|
 |  |  |  |  |  |  |
| Welcome to Windows Vista Forums. Our forum is dedicated to helping you find solutions with any problems, errors or issues you are experiencing with Windows Vista. The Vista forum also covers news and updates and has an extensive Windows Vista tutorial section that covers a wide range of tips and tricks. |
| |||||||
 |
| |
06-26-2007
| #1 (permalink) |
| | Set a new file owner My forehead is bruised from trying to come up with simple code to set a new owner for a file. Something like this should work $file=".\file.txt" [System.Security.Principal.NTAccount]$newOwner="mydomain\roygbiv" $var=get-item $file $acl=$var.GetAccessControl() $acl.SetOwner($NewOwner) $var.SetAccessControl($acl) But I always get: Exception calling "SetAccessControl" with "1" argument(s): "The security identifier is not allowed to be the owner of this object." I'm doing this on a Windows 2003 SP2 server. I can assign the owner in the GUI. I can also get this far: PS C:\public> $x=get-acl $file PS C:\public> $x.SetOwner($newOwner) Looking at $x shows the new owner. But I can't find a way to "set" the new owner. I don't know if I'm using the wrong principal type or what. I've also tried variations with Get-Acl and Set-Acl, but also with no luck. I found some older posts on mucking around with principal policies but that looked like pre-release code. -- Jeffery Hicks SAPIEN Technologies - Scripting, Simplified. "Those who forget to script it are doomed to repeat it." |
My System Specs |
|
06-27-2007
| #2 (permalink) |
| | RE: Set a new file owner Jeffery, you can only set it to administrators or your account, this is a "security" restriction I think (not a good one, as the good guys need it hardly (quota etc) and the bad guys can do it anyway) , with the GUI support I did think MS finaly realised that and Yes !! I got SetOwner working in Monad beta 2, that also had the Beta 2.0 framework and added it to my typeinfo http://mow001.blogspot.com/2005/10/g...principal.html I was very glad with it, finaly but it does not work anymore in powershell 1.0 (.NET 2.0 RTM ) seems they removed the support for setting a owther owner again in the final 2.0 framework. grrr. Greetings /\/\o\/\/ "Jeffery Hicks" wrote: > My forehead is bruised from trying to come up with simple code to set a > new owner for a file. Something like this should work > > $file=".\file.txt" > [System.Security.Principal.NTAccount]$newOwner="mydomain\roygbiv" > $var=get-item $file > $acl=$var.GetAccessControl() > $acl.SetOwner($NewOwner) > $var.SetAccessControl($acl) > > But I always get: Exception calling "SetAccessControl" with "1" > argument(s): "The security identifier is not allowed to be the owner of > this object." > > I'm doing this on a Windows 2003 SP2 server. I can assign the owner in > the GUI. > > I can also get this far: > PS C:\public> $x=get-acl $file > PS C:\public> $x.SetOwner($newOwner) > > Looking at $x shows the new owner. But I can't find a way to "set" the > new owner. I don't know if I'm using the wrong principal type or what. > > I've also tried variations with Get-Acl and Set-Acl, but also with no luck. > > I found some older posts on mucking around with principal policies but > that looked like pre-release code. > > > -- > Jeffery Hicks > SAPIEN Technologies - Scripting, Simplified. > > "Those who forget to script it are doomed to repeat it." > > |
| My System Specs |
|
06-27-2007
| #3 (permalink) |
