File Share Woes

As sys admins, we all eventually hit the problem of inheriting file shares that were set up by years and years worth of SA’s who all felt their way was the best way to do it. I have a firm belief that any way you do it is fine, as long as you do it that way consistently. Eventually, you will find a file share where someone gave users Full Control to a file share or thru NTFS and those users modified the ownership of the files and took admins away. Then those people left and now you nor anyone else can access those files

Or, even worse, you got hit by a virus that stripped all the permissions away.

As with everything, there’s a lot of ways to fix this. You’ll first have to take ownership of the files and then reset the permissions back to default inheritance. You NEVER want to manage permissions on subfolders if you don’t have to.

The easy way is to use takeown and icacls:

takeown /f * /a /r
icacls * /inheritance:e /t

That works great, until it doesn’t. Takeown has some limitations which you’ll eventually run into. You’ll likely start getting random memory or caching errors. To fix, that use SubInAcl

Be very careful with subinacl. It’s a very powerful too and you could cause yourself a world of hurt with it.

subinacl /file "PATH" /setowner=Administrators <-- to claim ownership of the root
subinacl /subdirectories "PATH\*.*"  /setowner=Administrators <-- to claim ownership of everything else

icacls * /inheritance:e /t

That’s it!