OWNERSHIP AND PERMISSION

Similar Messages

• Can't mount external Hard drive and Can't change the ownership and permiss.

  Hello everyone, got a problem and maybe someone here will know. Apple care can't help because this is due to an external piece. I have a hard drive external. I partitioned it into two hard drives. Long ago, I opened the information window for one of my partitioned drives. And changed the ownership and permission to "no access". I do this all the time to keep my files from being read if its not the administrator (me). Just recently I plugged in my hard drive (firewire and USB). Only one drive mounts on the desk top. I cannot see my other partitioned hard drive and I can' access it to change the ownership and permission with "apple key and I".. I can see a trace of the two partitioned hard drives when I use disc utility. But again it won't let me change the ownership so I can mount this again. How do I access my harddrive without refomatting? I have tried to mount this with both of my apple laptops..no luck yet. Please help, anyone.

  Hi, Donnie. Welcome to the Discussions.
  What part of "No Access" was unclear?
  "No Access" means no access for anyone.
  To fix this:
  1. Launch Terminal, which resides in the Macintosh HD > Applications > Utilities folder.
  2. At the Terminal prompt, type the following command:
  sudo chmod a+rwx "/Volumes/partition_name"
  where: partition_name is the name of the affected partition.
  3. Press Return.
  4. Type your Admin password when prompted, then press Return.
  5. At the Terminal prompt, type exit and press Return.
  6. Quit (Command-Q) Terminal.
  7. Relaunch Finder: Press and hold the Option key, click and hold mouse button 1 on the Finder icon in the Dock, select "Relaunch" from the Finder icon's contextual menu.
  You should then see the volume, or be able to use Disk Utility to Unmount it, then Mount it and see it.
  Reset the permissions for Group and Other on the partition as desired. Do not change the permissions for Owner.
  If you want a volume / partition unmounted at startup, see:
  • this tip Mac OS X Hints, or...
  • this tip on the OSX86 Project forums.
  Good luck!
  Dr. Smoke
  Author: Troubleshooting Mac® OS X

• DNS record ownership and the DnsUpdateProxy group

  I have a 2 x 2003 domain controller that have DNS and DHCP Services installed
  I was thinking of configuring DHCP to use a service account to update DNS records.
  If I set this, do the DHCP Servers need to be members of the DNSUpdateProxy security group for the service account to work?>