| | Re: Set a new file owner //o// [MVP] wrote: > Jeffery, > > you can only set it to administrators or your account, > this is a "security" restriction I think (not a good one, as the good guys > need it hardly (quota etc) and the bad guys can do it anyway) , with the GUI > support I did think MS finaly realised that > > and Yes !! > I got SetOwner working in Monad beta 2, that also had the Beta 2.0 framework > and added it to my typeinfo > > http://mow001.blogspot.com/2005/10/g...principal.html > > I was very glad with it, finaly > but it does not work anymore in powershell 1.0 (.NET 2.0 RTM ) seems they > removed the support for setting a owther owner again in the final 2.0 > framework. > > grrr. > > Greetings /\/\o\/\/ > > "Jeffery Hicks" wrote: > >> My forehead is bruised from trying to come up with simple code to set a >> new owner for a file. Something like this should work >> >> $file=".\file.txt" >> [System.Security.Principal.NTAccount]$newOwner="mydomain\roygbiv" >> $var=get-item $file >> $acl=$var.GetAccessControl() >> $acl.SetOwner($NewOwner) >> $var.SetAccessControl($acl) >> >> But I always get: Exception calling "SetAccessControl" with "1" >> argument(s): "The security identifier is not allowed to be the owner of >> this object." >> >> I'm doing this on a Windows 2003 SP2 server. I can assign the owner in >> the GUI. >> >> I can also get this far: >> PS C:\public> $x=get-acl $file >> PS C:\public> $x.SetOwner($newOwner) >> >> Looking at $x shows the new owner. But I can't find a way to "set" the >> new owner. I don't know if I'm using the wrong principal type or what. >> >> I've also tried variations with Get-Acl and Set-Acl, but also with no luck. >> >> I found some older posts on mucking around with principal policies but >> that looked like pre-release code. >> >> >> -- >> Jeffery Hicks >> SAPIEN Technologies - Scripting, Simplified. >> >> "Those who forget to script it are doomed to repeat it." >> >> Since I could do it in the GUI (which you could never do before), I was still hoping to do it from PowerShell but it apparently isn't meant to be. I suppose the workaround is to add an ACL to give the user the TakeControl permission. At least now I can stop banging my head on my desk. -- Jeffery Hicks SAPIEN Technologies - Scripting, Simplified. blog: http://blog.SAPIEN.com Community: http://www.scriptinganswers.com Training: http://www.ScriptingTraining.com Books: http://www.SAPIENPress.com Editor: http://www.primalscript.com Tools: http://www.scriptingoutpost.com "Those who forget to script it are doomed to repeat it." |
| My System Specs |
|
06-27-2007
| #4 (permalink) |
| | Re: Set a new file owner big disapointment for me also but you can still do it using API's I made a setowner in VB.NET before, as it did work in the beta I was glad I did not need it anymore, but now I have to search for the source again or better yet I have to find a opensource .NET library I can steal, uhh use now , and load into powershell. keep you posted ;-) Greetings /\/\o\/\/ "Jeffery Hicks" <jhicks@sapien.com> wrote in message news:Owd6AaOuHHA.484@TK2MSFTNGP06.phx.gbl... > //o// [MVP] wrote: >> Jeffery, >> >> you can only set it to administrators or your account, >> this is a "security" restriction I think (not a good one, as the good >> guys need it hardly (quota etc) and the bad guys can do it anyway) , with >> the GUI support I did think MS finaly realised that >> >> and Yes !! >> I got SetOwner working in Monad beta 2, that also had the Beta 2.0 >> framework >> and added it to my typeinfo >> http://mow001.blogspot.com/2005/10/g...principal.html >> >> I was very glad with it, finaly but it does not work anymore in >> powershell 1.0 (.NET 2.0 RTM ) seems they removed the support for setting >> a owther owner again in the final 2.0 framework. >> >> grrr. >> >> Greetings /\/\o\/\/ >> >> "Jeffery Hicks" wrote: >> >>> My forehead is bruised from trying to come up with simple code to set a >>> new owner for a file. Something like this should work >>> >>> $file=".