wntOwnerSet Error 547
Question:
We have a directory that is an auto-created profile directory for a user. When AD/NT creates this directory it only gives
the current user full access to that directory and denies everyone else any rights. So in explorer when you try to look at
the security tab, the only thing it tells you is that you don't have rights to modify anything but you can take ownership.
When I try to run the following command, I get an error 547 ("Error accessing file/directory information"). Is it possible
for me to take ownership using this type of command, I tried to do wntaccessadd but could not come up with the right flags.
wntOwnerSet(ServerName, 0, "\\server\profiles\dswitter", 300, "Administrators")
Answer:
Are you logged on as "Administrator" at the time that you try to access this profile directory?
What are the current ownership & permissions on the profile directory before you try to take ownership of it?
If you already have the WRITE_DAC permission or are an administrator equivalent then you can take ownership. However,
if there is a highly restrictive DACL [a.k.a. permissions] set on the directory then it might be necessary to use the
"ZAP Permissions" flag bit on wntOwnerSet() in order to destroy the restrictive permissions as you take ownership of
the directory.
User Reply:
The ZAP worked. I must have overlooked that flag. Thanks a bunch!!
Answer:
You're welcome. That "ZAP" flag is there to allow for an administrator equivalent to forcibly take back ownership and reset the
DACL on a folder or file that is otherwise "orphaned" due to the original owner or the accounts identified in the DACL having
all been deleted such that no valid user/group remains that has admin permissions to the folder or file.
Article ID: W16530
File Created: 2005:02:18:12:21:16
Last Updated: 2005:02:18:12:21:16