quote:

---

SubInAcl was designed to help administrators to manage security on
various objects.
It provides :
- a unified way to manipulate security for different kinds of objects
(files, registry keys, services, printer,...)
- a console tool that allows to write scripts to automate
security tasks
- some features that help administrators to modify security if some
changes occur in their organization:
- user, group deletions (/suppresssid, /cleandeletedsidsfrom )
- user, group migrations (/replace , /accountmigration)
- domain, server migration (/changedomain, /migratetodomain)
...
- security descriptor editing features :
- owner ( /setowner )
- primary group ( /setprimarygroup )
- permissions ( /grant , /deny , /revoke )
- access to remote objects
- save and restore permissions (/playfile , /outputlog , /display )

You need SeBackupPrivilege SeRestorePrivilege
SeSecurityPrivilege SeTakeOwnershipPrivilege
SeChangeNotifyPrivilege privileges (locally or remotely) to run this tool

Type SubInAcl /help to get extended help

---