Set a new file owner Jeffery Hicks <jhicks[ at ]sapien.com> 26.06.2007 10:07:12 My forehead is bruised from trying to come up with simple code to set a new owner for a file. Something like this should work $file=".\file.txt" [System.Security.Principal.NTAccount]$newOwner="mydomain\roygbiv" $var=get-item $file $acl=$var.GetAccessControl() $acl.SetOwner($NewOwner) $var.SetAccessControl($acl) But I always get: Exception calling "SetAccessControl" with "1" argument(s): "The security identifier is not allowed to be the owner of this object." I'm doing this on a Windows 2003 SP2 server. I can assign the owner in the GUI. I can also get this far: PS C:\public> $x=get-acl $file PS C:\public> $x.SetOwner($newOwner) Looking at $x shows the new owner. But I can't find a way to "set" the new owner. I don't know if I'm using the wrong principal type or what. I've also tried variations with Get-Acl and Set-Acl, but also with no luck. I found some older posts on mucking around with principal policies but that looked like pre-release code. -- Jeffery Hicks SAPIEN Technologies - Scripting, Simplified. "Those who forget to script it are doomed to repeat it."

RE: Set a new file owner /\/\o\/\/ [MVP] 27.06.2007 17:24:00 Jeffery, you can only set it to administrators or your account, this is a "security" restriction I think (not a good one, as the good guys need it hardly (quota etc) and the bad guys can do it anyway) , with the GUI support I did think MS finaly realised that and Yes !! I got SetOwner working in Monad beta 2, that also had the Beta 2.0 framework and added it to my typeinfo http://mow001.blogspot.com/2005/10/getting-and-using-securityprincipal.html I was very glad with it, finaly but it does not work anymore in powershell 1.0 (.NET 2.0 RTM ) seems they removed the support for setting a owther owner again in the final 2.0 framework. grrr. Greetings /\/\o\/\/ "Jeffery Hicks" wrote: [Quoted Text] > My forehead is bruised from trying to come up with simple code to set a > new owner for a file. Something like this should work > > $file=".\file.txt" > [System.Security.Principal.NTAccount]$newOwner="mydomain\roygbiv" > $var=get-item $file > $acl=$var.GetAccessControl() > $acl.SetOwner($NewOwner) > $var.SetAccessControl($acl) > > But I always get: Exception calling "SetAccessControl" with "1" > argument(s): "The security identifier is not allowed to be the owner of > this object." > > I'm doing this on a Windows 2003 SP2 server. I can assign the owner in > the GUI. > > I can also get this far: > PS C:\public> $x=get-acl $file > PS C:\public> $x.SetOwner($newOwner) > > Looking at $x shows the new owner. But I can't find a way to "set" the > new owner. I don't know if I'm using the wrong principal type or what. > > I've also tried variations with Get-Acl and Set-Acl, but also with no luck. > > I found some older posts on mucking around with principal policies but > that looked like pre-release code. > > > -- > Jeffery Hicks > SAPIEN Technologies - Scripting, Simplified. > > "Those who forget to script it are doomed to repeat it." > >

Re: Set a new file owner Jeffery Hicks <jhicks[ at ]sapien.com> 27.06.2007 18:10:49 //o// [MVP] wrote: [Quoted Text] > Jeffery, > > you can only set it to administrators or your account, > this is a "security" restriction I think (not a good one, as the good guys > need it hardly (quota etc) and the bad guys can do it anyway) , with the GUI > support I did think MS finaly realised that > > and Yes !! > I got SetOwner working in Monad beta 2, that also had the Beta 2.0 framework > and added it to my typeinfo > > http://mow001.blogspot.com/2005/10/getting-and-using-securityprincipal.html > > I was very glad with it, finaly > but it does not work anymore in powershell 1.0 (.NET 2.0 RTM ) seems they > removed the support for setting a owther owner again in the final 2.0 > framework. > > grrr. > > Greetings /\/\o\/\/ > > "Jeffery Hicks" wrote: > >> My forehead is bruised from trying to come up with simple code to set a >> new owner for a file. Something like this should work >> >> $file=".