  I have to agree with John here. I don't think it's reasonable to just say 'ms told us so'. We need a
  technical before and answer is given. I have multiple DHCP servers and I use a security account on them to register the records and never use the
  DNSUpdateProxy Group and I have no problems. My thinking is this:
  Assume we are using Integrated Secure Zones in AD:
  Scenario 1:
  Windows DHCP server i registering records on behalf of clients
  Not a member of DNSUpdateProxy Group and not using dedicated account
  Records will have owner as dhcpserver$  and only that account can update
  This is a problem if that DHCP server fails
  Also, non Windows DHCP server with no AD account cannot update
  Scenario 2:
  Windows DHCP server i registering records on behalf of clients
  Member of DNSUpdateProxy Group and not using dedicated account
  Records will have owner as SYSTEM  and authenticated users can updated meaning any user or client on that domain
  No problem if that DHCP server fails as any other authorized DHCP server can update
  Non Windows DHCP servers can updated if they have a domain machine account
  Scenario 3:
  Windows DHCP server i registering records on behalf of clients
  Using a dedicated account
  Records added with owner same as this dedicated account
  Another DHCP server that also uses this same account can updated the records
  A non windows DHCP server that can use this account can also update the records
  Now, can someone from MS please clarify the technical reason they say that in Scenario 3, you must add the DHCP servers to the
  DNSUpdateProxy group ?
  http://technet.microsoft.com/en-us/library/cc780538(v=ws.10).aspx
  I guess this link didn't help?
  DNS Record Ownership and the DnsUpdateProxy Group
  "... to protect against unsecured records or to permit members of the DnsUpdateProxy group to register records in zones that allow only secured dynamic updates, you must create a dedicated user account and configure DHCP servers to perform DNS dynamic updates
  with the credentials of this account (user name, password, and domain). Multiple DHCP servers can use the credentials of one dedicated user account."
  http://technet.microsoft.com/en-us/library/dd334715(WS.10).aspx
  Just to add:
  Why is the DnsUpdateProxy group needed in conjunction with credentials?
  The technical reason is twofold:
  DnsUpdateProxy:
   Objects created by members of the DNSUpdateProxy group have no security; therefore, any authenticated user can take ownership of the objects.
  DHCP Credentials:
   Forces ownership to the account used in the credentials, which the DnsUpdateProxy group allowed to take ownership other than the registering client.
  Otherwise, the default process is outlined below, and this applies to non-Microsoft operating systems, too, but please note that non-Microsoft operating systems can't use Kerberos to authenticate to dynbamically update into a Secure Only zone, however
  you can configure Windows DHCP to do that for you.
  1. By default, Windows 2000 and newer statically configured machines will
  register their own A record (hostname) and PTR (reverse entry) into DNS.
  2. If set to DHCP, a Windows 2000, 2003 or XP machine, will request DHCP to allow
  the machine itself to register its own A (forward entry) record, but DHCP will register its PTR
  (reverse entry) record.
  3. If Windows 2008/Vista, or newer, the DHCP server always registers and updates client information in DNS.
     Note: "This is a modified configuration supported for DHCP servers
           running Windows Server 2008 and DHCP clients. In this mode,
           the DHCP server always performs updates of the client's FQDN,
           leased IP address information, and both its host (A) and
           pointer (PTR) resource records, regardless of whether the
           client has requested to perform its own updates."
           Quoted from, and more info on this, see:
  http://technet.microsoft.com/en-us/library/dd145315(v=WS.10).aspx
  4. The entity that registers the record in DNS, owns the record.
     Note "With secure dynamic update, only the computers and users you specify
          in an ACL can create or modify dnsNode objects within the zone.
          By default, the ACL gives Create permission to all members of the
          Authenticated User group, the group of all authenticated computers
          and users in an Active Directory forest. This means that any
          authenticated user or computer can create a new object in the zone.
          Also by default, the creator owns the new object and is given full control of it."
          Quoted from, and more info on this:
  http://technet.microsoft.com/en-us/library/cc961412.aspx
  More on this discussed in:
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/6f5b82cf-48df-495e-b628-6b1a9a0876ba/regular-domain-user-uses-rsat-to-create-dns-records?forum=winserverNIS
  If that doesn't help, I highly suggest to contact Microsoft Support to get a definitive response. If you do, I would be highly curious what they say if it's any different than what I found out from the product group (mentioned earlier in this thread).
  And of course, if you can update what you find out, it will surely benefit others reading this thread that have the same question!
  Thank you!
  Ace Fekay
  MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
  Microsoft Certified Trainer
  Microsoft MVP - Directory Services
  Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
  This posting is provided AS-IS with no warranties or guarantees and confers no rights.

• Messed up ownership and permissions, now I'm stuck in Terminal

  I tried to make a couple of volumes inaccessible to others (via Ownership and Permissions in the Get Info pane for each drive) and I guess I did it to my boot drive too. Now when I boot I get the Terminal, and I'm clueless there. How do I undo what I've done so that I can use this box?
  In the long run I'd like to require a password to view the contents of my drives (help with that is welcome) but in the short term full access would be fine.
  Terminal asks me to login, which I do, and then says "Welcome to Darwin!"
  What do I do next?

  cornelius
  Are there any guidelines for working with Ownership and Permissions in Get Info?Well, there are several KB documents on permissions, but not a lot of guidance. The most relevant are, perhaps, Mac OS X 10.2: How to Change Ownership & Permissions Using the Finder and Mac OS X: Troubleshooting Permissions Issues.
  In the latter, there is some guidance:
  Warning: This document describes how you may modify permission settings by entering commands in the Terminal application. Users unfamiliar with Terminal and UNIX-style environments should proceed with caution. The entry of incorrect commands may result in data loss and/or unusable system software. Improper alteration of permissions can result in reduced system security and/or exposure of private data.Basically my advice would be to leave everything outside your Home folder alone unless you really know what you are doing. If you have accidentally changed something outside the Users folder, run Repair Permissions to get it back as it should be.
  Edit: and read Niel's advice (I went to bed just after reading your post since it was twenty past one here, and didn't "Refresh" before replying, so didn't see Niel had posted).

