Good morning everyone: Here's the scenario. I have a server originally setup as a member server (Win 2003 Ent R2). This server acts as a file server that houses all of the students' home directories. I setup a local group on this server giving read/write permissions to all teachers so they can monitor the students' home directories as needed.
Over the Christmas break, I get the bright idea to DCPROMO the server to a domain controller. The DCPROMO is successful, BUT, stupid me forgot about the local group "FAC-STAFF" that has read/write permissions on every folder and file in the student share. I know I can use xcacls to give a new domain group read/write permissions to the files and folders, but now I need a command line util to get rid of the invalid ACL entry (the dreaded SID entry) on every file/folder. When I run an xcacls.vbs on an existing file with invalid entries, I get this: Allowed BUILTIN\Administrators Full Control This Folder, Subfolde Allowed \ Modify This Folder, Subfolde I tried to do an xcacls.vbs /r on the "\" account, but it did not work. Any ideas? Thanks in advance for all of the help and funny comments that will ensue. Clay ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