\file.txt" >>> [System.Security.Principal.NTAccount]$newOwner="mydomain\roygbiv" >>> $var=get-item $file >>> $acl=$var.GetAccessControl() >>> $acl.SetOwner($NewOwner) >>> $var.SetAccessControl($acl) >>> >>> But I always get: Exception calling "SetAccessControl" with "1" >>> argument(s): "The security identifier is not allowed to be the owner of >>> this object." >>> >>> I'm doing this on a Windows 2003 SP2 server. I can assign the owner in >>> the GUI. >>> >>> I can also get this far: >>> PS C:\public> $x=get-acl $file >>> PS C:\public> $x.SetOwner($newOwner) >>> >>> Looking at $x shows the new owner. But I can't find a way to "set" the >>> new owner. I don't know if I'm using the wrong principal type or what. >>> >>> I've also tried variations with Get-Acl and Set-Acl, but also with no >>> luck. >>> >>> I found some older posts on mucking around with principal policies but >>> that looked like pre-release code. >>> >>> >>> -- >>> Jeffery Hicks >>> SAPIEN Technologies - Scripting, Simplified. >>> >>> "Those who forget to script it are doomed to repeat it." >>> >>> > > Since I could do it in the GUI (which you could never do before), I was > still hoping to do it from PowerShell but it apparently isn't meant to be. > I suppose the workaround is to add an ACL to give the user the TakeControl > permission. > > At least now I can stop banging my head on my desk. > > -- > Jeffery Hicks > SAPIEN Technologies - Scripting, Simplified. > > blog: http://blog.SAPIEN.com > Community: http://www.scriptinganswers.com > Training: http://www.ScriptingTraining.com > Books: http://www.SAPIENPress.com > Editor: http://www.primalscript.com > Tools: http://www.scriptingoutpost.com > > "Those who forget to script it are doomed to repeat it." > |
| My System Specs |
|
06-27-2007
| #5 (permalink) |
| | Re: Set a new file owner @ PSCX ;-) the API wrappers needed are in here : http://www.gotdotnet.com/Community/U...f-e0705af065d9 please ;-) as I did this in VS2002 it's a bit rusty Greetings /\/\o\/\/ "/\/\o\/\/ [MVP]" <mow001@hotmail.NoSpam> wrote in message news:27E0838B-D33D-465E-A6C6-FF722E569053@microsoft.com... > big disapointment for me also but you can still do it using API's > > I made a setowner in VB.NET before, as it did work in the beta I was glad > I did not need it anymore, but now I have to search for the source > again or better yet I have to find a opensource .NET library I can steal, > uhh use now , and load into powershell. > > keep you posted ;-) > > Greetings /\/\o\/\/ > > "Jeffery Hicks" <jhicks@sapien.com> wrote in message > news:Owd6AaOuHHA.484@TK2MSFTNGP06.phx.gbl... >> //o// [MVP] wrote: >>> Jeffery, >>> >>> you can only set it to administrators or your account, >>> this is a "security" restriction I think (not a good one, as the good >>> guys need it hardly (quota etc) and the bad guys can do it anyway) , >>> with the GUI support I did think MS finaly realised that >>> >>> and Yes !! >>> I got SetOwner working in Monad beta 2, that also had the Beta 2.0 >>> framework >>> and added it to my typeinfo >>> http://mow001.blogspot.com/2005/10/g...principal.html >>> >>> I was very glad with it, finaly but it does not work anymore in >>> powershell 1.0 (.NET 2.0 RTM ) seems they removed the support for >>> setting a owther owner again in the final 2.0 framework. >>> >>> grrr. >>> >>> Greetings /\/\o\/\/ >>> >>> "Jeffery Hicks" wrote: >>> >>>> My forehead is bruised from trying to come up with simple code to set a >>>> new owner for a file. Something like this should work >>>> >>>> $file=".