0

Actually, what I've done is install windows 7 on my old XP machine, and since I went x64 and used to have x32, there was no upgrade path.

I used the User State Migration Tool (USMT) to move a lot of stuff, and for the stuff it moved, it fixed the file/directory ACLs, but not everything. Quite a bit of data was just left sitting on the drive.

All that leftover data has ACLs that were relevant to the XP system. In particular, most files are owned by the primary user account of the old system.

So how can I replace one SID in the ACLs with a new one, remapping all the permissions from the old user to the new user?

davenpcj
  • 611
  • 5
  • 7

1 Answers1

0

I used icacls <path>\* /save aclfile /t to create a backup of all the permissions. Had to run as an administrator, or icacls couldn't read the ACLs to save them.

Originally I wanted to use: icacls /restore aclfile /substitute <oldsid> <newsid>, but it won't work because it can't figure out the username for oldsid.

So I just used a text editor, and brute force replaced all the references to in the aclfile with

Then used iacls <path> /restore aclfile to put the new permissions back.

davenpcj
  • 611
  • 5
  • 7
  • Wow, you did that the hard way. – joeqwerty Sep 17 '11 at 18:54
  • @joeqwerty - would have preferred something more elegant, or for the icacls /substitute to actually work. – davenpcj Oct 02 '11 at 21:37
  • @davenpcj That doesn't work. If you modify the aclfile with a text editor, the restore function can no longer read it. Restore ACLs Once you have saved an ACL using the /save switch you can restore it using the /restore switch. Before you go any further, however, you probably want to read the sidebar with the warning about editing saved ACLs. WARNING: DO NOT EDIT YOUR SAVED ACL If you were to open the file containing your saved ACL in a text editor you would find that it appears to be a Unicode formatted text file. In fact, that is almost exactly what it is. This might lead people to edit it, –  Nov 11 '11 at 18:52