File ownership been changed

[DavidM]

Running XP Home SP2 (logged in with admin rights)

In Windows Explorer I have just displayed the Owner column, and
noticed that a lot of my files have the owner shown as something like
S-1-5-21-11......plus lots of digits, whereas files created recently
have MYPCNAME\Fred. This seems to apply to "data" files that
I restored when I had to rebuild my system a few weeks ago. My
family's files have a similar problem (with different digits).

Is there any way I can restore the correct file ownership, preferabley
in bulk, for each user, or would it be better to leave well alone?

Thanks, David.

 

[John John]

Who's Fred? Is there a profile folder named "MYPCNAME\Fred"? These
"MachineName\UserName" folders often/usually appear when user profile
corruption is encountered. When a user tries to logon if the Security
Account Manager (SAM) recognizes the user name and password at logon and
if it has no valid reason to refuse the logon, it allows the user to
logon with a new profile, it creates a new profile folder from the
Default User profile and names it as you see. Sometimes you will see
folders renamed in a fashion as UserName.nnn (UserName.001,
UserName.002...). The "MachineName\UserName" folders can also appear
when you join machines to a domain but being that you are using XP Home
that doesn't apply to you.

As for the S-1-5-21-11...... numbers, these are called Security
Identifiers (SID) and that is really how all security and logon
information is processed. The operating system uses SID's, but being
that we humans would be quite confused trying to keep track of these
series of numbers and that it would be quite confusing and a royal pain
to try to use SID's, the operating system reconciles our UserNames with
the actual SID's, with Windows NT/2000/XP/Vista user accounts and
security, SID's are the only thing that really matter.

As to how to do a "wholesale" change of all security attributes from
"Fred" to "David" the only (somewhat) easy way to do that is with the
SubInACL tool. You can download SubInACL on the Microsoft web site.
The SubInACL syntax is rather complex, to replace a user with another
one the short syntax will be something like this:

subinacl /C:\*.* /replace=SomeUserName=SomeOtherUserName

(Note that if there are spaces in the user names you have to use
quotation marks):

subinacl /C:\*.* /replace="Some User Name=Some Other UserName"

but in reality the above may halt on errors and it has no log to verify
what was done, it usually works better with a more qualified syntax like
this:

subinacl /outputlog=c:\mytest.log /subdirec=directoriesonly C:\*.*
/replace=SomeUser=SomeOtherUser /ifchangecontinue /noverbose /display
/testmode

If you copy and paste the above pay attention to the spaces, there is
always a space *before* the slash (/). The /testmode switch above
allows you to run the command without actually doing the changes, the
results of the command will be recorded in the c:\mytest.log, you can
open and see what changes would be made by running the command, if you
are satisfied that all is ok remove the /testmode switch and rerun the
command to make the actual changes.

To copy (backup) the ACL/permissions before you replace them send the
output of the permissions to a file, then if you make errors or if you
do not like the changes that you made you can use the /playfile switch
to undo changes you make:

To backup:

subinacl /noverbose /output=c:\backACL.txt /subdirec=directoriesonly C:\*.*


To restore:

subinacl /playfile c:\backACL.txt

SubInACL documentation
http://www.analogduck.com/main/subinacl

SubInACL (SubInACL.exe)
http://www.microsoft.com/downloads/...56-D8FE-4A91-93CF-ED6985E3927B&displaylang=en

John

 

[DavidM]

Who's Fred? Is there a profile folder named "MYPCNAME\Fred"? These
"MachineName\UserName" folders often/usually appear when user profile
corruption is encountered. When a user tries to logon if the Security
Account Manager (SAM) recognizes the user name and password at logon and
if it has no valid reason to refuse the logon, it allows the user to logon
with a new profile, it creates a new profile folder from the Default User
profile and names it as you see. Sometimes you will see folders renamed
in a fashion as UserName.nnn (UserName.001, UserName.002...). The
"MachineName\UserName" folders can also appear when you join machines to a
domain but being that you are using XP Home that doesn't apply to you.