\file.txt" >>>> [System.Security.Principal.NTAccount]$newOwner="mydomain\roygbiv" >>>> $var=get-item $file >>>> $acl=$var.GetAccessControl() >>>> $acl.SetOwner($NewOwner) >>>> $var.SetAccessControl($acl) >>>> >>>> But I always get: Exception calling "SetAccessControl" with "1" >>>> argument(s): "The security identifier is not allowed to be the owner of >>>> this object." >>>> >>>> I'm doing this on a Windows 2003 SP2 server. I can assign the owner in >>>> the GUI. >>>> >>>> I can also get this far: >>>> PS C:\public> $x=get-acl $file >>>> PS C:\public> $x.SetOwner($newOwner) >>>> >>>> Looking at $x shows the new owner. But I can't find a way to "set" the >>>> new owner. I don't know if I'm using the wrong principal type or what. >>>> >>>> I've also tried variations with Get-Acl and Set-Acl, but also with no >>>> luck. >>>> >>>> I found some older posts on mucking around with principal policies but >>>> that looked like pre-release code. >>>> >>>> >>>> -- >>>> Jeffery Hicks >>>> SAPIEN Technologies - Scripting, Simplified. >>>> >>>> "Those who forget to script it are doomed to repeat it." >>>> >>>> >> >> Since I could do it in the GUI (which you could never do before), I was >> still hoping to do it from PowerShell but it apparently isn't meant to >> be. I suppose the workaround is to add an ACL to give the user the >> TakeControl permission. >> >> At least now I can stop banging my head on my desk. >> >> -- >> Jeffery Hicks >> SAPIEN Technologies - Scripting, Simplified. >> >> blog: http://blog.SAPIEN.com >> Community: http://www.scriptinganswers.com >> Training: http://www.ScriptingTraining.com >> Books: http://www.SAPIENPress.com >> Editor: http://www.primalscript.com >> Tools: http://www.scriptingoutpost.com >> >> "Those who forget to script it are doomed to repeat it." >> > |
| My System Specs |
|
06-27-2007
| #6 (permalink) |
| | Re: Set a new file owner b.t.w. ofcourse SubinAcl still works in powershell. but only for this a bit much overhead and setowner.exe is not AV proof ;-) "/\/\o\/\/ [MVP]" wrote: > @ PSCX ;-) > the API wrappers needed are in here : > http://www.gotdotnet.com/Community/U...f-e0705af065d9 > > please ;-) > as I did this in VS2002 it's a bit rusty > > Greetings /\/\o\/\/ > > "/\/\o\/\/ [MVP]" <mow001@hotmail.NoSpam> wrote in message > news:27E0838B-D33D-465E-A6C6-FF722E569053@microsoft.com... > > big disapointment for me also but you can still do it using API's > > > > I made a setowner in VB.NET before, as it did work in the beta I was glad > > I did not need it anymore, but now I have to search for the source > > again or better yet I have to find a opensource .NET library I can steal, > > uhh use now , and load into powershell. > > > > keep you posted ;-) > > > > Greetings /\/\o\/\/ > > > > "Jeffery Hicks" <jhicks@sapien.com> wrote in message > > news:Owd6AaOuHHA.484@TK2MSFTNGP06.phx.gbl... > >> //o// [MVP] wrote: > >>> Jeffery, > >>> > >>> you can only set it to administrators or your account, > >>> this is a "security" restriction I think (not a good one, as the good > >>> guys need it hardly (quota etc) and the bad guys can do it anyway) , > >>> with the GUI support I