\file.txt" >> [System.Security.Principal.NTAccount]$newOwner="mydomain\roygbiv" >> $var=get-item $file >> $acl=$var.GetAccessControl() >> $acl.SetOwner($NewOwner) >> $var.SetAccessControl($acl) >> >> But I always get: Exception calling "SetAccessControl" with "1" >> argument(s): "The security identifier is not allowed to be the owner of >> this object." >> >> I'm doing this on a Windows 2003 SP2 server. I can assign the owner in >> the GUI. >> >> I can also get this far: >> PS C:\public> $x=get-acl $file >> PS C:\public> $x.SetOwner($newOwner) >> >> Looking at $x shows the new owner. But I can't find a way to "set" the >> new owner. I don't know if I'm using the wrong principal type or what. >> >> I've also tried variations with Get-Acl and Set-Acl, but also with no luck. >> >> I found some older posts on mucking around with principal policies but >> that looked like pre-release code. >> >> >> -- >> Jeffery Hicks >> SAPIEN Technologies - Scripting, Simplified. >> >> "Those who forget to script it are doomed to repeat it." >> >> Since I could do it in the GUI (which you could never do before), I was still hoping to do it from PowerShell but it apparently isn't meant to be. I suppose the workaround is to add an ACL to give the user the TakeControl permission. At least now I can stop banging my head on my desk. -- Jeffery Hicks SAPIEN Technologies - Scripting, Simplified. blog: http://blog.SAPIEN.com Community: http://www.scriptinganswers.com Training: http://www.ScriptingTraining.com Books: http://www.SAPIENPress.com Editor: http://www.primalscript.com Tools: http://www.scriptingoutpost.com "Those who forget to script it are doomed to repeat it."

Re: Set a new file owner "/\\/\\o\\/\\/ [MVP]" <mow001[ at ]hotmail.NoSpam> 27.06.2007 18:18:10 big disapointment for me also but you can still do it using API's I made a setowner in VB.NET before, as it did work in the beta I was glad I did not need it anymore, but now I have to search for the source again or better yet I have to find a opensource .NET library I can steal, uhh use now , and load into powershell. keep you posted ;-) Greetings /\/\o\/\/ "Jeffery Hicks" <jhicks[ at ]sapien.com> wrote in message news:Owd6AaOuHHA.484[ at ]TK2MSFTNGP06.phx.gbl... [Quoted Text] > //o// [MVP] wrote: >> Jeffery, >> >> you can only set it to administrators or your account, >> this is a "security" restriction I think (not a good one, as the good >> guys need it hardly (quota etc) and the bad guys can do it anyway) , with >> the GUI support I did think MS finaly realised that >> >> and Yes !! >> I got SetOwner working in Monad beta 2, that also had the Beta 2.0 >> framework >> and added it to my typeinfo >> http://mow001.blogspot.com/2005/10/getting-and-using-securityprincipal.html >> >> I was very glad with it, finaly but it does not work anymore in >> powershell 1.0 (.NET 2.0 RTM ) seems they removed the support for setting >> a owther owner again in the final 2.0 framework. >> >> grrr. >> >> Greetings /\/\o\/\/ >> >> "Jeffery Hicks" wrote: >> >>> My forehead is bruised from trying to come up with simple code to set a >>> new owner for a file. Something like this should work >>> >>> $file=".\file.txt" >>> [System.Security.Principal.NTAccount]$newOwner="mydomain\roygbiv" >>> $var=get-item $file >>> $acl=$var.GetAccessControl() >>> $acl.SetOwner($NewOwner) >>> $var.SetAccessControl($acl) >>> >>> But I always get: Exception calling "SetAccessControl" with "1" >>> argument(s): "The security identifier is not allowed to be the owner of >>> this object." >>> >>> I'm doing this on a Windows 2003 SP2 server. I can assign the owner in >>> the GUI. >>> >>> I can also get this far: >>> PS C:\public> $x=get-acl $file >>> PS C:\public> $x.SetOwner($newOwner) >>> >>> Looking at $x shows the new