As for the S-1-5-21-11...... numbers, these are called Security
Identifiers (SID) and that is really how all security and logon
information is processed. The operating system uses SID's, but being that
we humans would be quite confused trying to keep track of these series of
numbers and that it would be quite confusing and a royal pain to try to
use SID's, the operating system reconciles our UserNames with the actual
SID's, with Windows NT/2000/XP/Vista user accounts and security, SID's are
the only thing that really matter.

As to how to do a "wholesale" change of all security attributes from
"Fred" to "David" the only (somewhat) easy way to do that is with the
SubInACL tool. You can download SubInACL on the Microsoft web site. The
SubInACL syntax is rather complex, to replace a user with another one the
short syntax will be something like this:

subinacl /C:\*.* /replace=SomeUserName=SomeOtherUserName

(Note that if there are spaces in the user names you have to use quotation
marks):

subinacl /C:\*.* /replace="Some User Name=Some Other UserName"

but in reality the above may halt on errors and it has no log to verify
what was done, it usually works better with a more qualified syntax like
this:

subinacl /outputlog=c:\mytest.log /subdirec=directoriesonly C:\*.*
/replace=SomeUser=SomeOtherUser /ifchangecontinue /noverbose /display
/testmode

If you copy and paste the above pay attention to the spaces, there is
always a space *before* the slash (/). The /testmode switch above allows
you to run the command without actually doing the changes, the results of
the command will be recorded in the c:\mytest.log, you can open and see
what changes would be made by running the command, if you are satisfied
that all is ok remove the /testmode switch and rerun the command to make
the actual changes.

To copy (backup) the ACL/permissions before you replace them send the
output of the permissions to a file, then if you make errors or if you do
not like the changes that you made you can use the /playfile switch to
undo changes you make:

To backup:

subinacl /noverbose /output=c:\backACL.txt /subdirec=directoriesonly
C:\*.*


To restore:

subinacl /playfile c:\backACL.txt

SubInACL documentation
http://www.analogduck.com/main/subinacl

SubInACL (SubInACL.exe)
http://www.microsoft.com/downloads/...56-D8FE-4A91-93CF-ED6985E3927B&displaylang=en

John

Thanks for the detailed reply John.
There isn't a user call Fred, I just made that up, the username for
my more recently created files is pcname\David (pcname is made
up as well).
Can I use the SubInACL tool to replace the wrong SID with one
that matches to my name, and how do I find the current SID for
my name.
I suppose I could just make a copy of every old file, the copy will
then have my correct owner name, then delete the old files. A bit
tedious but seems to work when I tested it on a single file.
Is there any downside in just leaving things as they are, other than
being a bit "untidy"?
David.

 

[John John]

Thanks for the detailed reply John.
There isn't a user call Fred, I just made that up, the username for
my more recently created files is pcname\David (pcname is made
up as well).
Can I use the SubInACL tool to replace the wrong SID with one
that matches to my name, and how do I find the current SID for
my name.
I suppose I could just make a copy of every old file, the copy will
then have my correct owner name, then delete the old files. A bit
tedious but seems to work when I tested it on a single file.
Is there any downside in just leaving things as they are, other than
being a bit "untidy"?
David.

Yes, SubInACL can be used to replace SID's but don't use SID's in the
syntax, use the Usernames, SubInACL will reconcile the Username with the
proper SID. Keep in mind that there is a SID for the Built-in
Administrator account, not just for your own account, don't
delete/revoke ACL/permissions for the built-in administrator account!

The profile list (SID's) along with the corresponding Usernames is held
in the registry at:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

Best not to muck about and delete things there if you are not sure of
the entries, once again, leave the built-in Administrator's SID alone!

If everything is working fine you can just leave things as they are, it
doesn't hurt anything to have orphaned SID/Usernames in the ACLs.

John