did think MS finaly realised that > >>> > >>> and Yes !! > >>> I got SetOwner working in Monad beta 2, that also had the Beta 2.0 > >>> framework > >>> and added it to my typeinfo > >>> http://mow001.blogspot.com/2005/10/g...principal.html > >>> > >>> I was very glad with it, finaly but it does not work anymore in > >>> powershell 1.0 (.NET 2.0 RTM ) seems they removed the support for > >>> setting a owther owner again in the final 2.0 framework. > >>> > >>> grrr. > >>> > >>> Greetings /\/\o\/\/ > >>> > >>> "Jeffery Hicks" wrote: > >>> > >>>> My forehead is bruised from trying to come up with simple code to set a > >>>> new owner for a file. Something like this should work > >>>> > >>>> $file=".\file.txt" > >>>> [System.Security.Principal.NTAccount]$newOwner="mydomain\roygbiv" > >>>> $var=get-item $file > >>>> $acl=$var.GetAccessControl() > >>>> $acl.SetOwner($NewOwner) > >>>> $var.SetAccessControl($acl) > >>>> > >>>> But I always get: Exception calling "SetAccessControl" with "1" > >>>> argument(s): "The security identifier is not allowed to be the owner of > >>>> this object." > >>>> > >>>> I'm doing this on a Windows 2003 SP2 server. I can assign the owner in > >>>> the GUI. > >>>> > >>>> I can also get this far: > >>>> PS C:\public> $x=get-acl $file > >>>> PS C:\public> $x.SetOwner($newOwner) > >>>> > >>>> Looking at $x shows the new owner. But I can't find a way to "set" the > >>>> new owner. I don't know if I'm using the wrong principal type or what. > >>>> > >>>> I've also tried variations with Get-Acl and Set-Acl, but also with no > >>>> luck. > >>>> > >>>> I found some older posts on mucking around with principal policies but > >>>> that looked like pre-release code. > >>>> > >>>> > >>>> -- > >>>> Jeffery Hicks > >>>> SAPIEN Technologies - Scripting, Simplified. > >>>> > >>>> "Those who forget to script it are doomed to repeat it." > >>>> > >>>> > >> > >> Since I could do it in the GUI (which you could never do before), I was > >> still hoping to do it from PowerShell but it apparently isn't meant to > >> be. I suppose the workaround is to add an ACL to give the user the > >> TakeControl permission. > >> > >> At least now I can stop banging my head on my desk. > >> > >> -- > >> Jeffery Hicks > >> SAPIEN Technologies - Scripting, Simplified. > >> > >> blog: http://blog.SAPIEN.com > >> Community: http://www.scriptinganswers.com > >> Training: http://www.ScriptingTraining.com > >> Books: http://www.SAPIENPress.com > >> Editor: http://www.primalscript.com > >> Tools: http://www.scriptingoutpost.com > >> > >> "Those who forget to script it are doomed to repeat it." > >> > > > |
| My System Specs |
|
06-27-2007
| #7 (permalink) |
| | Re: Set a new file owner //o// [MVP] wrote: > b.t.w. ofcourse SubinAcl still works in powershell. > but only for this a bit much overhead and setowner.exe is not AV proof ;-) > > "/\/\o\/\/ [MVP]" wrote: > >> @ PSCX ;-) >> the API wrappers needed are in here : >> http://www.gotdotnet.com/Community/U...f-e0705af065d9 >> >> please ;-) >> as I did this in VS2002 it's a bit rusty >> >> Greetings /\/\o\/\/ >> >> "/\/\o\/\/ [MVP]" <mow001@hotmail.NoSpam> wrote in message >> news:27E0838B-D33D-465E-A6C6-FF722E569053@microsoft.com... >>> big disapointment for me also but you can still do it using API's >>> >>> I made a setowner in VB.NET before, as it did work in the beta I was glad >>> I did not need it anymore, but now I have to search for the source >>> again or better yet I have to find a opensource .NET library I can steal, >>> uhh use now , and