owner. But I can't find a way to "set" the >>> new owner. I don't know if I'm using the wrong principal type or what. >>> >>> I've also tried variations with Get-Acl and Set-Acl, but also with no >>> luck. >>> >>> I found some older posts on mucking around with principal policies but >>> that looked like pre-release code. >>> >>> >>> -- >>> Jeffery Hicks >>> SAPIEN Technologies - Scripting, Simplified. >>> >>> "Those who forget to script it are doomed to repeat it." >>> >>> > > Since I could do it in the GUI (which you could never do before), I was > still hoping to do it from PowerShell but it apparently isn't meant to be. > I suppose the workaround is to add an ACL to give the user the TakeControl > permission. > > At least now I can stop banging my head on my desk. > > -- > Jeffery Hicks > SAPIEN Technologies - Scripting, Simplified. > > blog: http://blog.SAPIEN.com > Community: http://www.scriptinganswers.com > Training: http://www.ScriptingTraining.com > Books: http://www.SAPIENPress.com > Editor: http://www.primalscript.com > Tools: http://www.scriptingoutpost.com > > "Those who forget to script it are doomed to repeat it." >

Re: Set a new file owner "/\\/\\o\\/\\/ [MVP]" <mow001[ at ]hotmail.NoSpam> 27.06.2007 18:34:21 [ at ] PSCX ;-) the API wrappers needed are in here : http://www.gotdotnet.com/Community/UserSamples/Details.aspx?SampleGuid=e6098575-dda0-48b8-9abf-e0705af065d9 please ;-) as I did this in VS2002 it's a bit rusty Greetings /\/\o\/\/ "/\/\o\/\/ [MVP]" <mow001[ at ]hotmail.NoSpam> wrote in message news:27E0838B-D33D-465E-A6C6-FF722E569053[ at ]microsoft.com... [Quoted Text] > big disapointment for me also but you can still do it using API's > > I made a setowner in VB.NET before, as it did work in the beta I was glad > I did not need it anymore, but now I have to search for the source > again or better yet I have to find a opensource .NET library I can steal, > uhh use now , and load into powershell. > > keep you posted ;-) > > Greetings /\/\o\/\/ > > "Jeffery Hicks" <jhicks[ at ]sapien.com> wrote in message > news:Owd6AaOuHHA.484[ at ]TK2MSFTNGP06.phx.gbl... >> //o// [MVP] wrote: >>> Jeffery, >>> >>> you can only set it to administrators or your account, >>> this is a "security" restriction I think (not a good one, as the good >>> guys need it hardly (quota etc) and the bad guys can do it anyway) , >>> with the GUI support I did think MS finaly realised that >>> >>> and Yes !! >>> I got SetOwner working in Monad beta 2, that also had the Beta 2.0 >>> framework >>> and added it to my typeinfo >>> http://mow001.blogspot.com/2005/10/getting-and-using-securityprincipal.html >>> >>> I was very glad with it, finaly but it does not work anymore in >>> powershell 1.0 (.NET 2.0 RTM ) seems they removed the support for >>> setting a owther owner again in the final 2.0 framework. >>> >>> grrr. >>> >>> Greetings /\/\o\/\/ >>> >>> "Jeffery Hicks" wrote: >>> >>>> My forehead is bruised from trying to come up with simple code to set a >>>> new owner for a file. Something like this should work >>>> >>>> $file=".\file.txt" >>>> [System.Security.Principal.NTAccount]$newOwner="mydomain\roygbiv" >>>> $var=get-item $file >>>> $acl=$var.GetAccessControl() >>>> $acl.SetOwner($NewOwner) >>>> $var.SetAccessControl($acl) >>>> >>>> But I always get: Exception calling "SetAccessControl" with "1" >>>> argument(s): "The security identifier is not allowed to be the owner of >>>> this object." >>>> >>>> I'm doing this on a Windows 2003 SP2 server. I can assign the owner in >>>> the GUI. >>>> >>>> I can also get this far: >>>> PS C:\public> $x=get-acl $file >>>> PS C:\public> $x.SetOwner($newOwner) >>>> >>>> Looking at $x shows the new owner. But I can't find a way to "set" the >>>> new owner. I don't know if I'm using the wrong principal type or what. >>>> >>>> I've also tried variations with Get-Acl and Set-Acl, but also with no >>>> luck. >>>> >>>> I found some older