How i can Change ownership for to shared folders to Domain administrator

3

This is on a small bussiness server 2008 (windows server standard FE copyright on 2007) with SP1 and powershell version 1 for some strange reason the server cannot update to sp2 and no longer updates work it reports (80072EFE error though it directly connected to internet without a firewall) so i cannot install powershell version 3.

The script works with powershell version 3 here it is :

    $Target = "G:\foldername"

# Change FOLDER owners to Admin
$Folders = @(Get-ChildItem -Path $Target -Directory -Recurse | Select-Object -ExpandProperty FullName)
echo $Folders
foreach ($Item1 in $Folders) 
{
# Action
$AdjustTokenPrivileges = @"
using System;
using System.Runtime.InteropServices;

 public class TokenManipulator
 {
  [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
  internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,
  ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);
  [DllImport("kernel32.dll", ExactSpelling = true)]
  internal static extern IntPtr GetCurrentProcess();
  [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
  internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr
  phtok);
  [DllImport("advapi32.dll", SetLastError = true)]
  internal static extern bool LookupPrivilegeValue(string host, string name,
  ref long pluid);
  [StructLayout(LayoutKind.Sequential, Pack = 1)]
  internal struct TokPriv1Luid
  {
   public int Count;
   public long Luid;
   public int Attr;
  }
  internal const int SE_PRIVILEGE_DISABLED = 0x00000000;
  internal const int SE_PRIVILEGE_ENABLED = 0x00000002;
  internal const int TOKEN_QUERY = 0x00000008;
  internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;
  public static bool AddPrivilege(string privilege)
  {
   try
   {
    bool retVal;
    TokPriv1Luid tp;
    IntPtr hproc = GetCurrentProcess();
    IntPtr htok = IntPtr.Zero;
    retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);
    tp.Count = 1;
    tp.Luid = 0;
    tp.Attr = SE_PRIVILEGE_ENABLED;
    retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);
    retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);
    return retVal;
   }
   catch (Exception ex)
   {
    throw ex;
   }
  }
  public static bool RemovePrivilege(string privilege)
  {
   try
   {
    bool retVal;
    TokPriv1Luid tp;
    IntPtr hproc = GetCurrentProcess();
    IntPtr htok = IntPtr.Zero;
    retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);
    tp.Count = 1;
    tp.Luid = 0;
    tp.Attr = SE_PRIVILEGE_DISABLED;
    retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);
    retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);
    return retVal;
   }
   catch (Exception ex)
   {
    throw ex;
   }
  }
 }
"@
add-type $AdjustTokenPrivileges
$Folder = Get-Item $Item1
[void][TokenManipulator]::AddPrivilege("SeRestorePrivilege") 
[void][TokenManipulator]::AddPrivilege("SeBackupPrivilege") 
[void][TokenManipulator]::AddPrivilege("SeTakeOwnershipPrivilege") 
$NewOwnerACL = New-Object System.Security.AccessControl.DirectorySecurity
$Admin = New-Object System.Security.Principal.NTAccount("BUILTIN\Administrators")
$NewOwnerACL.SetOwner($Admin)
$Folder.SetAccessControl($NewOwnerACL)
# Add folder Admins to ACL with Full Control to descend folder structure
If (Test-Path G:\PTemp) { Remove-Item G:\PTemp }
New-Item -type directory -Path G:\PTemp
$Acl = Get-Acl -Path G:\PTemp
$Ar = New-Object  system.security.accesscontrol.filesystemaccessrule("BUILTIN\Administrators","FullControl","Allow")
$Acl.SetAccessRule($Ar)
Set-Acl $Item1 $Acl
} 

# Change FILE owners to Admin
$Files = @(Get-ChildItem -Path $Target -File -Recurse | Select-Object -ExpandProperty FullName)
echo $Files

foreach ($Item2 in $Files)
{
# Action
$Account = New-Object System.Security.Principal.NTAccount("BUILTIN\Administrators")
$FileSecurity = new-object System.Security.AccessControl.FileSecurity
$FileSecurity.SetOwner($Account)
[System.IO.File]::SetAccessControl($Item2, $FileSecurity)
# Add file Admins to ACL with Full Control and activate inheritance
If (Test-Path G:\PFile) { Remove-Item G:\PFile }
New-Item -type file -Path G:\PFile
$PAcl = Get-Acl -Path G:\PFile
$PAr = New-Object  system.security.accesscontrol.filesystemaccessrule("BUILTIN\Administrators","FullControl","Allow")
$PAcl.SetAccessRule($PAr)
Set-Acl $Item2 $PAcl
}
# Clean-up junk
rm G:\PTemp
rm G:\PFile

#$VerbosePreference="Continue"

I need to change the owner from various users to administrator to a thousand or more directories, subdirectories and files contained in a shared folder. For some reason in the past the ACL permitions those folders have been removed and the Domain Administrator or even the system no longer has access, the permitions have been removed.

I discovered the problem when i setup a backup solution to a different network location with robocopy , and then i noticed that it was lacking more than half of the data

How i can accomplish that any ideas?

Thanks in advance

windows
network-share
asked on Server Fault Aug 30, 2019 by Dennik

1 Answer

3
takeown.exe /f $TargetFolder /A /R

There additional arguments, check with takeown.exe /?

answered on Server Fault Aug 30, 2019 by batistuta09

User contributions licensed under CC BY-SA 3.0