load into powershell. >>> >>> keep you posted ;-) >>> >>> Greetings /\/\o\/\/ >>> >>> "Jeffery Hicks" <jhicks@sapien.com> wrote in message >>> news:Owd6AaOuHHA.484@TK2MSFTNGP06.phx.gbl... >>>> //o// [MVP] wrote: >>>>> Jeffery, >>>>> >>>>> you can only set it to administrators or your account, >>>>> this is a "security" restriction I think (not a good one, as the good >>>>> guys need it hardly (quota etc) and the bad guys can do it anyway) , >>>>> with the GUI support I did think MS finaly realised that >>>>> >>>>> and Yes !! >>>>> I got SetOwner working in Monad beta 2, that also had the Beta 2.0 >>>>> framework >>>>> and added it to my typeinfo >>>>> http://mow001.blogspot.com/2005/10/g...principal.html >>>>> >>>>> I was very glad with it, finaly but it does not work anymore in >>>>> powershell 1.0 (.NET 2.0 RTM ) seems they removed the support for >>>>> setting a owther owner again in the final 2.0 framework. >>>>> >>>>> grrr. >>>>> >>>>> Greetings /\/\o\/\/ >>>>> >>>>> "Jeffery Hicks" wrote: >>>>> >>>>>> My forehead is bruised from trying to come up with simple code to set a >>>>>> new owner for a file. Something like this should work >>>>>> >>>>>> $file=".\file.txt" >>>>>> [System.Security.Principal.NTAccount]$newOwner="mydomain\roygbiv" >>>>>> $var=get-item $file >>>>>> $acl=$var.GetAccessControl() >>>>>> $acl.SetOwner($NewOwner) >>>>>> $var.SetAccessControl($acl) >>>>>> >>>>>> But I always get: Exception calling "SetAccessControl" with "1" >>>>>> argument(s): "The security identifier is not allowed to be the owner of >>>>>> this object." >>>>>> >>>>>> I'm doing this on a Windows 2003 SP2 server. I can assign the owner in >>>>>> the GUI. >>>>>> >>>>>> I can also get this far: >>>>>> PS C:\public> $x=get-acl $file >>>>>> PS C:\public> $x.SetOwner($newOwner) >>>>>> >>>>>> Looking at $x shows the new owner. But I can't find a way to "set" the >>>>>> new owner. I don't know if I'm using the wrong principal type or what. >>>>>> >>>>>> I've also tried variations with Get-Acl and Set-Acl, but also with no >>>>>> luck. >>>>>> >>>>>> I found some older posts on mucking around with principal policies but >>>>>> that looked like pre-release code. >>>>>> >>>>>> >>>>>> -- >>>>>> Jeffery Hicks >>>>>> SAPIEN Technologies - Scripting, Simplified. >>>>>> >>>>>> "Those who forget to script it are doomed to repeat it." >>>>>> >>>>>> >>>> Since I could do it in the GUI (which you could never do before), I was >>>> still hoping to do it from PowerShell but it apparently isn't meant to >>>> be. I suppose the workaround is to add an ACL to give the user the >>>> TakeControl permission. >>>> >>>> At least now I can stop banging my head on my desk. >>>> >>>> -- >>>> Jeffery Hicks >>>> SAPIEN Technologies - Scripting, Simplified. >>>> >>>> blog: http://blog.SAPIEN.com >>>> Community: http://www.scriptinganswers.com >>>> Training: http://www.ScriptingTraining.com >>>> Books: http://www.SAPIENPress.com >>>> Editor: http://www.primalscript.com >>>> Tools: http://www.scriptingoutpost.com >>>> >>>> "Those who forget to script it are doomed to repeat it." >>>> I've confirmed that this WILL work: $file=".\file.txt" [System.Security.Principal.NTAccount]$newOwner="Administrators" $var=get-item $file $acl=$var.GetAccessControl() $acl.SetOwner($NewOwner) $var.SetAccessControl($acl) The new owner must be the Administrators group or a domain admin account. This is true on XP and Windows 2003 SP2. Even though the 2003 GUI lets you assign ownership, PowerShell can't. -- Jeffery Hicks SAPIEN Technologies - Scripting, Simplified. blog: http://blog.SAPIEN.com Community: http://www.scriptinganswers.com Training: http://www.ScriptingTraining.com Books: http://www.SAPIENPress.com Editor: http://www.primalscript.com Tools: http://www.scriptingoutpost.com "Those who forget to script it are doomed to repeat it." |