• Discoverer Report Ownership and Exports

  We are currently upgrading to R12 from 11.5.10 and I’m looking to migrate discoverer with it. The environment and set up of disco has been completed however there are a few issues around migrating the existing reports and EUL I’m not sure about. I would appreciate some views / advice on the following:
  1) We have reports owned by a lot of people across the organisation, many of these I cant see as the discoverer admin user (but can from the DB tables), meaning I cant migrate them as .eex without getting the owner to share the reports out to out disco admin user.
  2) For the ones I can see if I import them I get a message in the log that I cant modify a report I don’t own, whilst taking ownership by saving the report is an option, the report must then be visible to the original owner in the new environment so requires sharing with them (but done for 700+ reports)
  3) I need to migrate associated EUL objects with the reports however without going through each report manually I cant see which reports are dependant on which EUL object (I assume this is available in the DB somewhere but I’m new to this so I’m still looking)
  The method of exporting as .eex files and importing into the new environment doesn’t appear to be cutting it for this task. I have read there are ways to export or clone the EUL and reports as a whole however we don’t want to take everything across only a selection of reports from the old environment.
  There must be a better way of migrating the required reports and associated EUL objects and resolving ownership and sharing?
  any help would be appreciated
  Edited by: SolHill on 11-Oct-2011 09:11

  Thanks for the replies – they are very helpful
  I have been looking at the Java Command line interface and attempting to share out workbooks to my user on our DEV environment with some small success
  I tried the following:
  -connect EUL_US/EUL_US@DB –grant_privilage –workbook_access “WORK_BOOK_1” –roll “SOLHILL”
  This gave me the following message:
  “A Subdirectory or file . already exsits.”
  “Command Complete”
  But didn’t appear to actually do anything, the workbook remains unshared
  I played with the command and used the following:
  -connect DISCO_ADMIN_USER /pswrd@DB –apps_user –apps_responsibility “Discoverer_admin” –grant_privilage –
  workbook_access “WORK_BOOK_1” –roll “SOLHILL”
  This gave the following message
  “A Subdirectory or file . already exsits.”
  “afenv: can’t open registry key”
  “afenv: can’t open registry key”
  “afenv: can’t open registry key”
  “afenv: can’t open registry key”
  …….(17 times)
  “Command Complete”
  But did update the workbook and gave it the apps responsibility “Discover_admin” (not to the SOLHILL)
  So -
  1) In the Oracle Documentation it says the EUL_US (eul owner) needs some permissions granted such as “CREATE_TABLE” “CREATE_PROCEDURE” etc… is it possible that this is stopping the EUL_US login from updating the tables? if not any ideas why the command sucseeds but nothing happens?
  2) what’s incorrect about the second command line script that it doesn’t do as I intend?
  Thanks for your support
  Sol

• BI Publisher - SuperUser not able to acces Roles and Permission Page

  I have set up the BI Publisher as said in http://gerardnico.com/wiki/dat/bip/configuration_bip.
  But
  1. SuperUser is not able to access Roles and Permission.
  2. I'm not able to access the BI Answers Catalog.
  I also have a doubt about the BI Server Admin. Is it the RPD Admin?
  Kindly Help

  I have set up the BI Publisher as said in http://gerardnico.com/wiki/dat/bip/configuration_bip.
  But
  1. SuperUser is not able to access Roles and Permission.
  2. I'm not able to access the BI Answers Catalog.
  I also have a doubt about the BI Server Admin. Is it the RPD Admin?
  Kindly Help

• Lost ownership and permissions on an external hard drive

  Hey,
  I have a LaCie 500GB external HD that i connect to my MacBook via firewire.
  I was checking the amount of space left of the external HD by clicking command-I on it. I accidentally changed the ownership & permissions and now my account has no access to it. I can't see the HD on my desktop but when I go into Disk Utility, i can see that it's there but I can't repair its permissions.
  to see whether I could still have access to it, I created another user account and gave it admin status and am able to access the HD there.
  Is there any way to restore the ownership and persmissions of my external HD on my primary account?
  i feel stupid
  many thanks

  I was excited by a resolution to the same problem I have (I don't know what Ownership & Permissions I should have on my external -- bootable -- HD). Mistakenly I used Leopard to set them up rather than Mac OSX 10.4.11. Now I no longer had access to the HD nor would it show up on the desktop on Mac OSX 10.4.11 although the Disk Utitlity showed that it existed. I finally erased and cloned the disk but don't know what Permissions I should set it at. "Niel" supposedly answered this problem but his answer was "click here and follow the instructions" which does not show up on the forum. I can't find any other discussion of my specific problem nor an explanation of various permissions sets for Hard Disks internal nor external. If someone could help me I would be grateful. I am in Japan far from any Apple Stores or shops. Thank you.

