Network and Storage Protocols

Ontap CIFS Shares with 'System' Permissions



We have a volume which contains a top level share for folders which an application creates.

The top level is set to the required permissions - However...

This application has been creating folders with NTFS security where the user and SYSTEM are the only people with access.

The SAN\Administrators account is the owner.

I need a way to emulate the 'SYSTEM' account to run DSACL with or something to that affect to re-permissions the folders.

Has anyone seen a requirement like this before?




If it is XP/2003 machine you can initiate cmd.exe through AT command which will bring up cmd.exe under "System" account. you can run any application from that command windows will open it under system account.

AT time /interactive cmd.exe

On Vista onwards the interactive mode doesn't work so eventhough the application opens up it will not come on to the desktop. So simple method is run using psexec, a free tool available on sysinternals webpage. check for "PsTools".

psexec -i -s cmd.exe