| My System Specs |
|
07-12-2007
| #8 (permalink) |
| | Re: Set a new file owner /\/\o\/\/ is glad to anounce, Coming soon in a Shell near you .. Oisin's Get-Owner and Set-Owner : PoSH> Get-Owner test1.ps1 Value ----- BUILTIN\Administrators PoSH> Set-Owner test1.ps1 -AccountName User1 Set-Owner F:\PowerShell\test\test1.ps1 Change owner from BUILTIN\Administrators to User1? [Y] Yes [N] No [S] Suspend [?] Help (default is "Y"): y PoSH> Get-Owner test1.ps1 Value ----- POSHWORKS\User1 Kudos and much thanks to X0N, for making this great cmdlets for me and the rest of the community, not more SubInAcl !!. this Cmdlet will be available in PSCX 1.2 and will be posted tomorrow on my blog . wow again, what a great PowerShell community we have !!! Greetings /\/\o\/\/ "Jeffery Hicks" wrote: > //o// [MVP] wrote: > > b.t.w. ofcourse SubinAcl still works in powershell. > > but only for this a bit much overhead and setowner.exe is not AV proof ;-) > > > > "/\/\o\/\/ [MVP]" wrote: > > > >> @ PSCX ;-) > >> the API wrappers needed are in here : > >> http://www.gotdotnet.com/Community/U...f-e0705af065d9 > >> > >> please ;-) > >> as I did this in VS2002 it's a bit rusty > >> > >> Greetings /\/\o\/\/ > >> > >> "/\/\o\/\/ [MVP]" <mow001@hotmail.NoSpam> wrote in message > >> news:27E0838B-D33D-465E-A6C6-FF722E569053@microsoft.com... > >>> big disapointment for me also but you can still do it using API's > >>> > >>> I made a setowner in VB.NET before, as it did work in the beta I was glad > >>> I did not need it anymore, but now I have to search for the source > >>> again or better yet I have to find a opensource .NET library I can steal, > >>> uhh use now , and load into powershell. > >>> > >>> keep you posted ;-) > >>> > >>> Greetings /\/\o\/\/ > >>> > >>> "Jeffery Hicks" <jhicks@sapien.com> wrote in message > >>> news:Owd6AaOuHHA.484@TK2MSFTNGP06.phx.gbl... > >>>> //o// [MVP] wrote: > >>>>> Jeffery, > >>>>> > >>>>> you can only set it to administrators or your account, > >>>>> this is a "security" restriction I think (not a good one, as the good > >>>>> guys need it hardly (quota etc) and the bad guys can do it anyway) , > >>>>> with the GUI support I did think MS finaly realised that > >>>>> > >>>>> and Yes !! > >>>>> I got SetOwner working in Monad beta 2, that also had the Beta 2.0 > >>>>> framework > >>>>> and added it to my typeinfo > >>>>> http://mow001.blogspot.com/2005/10/g...principal.html > >>>>> > >>>>> I was very glad with it, finaly but it does not work anymore in > >>>>> powershell 1.0 (.NET 2.0 RTM ) seems they removed the support for > >>>>> setting a owther owner again in the final 2.0 framework. > >>>>> > >>>>> grrr. > >>>>> > >>>>> Greetings /\/\o\/\/ > >>>>> > >>>>> "Jeffery Hicks" wrote: > >>>>> > >>>>>> My forehead is bruised from trying to come up with simple code to set a > >>>>>> new owner for a file. Something like this should work > >>>>>> > >>>>>> $file=".