• DANGER: Do Not Change Hard Drive Ownership and Permissions

  DANGER: Do Not Change Hard Drive Ownership and Permissions (Unless you know what you are doing... I didn't!)
  FIRST, THE REPAIR PERMISSIONS SOLUTION:
  Use Disk Utilities on the "Sofware Install and Restore" DVD that came with your computer to set the permissions back to the defaults. Not the MacOSX Installation Disk. (This worked in MacOS 10.3.9)
  MY SCREW UP
  In my Hard Drive's "Get Info" dialog I switched the permissions of the Owner to my username and all others to no access. I had not yet closed the dialog and decided that it was probably dangerous so I started changing them back. I first changed the owner back to system. It asked for authentication.
  After entering my password I assumed that I would be able to go back and change the others as well. Nope! The dialog disappeared, my desktop disappeared and I couldn't do anything. I was locked out.
  After ten minutes of the beachball I restarted to the "Panther Installation disk" and tried repairing permissioins using disk utility. Evertime it "lost contact" with the system and would not work. Restarting (without CD) took me to a root user login (black sreen). My username and password did nothing.
  THE SOLUTION
  I then restarted to the "Software Install and Restore" DVD that came with my computer and used its Disk Utility to repair permissions. IT WORKED! It set permissions back to the default. THANK GOD.
  NOTE: I wonder, will using the Install and Restore DVD to repair permissions reset any computer's files to the defaults? Is that a backdoor into someones currently restricted files and folders? (Assuming that you have physical access and the computer specific DVD)

  Using the Repair Permissions function will not change the permissions on an account's home folder or anything in it, but there are at least two other ways in which someone with a Mac OS X 10.4 installation disk can get access to an account's files or folders unless some or all of those files are encrypted.
  (19285)

• Getting a list of users and permission from a folder

  I run this command to get a a list of users and permission from a folder
  $project_folder = "\\servername\foldername"
  get-acl $project_folder | %{ $_.Access  } | ft -property IdentityReference, AccessControlType, FileSystemRights > folder.csv.
  This only lists information for 1 folder.
  If i have multiple folders how should the code be modified?

  this is the code i am looking for 
   $project_folder
  = "\\servername\foldername\foldername1"
  get-acl $project_folder | %{ $_.Access  } | ft -property IdentityReference, AccessControlType,
  FileSystemRights > folder.csv.
  I  run this code and this gives me the information for only the folder 'foldername1'.
  Ex. i need a list of users who have permmission in \\servername\foldername\foldername2.
  i run the code and it gives me the permissions and list of users in foldername2.
  This is the issue
  IF there are multiple folders \\servername\foldername\foldername2, \\servername\foldername\foldername1,
  i need to run the code each time for 1 folder. 
  is there a command where i can combine the path of these 2 or more folders and export
  it to csv
  Ex.  $project_folder
  = "\\servername\foldername\foldername1",
  "\\servername\foldername\foldername2"
  get-acl $project_folder | %{ $_.Access  } | ft -property IdentityReference, AccessControlType,
  FileSystemRights > folder.csv.
  This will give me the list of users and the type of access they have in foldername1 and
  foldername2

• Our Band purchased Logic Pro and it was loaded to one member's Macbook Pro. Unfortunately, he passed away with cancer in May. How can we transfer the ownership and the software (it was downloaded) to a new user's Macbook?

  Our Band purchased Logic Pro and it was loaded to one member's Macbook Pro. Unfortunately, he passed away with cancer in May. How can we transfer the ownership and the software (it was downloaded) to a new user's Macbook?

  Hi Kurt,
  The Mac IIci is not even powering on at all. Tried again with wih a tested power cable and no luck. 
  I think it's best that take  this issue to the Older Hardware Community. Not only did I see a fair number of replacement parts for the IIci avaiable online, but there also vintage external floppy drives as well. I'm not giving up.
  Thank you for your time and interest in helping.

• No manual order and permission option in fsdb Repository

  Hi Experts,
  I need to get the Manual Order and Permission option in one of my FSDB repository.
  Even though I added similar repository services as one of DB repository , I am not getting these option in my KM->Details->settings.
  Can anyone help me in this regard. Thank you.
  Raghu

  Hi Lorcan,
  No Security Manager is set to my FSDB repository.
  It is not related to viiew. In the KM content when I navigate to details->Settings of my repository, I am not getting the Permission and also Manual Order option.
  May be I need to set the Security Manage it seems.
  Can you suggest me on this. Thank you.
  Raghu

• Creative Suite 5.5 Production Premium Disk space and Permission Errors

  Win7 clean install, Dual Core 3.0, 4gigs ram, Audigy Sound Card, nvidia 8800 GT video card, 600 gig HD space, no anti virus, no firewall, no other programs installed.
  Download manager and alteritive method both result in extration error " A problem occured while extracting some files. Check avaibile diskm space on your computer and write priveleges on destination folder ". A whole week of trying to sort this out but no joy. Adobe tech says D/L file directly to C: trying that now but has anyone else had this problem? Thanks

  D/L from another location and onto different computer, extracted the 
  file with Winrar from the root drive not from a user account and Bingo 
  not corrupt files.Then moved then to the host machine and installation 
  work perfectly.  That took a week and a bit to figure and I hope 
  others can benefit from my experience.  ( In Adobe Ninerva now ! ) 
  Thanks, Mylenium.
  Lauren
  Quoting Mylenium <[email protected]>:
  Mylenium http://forums.adobe.com/people/Mylenium created the discussion
  "Re: Creative Suite 5.5 Production Premium Disk space and Permission Errors"
  To view the discussion, visit:  
  http://forums.adobe.com/message/4280525#4280525

• User Profiles, Roles and  Permission folder empty

  Hi,
  We installed Peoplesoft 8.49 Apps 9.0, and 10G Oracle on Windows 2003, everything working perfectly except User profiles and Roles and Permission Folders
  I have ran AE scripts well, even then we are not able to browse those sections
  Any help much appreciated
  Thanks

  >
  We installed Peoplesoft 8.49 Apps 9.0, and 10G Oracle on Windows 2003, everything working perfectly except User profiles and Roles and Permission Folders
  >
  What do you mean by this? What is not working? What are you expecting and what is happening?

• Solved - How to take ownership and change permissions for blocked files and folders in Powershell

  Hello,
  I was trying to take ownership & fix permissions on Home Folder/My Documents structures, I ran into the common problem in PowerShell where Set-Acl & Get-Acl return access denied errors. The error occurs because the Administrators have been removed from
  file permissions and do not have ownership of the files,folders/directories. (Assuming all other permissions like SeTakeOwnershipPrivilege have been enabled.
  I was not able to find any information about someone successfully using native PS to resolve the issue.  As I was able to solve the issues surrounding Get-Acl & Set-Acl, I wanted to share the result for those still looking for an answer.
  Question: How do you use only Powershell take ownership and reset permissions for files or folders you do not have permissions or ownership of?
  Problem: 
  Using the default function calls to the object fail for a folder that the administrative account does not have permissions or file ownership. You get the following error for Get-Acl:
  PS C:\> Get-Acl -path F:\testpath\locked
  Get-Acl : Attempted to perform an unauthorized operation.
  + get-acl <<<< -path F:\testpath\locked
  + CategoryInfo : NotSpecified: (:) [Get-Acl], UnauthorizedAccessException
  + FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.GetAclCommand
  If you create a new ACL and attempt to apply it using Set-Acl, you get:
  PS C:\> Set-Acl -path F:\testpath\locked -AclObject $DirAcl
  Set-Acl : Attempted to perform an unauthorized operation.
  At line:1 char:8
  + Set-Acl <<<< -path "F:\testpath\locked" -AclObject $DirAcl
  + CategoryInfo : PermissionDenied: (F:\testpath\locked:String) [Set-Acl], UnauthorizedAccessException
  + FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.SetAclCommand
  Use of other functions like .GetAccessControl will result in a similar error: "Attempted to perform an unauthorized operation."
  How do you replace owner on all subcontainers and objects in Powershell with resorting to external applications like takeown, icacls, Windows Explorer GUI, etc.?
  Tony

