Sunday, February 7, 2016

Remove invalid SIDs from Windows ACL

Here is a quick note on how to remove those invalid SIDs / unknown account on Windows file system  ACL (e.g. after moving files from one domain to another).

First, download SubInAcl from microsoft.

Then open a command prompt with administrator permission.  Change directory to the target folder.

If necessary, execute the following command to take the ownership first.  Otherwise if the unknown SID is the owner of the files, suppressing the SID with SubInAcl will change the owner to everyone.

takeown  /f * /r /d y

Execute the following command to remove the SID recursively.  Refer to the html file that comes with SubInAcl for other available options.

"c:\Program Files (x86)\Windows Resource Kits\tools\subinacl.exe" /noverbose /subdirectories *  /suppresssid=S-1-5-21-3393913859-1150651423-3580285917-1000

No comments: