The World of Computing and Solutions

What can you do to ensure that your hard drive you want to copy keeps the security permissions?

The follow article contains a few tools that can help save a Windows Operating System Administrator time of a very large scale permission security dilema.

Lets use an exampe for the Extended Change Access Control List (XCACLS) tool so we can provide a visual picture to get a better understanding. You’re in a position now where you need to copy your hard drive data over to another that has around 100GB of data on it, which holds thousands of files and folders. These type of operating systems happen to be a part of a Microsoft Windows 2000 OS domain System, and the permissions are quite rough in definition. To start this process we first need to make a duplicate copy of this data we are having security problems with and then start using a synchronization to some other sort of duplication tool and leave it be for the day. As you return the next day everything seems to be copied and looks ok. When you try to access the data, there’s a problem.

Now the information has been replicated on to the new hard drive we can’t acess it any more: permissions security problem.

What you probably didn’t get straight away until now is the information you just copied is the data from the root directory of the hard drive and it had the incorrect permissions declared for it. To add, the allocation of the permissons were configured in such a way that any information that is added to the hard drive is over written with the same security permissions of the root directory. It was an old profile that didn’t exist any more. You may believe this or not, this can happen. Windows Administrators might know what I’m referring to. After all of this fiddling around we’re now left to figure out what we need to do. Do I need to make the necessary changes to the root hard drive so that this time they’ll contain the precise permissons we need to use to access the data and wait hours and hours for the settings to proganate. Or shall I go ahead and re format the newer hard drive then change the inheritance permissions on the root directory and try this again?
Why even bother when there’s a much simplier way. We can get around this by using the SUBINCAL too that helps display or modify Access Control Entries (ACEs) for file and folder Permissions, Ownership and Domain. Or we can use the previously mentioned tool XCACLS, the choice is yours.

To take the time comuming process away to reset file and directory permissions, XCALCS allows you to do this effectively and very fast.

Please note that because time is a limited for me right now I can’t go into great details about how to use the other tool SUBINCAL which you will need to use for complex permission structures.

You will find that the XCALCS tool is a very fast in which it will allow you to remove, change, add and set the security permission settings on directories and files. For instance it allows the replacement of all of the old permissions within the profile account with that of “computingsolutions.txt” on the file “file.txt” with read-only access: “xcalcs file.txt /Y /T /G domaincomputingsolutions:r”.
Although that is easy and very helpful to us, how about changing all of the files and directories that a lot of PC users have thousands of to allow the domaincomputingsolutions profile have complete and full access?
To do this very quickly one could enter the following from the root directory of the hard drive: “for /d %g IN (*.*) DO xcalcs “%g” /Y /T /G domaincomputingsolutions:f”
Then it will then proceed to go through every one of your directories, including sub directories and then file and replace the current permissions with computingsolutions giving it to the full access we wanted to let it have to the object.
Please also take note that I also added double quotes to the start and end of the %g command. Really you don’t need to have this there, however should you have a lot of files that have spaces between each word as your directory name in them you’ll need to have the double quotes. I think it’s best to leave it with the double quotes any way just to make sure that we do not miss those folders that have spaces in between the words.

Are there any other ways we can use XCALCS to help us modify the Security Permissions?

Here’s a few handy tips that you can use when using the Extended Change Access Control List (XCACLS) tool. Take note of the command prompt that allows the means for changing, updating and getting rid of profile accounts and its permissions from a huge number of files and directories.

The following instruction set will replace the existing permission access rights to a profile that contains the permissions with read only access.

for /d %g IN (*.*) DO xcacls “%g” /Y /T /G domaincomputersolutions:r

You can use this example that will not change existing profile permissions, however it does add account, for example in hte local admin account wtih read only permissions.

for /d %g IN (*.*) DO xcacls “%g” /Y /E /T /G administrator:r

You can also try using this which will remove the account “administrator” permissions from all directories, sub directories and files:

for /d %g IN (*.*) DO xcacls “%g” /Y /E /T /R administrator

And the following command will update every one of the directories and their contents you have to allow Domain Admins full access:

for /d %g IN (*.*) DO xcacls “%g” /Y /T /G “Domain Admins:f”

I tried this test on my Windows Operating system, it allowed me to change the profile account permissions on about 20000 directories and files in less 50 seconds. On one of my web servers I was able to get around a 300% increase in speed. Now it’s really fast.