of \\domain1\folder to txtfile, edit text file, replace permissions of domain1\folder\*.* with domain2\folder\*.* and play this file to \\domain2\folder.

Any suggestions for a tool that can do this?

Comments

  • ClaymooreClaymoore Member Posts: 1,637
    My first thought was using powershell with a get-acl and set-acl command. However, I think that will replace the acl on the destination folder instead of merging. Also, I am pretty sure that the dirty work of the set-acl is done using the SDDL entries rather than the easier-to-read domainm\user permission level that we see in Explorer. Editing permissions using SIDs and security descriptor language is never fun.
  • mikedisd2mikedisd2 Member Posts: 1,096 ■■■■■□□□□□
    Claymoore wrote: »
    My first thought was using powershell with a get-acl and set-acl command. However, I think that will replace the acl on the destination folder instead of merging. Also, I am pretty sure that the dirty work of the set-acl is done using the SDDL entries rather than the easier-to-read domainm\user permission level that we see in Explorer. Editing permissions using SIDs and security descriptor language is never fun.

    Definitely not fun. I've had a word with the PM and in lack of an effective tool, we're going to half-arse the new permissions then write over the top of them after the user migrations. Another quality job coming up... icon_rolleyes.gif

    Cheers for the response.
  • phoeneousphoeneous Member Posts: 2,333 ■■■■■■■□□□
    How about xcacls?
  • RomBUSRomBUS Member Posts: 699 ■■■■□□□□□□
    Hmmm...I am tagging this for knowledge. Could come across a helpful tool here
Sign In or Register to comment.