SubInAcl Topics | Next

SubInAcl Syntax

The syntax of SubInAcl is analogous to that of the UNIX tool find. For each object, SubInAcl:

1. Retrieves the security descriptor of the object_name object. For more information, see SIDs in SubInAcl.
2. Applies the action(s), which are executed in the order in which they appear on the command line.

If:

• The security descriptor has been modified

and

• The /testmode switch has not been specified

the changes are applied to the object.

You can specify as many actions as you wish. You must specify at least three characters for each action. The syntax is not case-sensitive.

Example:
subinacl /file c:\temp\*.txt /replace=Jim=Kim/display

For each .txt file, this command line:

• Replaces Jim with Kim.
• Displays the whole security descriptor.
• Applies the changes, if any.

Syntax Listing

subinacl [view_mode] [/test_mode] object_type object_name [action[=parameter]] [action[=parameter]] ... [/playfile file_name] [/help [/full] [keyword]]

view_mode

Values:

/noverbose
/verbose (same as /verbose=2)
/verbose=1
/verbose=2

/test_mode

When this mode is specified, the changes are not actually made to the object security descriptor. This option can be useful for testing the validity of a command.
Example:
subinacl /subdirec \\server\share\*.* /changedomain=DOMA=DOMB /ifchangecontinue /noverbose /display /testmode
For each file specified, this command displays what the modified security descriptor would be. But the changes are not actually applied to the files.

object_type

Values:

/file
/subdirectories
/onlyfile
/share
/clustershare
/keyreg
/subkeyreg
/service
/printer
/kernelobject

object_name

is any valid name of an object of type object_type.

action[=parameter]

/display (default)
/setowner=owner
/replace=[DomainName\]OldAccount=[DomainName\]NewAccount
/changedomain=OldDomainName=NewDomainName
/migratetodomain=SourceDomain=DestDomain
/findsid=[DomainName\]Account[=stop]
/suppresssid=[DomainName\]Account
/confirm
/perm
/audit
/ifchangecontinue
/cleandeletedsidsfrom=DomainName
/accesscheck=[DomainName\]UserName
/setprimarygroup=[DomainName\]Group
/grant=[DomainName\]UserName[=Access]
/deny=[DomainName\]UserName[=Access]
/revoke=[DomainName\]UserName

/playfile file_name

/help [/full] [keyword]

/full
displays a full syntax listing.
For a brief syntax listing, run subinacl without any arguments.

keyword
displays help on a particular area of SubInAcl. Values can be:
features
usage
syntax
sids
view_mode
test_mode
object_type
domain_migration
substitution_features
editing_features
-Or-
any action or /object_type.