posts on mucking around with principal policies but >>>> that looked like pre-release code. >>>> >>>> >>>> -- >>>> Jeffery Hicks >>>> SAPIEN Technologies - Scripting, Simplified. >>>> >>>> "Those who forget to script it are doomed to repeat it." >>>> >>>> >> >> Since I could do it in the GUI (which you could never do before), I was >> still hoping to do it from PowerShell but it apparently isn't meant to >> be. I suppose the workaround is to add an ACL to give the user the >> TakeControl permission. >> >> At least now I can stop banging my head on my desk. >> >> -- >> Jeffery Hicks >> SAPIEN Technologies - Scripting, Simplified. >> >> blog: http://blog.SAPIEN.com >> Community: http://www.scriptinganswers.com >> Training: http://www.ScriptingTraining.com >> Books: http://www.SAPIENPress.com >> Editor: http://www.primalscript.com >> Tools: http://www.scriptingoutpost.com >> >> "Those who forget to script it are doomed to repeat it." >> >

Re: Set a new file owner /\/\o\/\/ [MVP] 27.06.2007 19:36:04 b.t.w. ofcourse SubinAcl still works in powershell. but only for this a bit much overhead and setowner.exe is not AV proof ;-) "/\/\o\/\/ [MVP]" wrote: [Quoted Text] > [ at ] PSCX ;-) > the API wrappers needed are in here : > http://www.gotdotnet.com/Community/UserSamples/Details.aspx?SampleGuid=e6098575-dda0-48b8-9abf-e0705af065d9 > > please ;-) > as I did this in VS2002 it's a bit rusty > > Greetings /\/\o\/\/ > > "/\/\o\/\/ [MVP]" <mow001[ at ]hotmail.NoSpam> wrote in message > news:27E0838B-D33D-465E-A6C6-FF722E569053[ at ]microsoft.com... > > big disapointment for me also but you can still do it using API's > > > > I made a setowner in VB.NET before, as it did work in the beta I was glad > > I did not need it anymore, but now I have to search for the source > > again or better yet I have to find a opensource .NET library I can steal, > > uhh use now , and load into powershell. > > > > keep you posted ;-) > > > > Greetings /\/\o\/\/ > > > > "Jeffery Hicks" <jhicks[ at ]sapien.com> wrote in message > > news:Owd6AaOuHHA.484[ at ]TK2MSFTNGP06.phx.gbl... > >> //o// [MVP] wrote: > >>> Jeffery, > >>> > >>> you can only set it to administrators or your account, > >>> this is a "security" restriction I think (not a good one, as the good > >>> guys need it hardly (quota etc) and the bad guys can do it anyway) , > >>> with the GUI support I did think MS finaly realised that > >>> > >>> and Yes !! > >>> I got SetOwner working in Monad beta 2, that also had the Beta 2.0 > >>> framework > >>> and added it to my typeinfo > >>> http://mow001.blogspot.com/2005/10/getting-and-using-securityprincipal.html > >>> > >>> I was very glad with it, finaly but it does not work anymore in > >>> powershell 1.0 (.NET 2.0 RTM ) seems they removed the support for > >>> setting a owther owner again in the final 2.0 framework. > >>> > >>> grrr. > >>> > >>> Greetings /\/\o\/\/ > >>> > >>> "Jeffery Hicks" wrote: > >>> > >>>> My forehead is bruised from trying to come up with simple code to set a > >>>> new owner for a file. Something like this should work > >>>> > >>>> $file=".\file.txt" > >>>> [System.Security.Principal.NTAccount]$newOwner="mydomain\roygbiv" > >>>> $var=get-item $file > >>>> $acl=$var.GetAccessControl() > >>>> $acl.SetOwner($NewOwner) > >>>> $var.SetAccessControl($acl) > >>>> > >>>> But I always get: Exception calling "SetAccessControl" with "1" > >>>> argument(s): "The security identifier is not allowed to be the owner of > >>>> this object." > >>>> > >>>> I'm doing this on a Windows 2003 SP2 server. I can assign the owner in > >>>> the GUI. > >>>> > >>>> I can also get this far: > >>>> PS C:\public> $x=get-acl $file > >>>> PS C:\public> $x.SetOwner($newOwner) > >>>> > >>>> Looking at $x shows the new owner. But I can't find a way to "set" the > >>>> new owner. I don't know if I'm using the wrong principal type or what. > >>>> > >>>> I've also tried variations with Get-Acl and