\file.txt" > >>>>>> [System.Security.Principal.NTAccount]$newOwner="mydomain\roygbiv" > >>>>>> $var=get-item $file > >>>>>> $acl=$var.GetAccessControl() > >>>>>> $acl.SetOwner($NewOwner) > >>>>>> $var.SetAccessControl($acl) > >>>>>> > >>>>>> But I always get: Exception calling "SetAccessControl" with "1" > >>>>>> argument(s): "The security identifier is not allowed to be the owner of > >>>>>> this object." > >>>>>> > >>>>>> I'm doing this on a Windows 2003 SP2 server. I can assign the owner in > >>>>>> the GUI. > >>>>>> > >>>>>> I can also get this far: > >>>>>> PS C:\public> $x=get-acl $file > >>>>>> PS C:\public> $x.SetOwner($newOwner) > >>>>>> > >>>>>> Looking at $x shows the new owner. But I can't find a way to "set" the > >>>>>> new owner. I don't know if I'm using the wrong principal type or what. > >>>>>> > >>>>>> I've also tried variations with Get-Acl and Set-Acl, but also with no > >>>>>> luck. > >>>>>> > >>>>>> I found some older posts on mucking around with principal policies but > >>>>>> that looked like pre-release code. > >>>>>> > >>>>>> > >>>>>> -- > >>>>>> Jeffery Hicks > >>>>>> SAPIEN Technologies - Scripting, Simplified. > >>>>>> > >>>>>> "Those who forget to script it are doomed to repeat it." > >>>>>> > >>>>>> > >>>> Since I could do it in the GUI (which you could never do before), I was > >>>> still hoping to do it from PowerShell but it apparently isn't meant to > >>>> be. I suppose the workaround is to add an ACL to give the user the > >>>> TakeControl permission. > >>>> > >>>> At least now I can stop banging my head on my desk. > >>>> > >>>> -- > >>>> Jeffery Hicks > >>>> SAPIEN Technologies - Scripting, Simplified. > >>>> > >>>> blog: http://blog.SAPIEN.com > >>>> Community: http://www.scriptinganswers.com > >>>> Training: http://www.ScriptingTraining.com > >>>> Books: http://www.SAPIENPress.com > >>>> Editor: http://www.primalscript.com > >>>> Tools: http://www.scriptingoutpost.com > >>>> > >>>> "Those who forget to script it are doomed to repeat it." > >>>> > > I've confirmed that this WILL work: > > $file=".\file.txt" > [System.Security.Principal.NTAccount]$newOwner="Administrators" > $var=get-item $file > $acl=$var.GetAccessControl() > $acl.SetOwner($NewOwner) > $var.SetAccessControl($acl) > > The new owner must be the Administrators group or a domain admin > account. This is true on XP and Windows 2003 SP2. Even though the 2003 > GUI lets you assign ownership, PowerShell can't. > > -- > Jeffery Hicks > SAPIEN Technologies - Scripting, Simplified. > > blog: http://blog.SAPIEN.com > Community: http://www.scriptinganswers.com > Training: http://www.ScriptingTraining.com > Books: http://www.SAPIENPress.com > Editor: http://www.primalscript.com > Tools: http://www.scriptingoutpost.com > > "Those who forget to script it are doomed to repeat it." > > |
| My System Specs |
|
08-09-2007
| #9 (permalink) |
| vista | Re: Set a new file owner [quote='/\/\o\/\/ [MVP];379801']/\/\o\/\/ is glad to anounce, Coming soon in a Shell near you .. Oisin's Get-Owner and Set-Owner : PoSH> Get-Owner test1.ps1 Value ----- BUILTIN\Administrators PoSH> Set-Owner test1.ps1 -AccountName User1 [\quote] You mention above that set-owner would be posted to your blog about 4 weeks ago or so, and I cannot find it. I am in need of a way to set ownership to someone other than and anmin or admin group for home directory creation. do you have a link to this code? |
| My System Specs |
|
| Thread Tools | |
| |
Similar Threads | ||||
| Thread | Forum | |||
| Change all references held by previous owner/administrator to new owner | System Security | |||
| Vista Ultx64 - File Owner Attributes - Raging! | General Discussion | |||
| Wrong file owner set on new files and folders | Vista General | |||
| Change Owner for few folder with csv file | PowerShell | |||
| Replace File Owner with Powershell? | PowerShell | |||