Set-Acl, but also with no > >>>> luck. > >>>> > >>>> I found some older posts on mucking around with principal policies but > >>>> that looked like pre-release code. > >>>> > >>>> > >>>> -- > >>>> Jeffery Hicks > >>>> SAPIEN Technologies - Scripting, Simplified. > >>>> > >>>> "Those who forget to script it are doomed to repeat it." > >>>> > >>>> > >> > >> Since I could do it in the GUI (which you could never do before), I was > >> still hoping to do it from PowerShell but it apparently isn't meant to > >> be. I suppose the workaround is to add an ACL to give the user the > >> TakeControl permission. > >> > >> At least now I can stop banging my head on my desk. > >> > >> -- > >> Jeffery Hicks > >> SAPIEN Technologies - Scripting, Simplified. > >> > >> blog: http://blog.SAPIEN.com > >> Community: http://www.scriptinganswers.com > >> Training: http://www.ScriptingTraining.com > >> Books: http://www.SAPIENPress.com > >> Editor: http://www.primalscript.com > >> Tools: http://www.scriptingoutpost.com > >> > >> "Those who forget to script it are doomed to repeat it." > >> > > >

Re: Set a new file owner Jeffery Hicks <jhicks[ at ]sapien.com> 27.06.2007 22:36:23 //o// [MVP] wrote: [Quoted Text] > b.t.w. ofcourse SubinAcl still works in powershell. > but only for this a bit much overhead and setowner.exe is not AV proof ;-) > > "/\/\o\/\/ [MVP]" wrote: > >> [ at ] PSCX ;-) >> the API wrappers needed are in here : >> http://www.gotdotnet.com/Community/UserSamples/Details.aspx?SampleGuid=e6098575-dda0-48b8-9abf-e0705af065d9 >> >> please ;-) >> as I did this in VS2002 it's a bit rusty >> >> Greetings /\/\o\/\/ >> >> "/\/\o\/\/ [MVP]" <mow001[ at ]hotmail.NoSpam> wrote in message >> news:27E0838B-D33D-465E-A6C6-FF722E569053[ at ]microsoft.com... >>> big disapointment for me also but you can still do it using API's >>> >>> I made a setowner in VB.NET before, as it did work in the beta I was glad >>> I did not need it anymore, but now I have to search for the source >>> again or better yet I have to find a opensource .NET library I can steal, >>> uhh use now , and load into powershell. >>> >>> keep you posted ;-) >>> >>> Greetings /\/\o\/\/ >>> >>> "Jeffery Hicks" <jhicks[ at ]sapien.com> wrote in message >>> news:Owd6AaOuHHA.484[ at ]TK2MSFTNGP06.phx.gbl... >>>> //o// [MVP] wrote: >>>>> Jeffery, >>>>> >>>>> you can only set it to administrators or your account, >>>>> this is a "security" restriction I think (not a good one, as the good >>>>> guys need it hardly (quota etc) and the bad guys can do it anyway) , >>>>> with the GUI support I did think MS finaly realised that >>>>> >>>>> and Yes !! >>>>> I got SetOwner working in Monad beta 2, that also had the Beta 2.0 >>>>> framework >>>>> and added it to my typeinfo >>>>> http://mow001.blogspot.com/2005/10/getting-and-using-securityprincipal.html >>>>> >>>>> I was very glad with it, finaly but it does not work anymore in >>>>> powershell 1.0 (.NET 2.0 RTM ) seems they removed the support for >>>>> setting a owther owner again in the final 2.0 framework. >>>>> >>>>> grrr. >>>>> >>>>> Greetings /\/\o\/\/ >>>>> >>>>> "Jeffery Hicks" wrote: >>>>> >>>>>> My forehead is bruised from trying to come up with simple code to set a >>>>>> new owner for a file. Something like this should work >>>>>> >>>>>> $file=".\file.txt" >>>>>> [System.Security.Principal.NTAccount]$newOwner="mydomain\roygbiv" >>>>>> $var=get-item $file >>>>>> $acl=$var.GetAccessControl() >>>>>> $acl.SetOwner($NewOwner) >>>>>> $var.SetAccessControl($acl) >>>>>> >>>>>> But I always get: Exception calling "SetAccessControl" with "1" >>>>>> argument(s): "The security identifier is not allowed to be the owner of >>>>>> this object." >>>>>> >>>>>> I'm doing this on a Windows 2003 SP2 server. I can assign the owner in >>>>>> the GUI. >>>>>> >>>>>> I can also get this far: >>>>>> PS C:\public> $x=get-acl $file >>>>>> PS C:\public> $x.SetOwner($newOwner) >>>>>> >>>>>> Looking at $x shows the new owner. But I can't find a way to "set" the >>>>>> new owner. I don't know if I'm using the wrong principal type or what. >>>>>> >>>>>> I've also tried variations with Get-Acl and Set-Acl, but also with no >>>>>> luck. >>>>>> >>>>>> I found some older posts on mucking around with principal policies but >>>>>> that looked like pre-release code. >>>>>> >>>>>> >>>>>> -- >>>>>> Jeffery Hicks >>>>>> SAPIEN Technologies - Scripting, Simplified. >>>>>> >>>>>> "Those who forget to script it are doomed to repeat it." >>>>>> >>>>>> >>>> Since I could do it in the GUI (which you could never do before), I was >>>> still hoping to do it from PowerShell but it apparently isn't meant to >>>> be. I suppose the workaround is to add an ACL to give the user the >>>> TakeControl permission. >>>> >>>> At least now I can stop banging my head on my desk. >>>> >>>> -- >>>> Jeffery Hicks >>>> SAPIEN Technologies - Scripting, Simplified. >>>> >>>> blog: http://blog.SAPIEN.com >>>> Community: http://www.scriptinganswers.com >>>> Training: http://www.ScriptingTraining.com >>>> Books: http://www.SAPIENPress.com >>>> Editor: http://www.primalscript.com >>>> Tools: http://www.scriptingoutpost.com >>>> >>>> "Those who forget to script it are doomed to repeat it." >>>> I've confirmed that this WILL work: $file=".\file.txt" [System.Security.Principal.NTAccount]$newOwner="Administrators" $var=get-item $file $acl=$var.GetAccessControl() $acl.SetOwner($NewOwner) $var.SetAccessControl($acl) The new owner must be the Administrators group or a domain admin account. This is true on XP and Windows 2003 SP2. Even though the 2003 GUI lets you assign ownership, PowerShell can't. -- Jeffery Hicks SAPIEN Technologies - Scripting, Simplified. blog: http://blog.SAPIEN.com Community: http://www.scriptinganswers.com Training: http://www.ScriptingTraining.com Books: http://www.SAPIENPress.com Editor: http://www.primalscript.com Tools: http://www.scriptingoutpost.com "Those who forget to script it are doomed to repeat it."

Re: Set a new file owner /\/\o\/\/ [MVP] 12.07.2007 22:52:04 /\/\o\/\/ is glad to anounce, Coming soon in a Shell near you .. Oisin's Get-Owner and Set-Owner : PoSH> Get-Owner test1.ps1 Value ----- BUILTIN\Administrators PoSH> Set-Owner test1.ps1 -AccountName User1 Set-Owner F:\PowerShell\test\test1.ps1 Change owner from BUILTIN\Administrators to User1? [Y] Yes [N] No [S] Suspend [?] Help (default is "Y"): y PoSH> Get-Owner test1.ps1 Value ----- POSHWORKS\User1 Kudos and much thanks to X0N, for making this great cmdlets for me and the rest of the community, not more SubInAcl !!. this Cmdlet will be available in PSCX 1.2 and will be posted tomorrow on my blog . wow again, what a great PowerShell community we have !!! Greetings /\/\o\/\/ "Jeffery Hicks" wrote: [Quoted Text] > //o// [MVP] wrote: > > b.t.w. ofcourse SubinAcl still works in powershell. > > but only for this a bit much overhead and setowner.exe is not AV proof ;-) > > > > "/\/\o\/\/ [MVP]" wrote: > > > >> [ at ] PSCX ;-) > >> the API wrappers needed are in here : > >> http://www.gotdotnet.com/Community/UserSamples/Details.aspx?SampleGuid=e6098575-dda0-48b8-9abf-e0705af065d9 > >> > >> please ;-) > >> as I did this in VS2002 it's a bit rusty > >> > >> Greetings /\/\o\/\/ > >> > >> "/\/\o\/\/ [MVP]" <mow001[ at ]hotmail.NoSpam> wrote in message > >> news:27E0838B-D33D-465E-A6C6-FF722E569053[ at ]microsoft.com... > >>> big disapointment for me also but you can still do it using API's > >>> > >>> I made a setowner in VB.NET before, as it did work in the beta I was glad > >>> I did not need it anymore, but now I have to search for the source > >>> again or better yet I have to find a opensource .NET library I can steal, > >>> uhh use now , and load into powershell. > >>> > >>> keep you posted ;-) > >>> > >>> Greetings /\/\o\/\/ > >>> > >>> "Jeffery Hicks" <jhicks[ at ]sapien.com> wrote in message > >>> news:Owd6AaOuHHA.484[ at ]TK2MSFTNGP06.phx.gbl... > >>>> //o// [MVP] wrote: > >>>>> Jeffery, > >>>>> > >>>>> you can only set it to administrators or your account, > >>>>> this is a "security" restriction I think (not a good one, as the good > >>>>> guys need it hardly (quota etc) and the bad guys can do it anyway) , > >>>>> with the GUI support I did think MS finaly realised that > >>>>> > >>>>> and Yes !! > >>>>> I got SetOwner working in Monad beta 2, that also had the Beta 2.0 > >>>>> framework > >>>>> and added it to my typeinfo > >>>>> http://mow001.blogspot.com/2005/10/getting-and-using-securityprincipal.html > >>>>> > >>>>> I was very glad with it, finaly but it does not work anymore in > >>>>> powershell 1.0 (.NET 2.0 RTM ) seems they removed the support for > >>>>> setting a owther owner again in the final 2.0 framework. > >>>>> > >>>>> grrr. > >>>>> > >>>>> Greetings /\/\o\/\/ > >>>>> > >>>>> "Jeffery Hicks" wrote: > >>>>> > >>>>>> My forehead is bruised from trying to come up with simple code to set a > >>>>>> new owner for a file. Something like this should work > >>>>>> > >>>>>> $file=".\file.txt" > >>>>>> [System.Security.Principal.NTAccount]$newOwner="mydomain\roygbiv" > >>>>>> $var=get-item $file > >>>>>> $acl=$var.GetAccessControl() > >>>>>> $acl.SetOwner($NewOwner) > >>>>>> $var.SetAccessControl($acl) > >>>>>> > >>>>>> But I always get: Exception calling "SetAccessControl" with "1" > >>>>>> argument(s): "The security identifier is not allowed to be the owner of > >>>>>> this object." > >>>>>> > >>>>>> I'm doing this on a Windows 2003 SP2 server. I can assign the owner in > >>>>>> the GUI. > >>>>>> > >>>>>> I can also get this far: > >>>>>> PS C:\public> $x=get-acl $file > >>>>>> PS C:\public> $x.SetOwner($newOwner) > >>>>>> > >>>>>> Looking at $x shows the new owner. But I can't find a way to "set" the > >>>>>> new owner. I don't know if I'm using the wrong principal type or what. > >>>>>> > >>>>>> I've also tried variations with Get-Acl and Set-Acl, but also with no > >>>>>> luck. > >>>>>> > >>>>>> I found some older posts on mucking around with principal policies but > >>>>>> that looked like pre-release code. > >>>>>> > >>>>>> > >>>>>> -- > >>>>>> Jeffery Hicks > >>>>>> SAPIEN Technologies - Scripting, Simplified. > >>>>>> > >>>>>> "Those who forget to script it are doomed to repeat it." > >>>>>> > >>>>>> > >>>> Since I could do it in the GUI (which you could never do before), I was > >>>> still hoping to do it from PowerShell but it apparently isn't meant to > >>>> be. I suppose the workaround is to add an ACL to give the user the > >>>> TakeControl permission. > >>>> > >>>> At least now I can stop banging my head on my desk. > >>>> > >>>> -- > >>>> Jeffery Hicks > >>>> SAPIEN Technologies - Scripting, Simplified. > >>>> > >>>> blog: http://blog.SAPIEN.com > >>>> Community: http://www.scriptinganswers.com > >>>> Training: http://www.ScriptingTraining.com > >>>> Books: http://www.SAPIENPress.com > >>>> Editor: http://www.primalscript.com > >>>> Tools: http://www.scriptingoutpost.com > >>>> > >>>> "Those who forget to script it are doomed to repeat it." > >>>> > > I've confirmed that this WILL work: > > $file=".\file.txt" > [System.Security.Principal.NTAccount]$newOwner="Administrators" > $var=get-item $file > $acl=$var.GetAccessControl() > $acl.SetOwner($NewOwner) > $var.SetAccessControl($acl) > > The new owner must be the Administrators group or a domain admin > account. This is true on XP and Windows 2003 SP2. Even though the 2003 > GUI lets you assign ownership, PowerShell can't. > > -- > Jeffery Hicks > SAPIEN Technologies - Scripting, Simplified. > > blog: http://blog.SAPIEN.com > Community: http://www.scriptinganswers.com > Training: http://www.ScriptingTraining.com > Books: http://www.SAPIENPress.com > Editor: http://www.primalscript.com > Tools: http://www.scriptingoutpost.com > > "Those who forget to script it are doomed to repeat it." > >