  Hello,
  Last, here is the script I used to reset permissions on the "My Documents" tree structure that admins did not have access to:
  Example:  Powershell script to parse a directory of User-owned "My Document" redirection folders and reset permissions.
  #Script to Reset MyDocuments Folder permissions
  $domainName = ([ADSI]'').name
  Import-Module "PSCX" -ErrorAction Stop
  Set-Privilege (new-object Pscx.Interop.TokenPrivilege "SeRestorePrivilege", $true) #Necessary to set Owner Permissions
  Set-Privilege (new-object Pscx.Interop.TokenPrivilege "SeBackupPrivilege", $true) #Necessary to bypass Traverse Checking
  #Set-Privilege (new-object Pscx.Interop.TokenPrivilege "SeSecurityPrivilege", $true) #Optional if you want to manage auditing (SACL) on the objects
  Set-Privilege (new-object Pscx.Interop.TokenPrivilege "SeTakeOwnershipPrivilege", $true) #Necessary to override FilePermissions & take Ownership
  $Directorypath = "F:\Userpath" #locked user folders exist under here
  $LockedDirs = Get-ChildItem $Directorypath -force #get all of the locked directories.
  Foreach ($Locked in $LockedDirs) {
  Write-Host "Resetting Permissions for "$Locked.Fullname
  #######Take Ownership of the root directory
  $blankdirAcl = New-Object System.Security.AccessControl.DirectorySecurity
  $blankdirAcl.SetOwner([System.Security.Principal.NTAccount]'BUILTIN\Administrators')
  $Locked.SetAccessControl($blankdirAcl)
  ###################### Setup & apply correct folder permissions to the root user folder
  #Using recommendation from Ned Pyle's Ask Directory Services blog:
  #Automatic creation of user folders for home, roaming profile and redirected folders.
  $inherit = [system.security.accesscontrol.InheritanceFlags]"ContainerInherit, ObjectInherit"
  $propagation = [system.security.accesscontrol.PropagationFlags]"None"
  $fullrights = [System.Security.AccessControl.FileSystemRights]"FullControl"
  $allowrights = [System.Security.AccessControl.AccessControlType]"Allow"
  $DirACL = New-Object System.Security.AccessControl.DirectorySecurity
  #Administrators: Full Control
  $DirACL.AddAccessRule((new-object System.Security.AccessControl.FileSystemAccessRule("BUILTIN\Administrators",$fullrights, $inherit, $propagation, "Allow")))
  #System: Full Control
  $DirACL.AddAccessRule((new-object System.Security.AccessControl.FileSystemAccessRule("NT AUTHORITY\SYSTEM",$fullrights, $inherit, $propagation, "Allow")))
  #Creator Owner: Full Control
  $DirACL.AddAccessRule((new-object System.Security.AccessControl.FileSystemAccessRule("CREATOR OWNER",$fullrights, $inherit, $propagation, "Allow")))
  #Useraccount: Full Control (ideally I would error check the existance of the user account in AD)
  #$DirACL.AddAccessRule((new-object System.Security.AccessControl.FileSystemAccessRule("$domainName\$Locked.name",$fullrights, $inherit, $propagation, "Allow")))
  $DirACL.AddAccessRule((new-object System.Security.AccessControl.FileSystemAccessRule("$domainName\$Locked",$fullrights, $inherit, $propagation, "Allow")))
  #Remove Inheritance from the root user folder
  $DirACL.SetAccessRuleProtection($True, $False) #SetAccessRuleProtection(block inheritance?, copy parent ACLs?)
  #Set permissions on User Directory
  Set-Acl -aclObject $DirACL -path $Locked.Fullname
  Write-Host "commencer" -NoNewLine
  ##############Restore admin access & then restore file/folder inheritance on all subitems
  #create a template ACL with inheritance re-enabled; this will be stamped on each subitem to re-establish the file structure with inherited ACLs only.
  #$NewOwner = New-Object System.Security.Principal.NTAccount("$domainName","$Locked.name") #ideally I would error check this.
  $NewOwner = New-Object System.Security.Principal.NTAccount("$domainName","$Locked") #ideally I would error check this.
  $subFileACL = New-Object System.Security.AccessControl.FileSecurity
  $subDirACL = New-Object System.Security.AccessControl.DirectorySecurity
  $subFileACL.SetOwner($NewOwner)
  $subDirACL.SetOwner($NewOwner)
  ######## Enable inheritance ($False) and not copy of parent ACLs ($False)
  $subFileACL.SetAccessRuleProtection($False, $False) #SetAccessRuleProtection(block inheritance?, copy parent ACLs?)
  $subDirACL.SetAccessRuleProtection($False, $False) #SetAccessRuleProtection(block inheritance?, copy parent ACLs?)
  #####loop through subitems
  $subdirs = Get-ChildItem -path $Locked.Fullname -force -recurse #force is necessary to get hidden files/folders
  foreach ($subitem in $subdirs) {
  #take ownership to insure ability to change permissions
  #Then set desired ACL
  if ($subitem.Attributes -match "Directory") {
  # New, blank Directory ACL with only Owner set
  $blankdirAcl = New-Object System.Security.AccessControl.DirectorySecurity
  $blankdirAcl.SetOwner([System.Security.Principal.NTAccount]'BUILTIN\Administrators')
  #Use SetAccessControl to reset Owner; Set-Acl will not work.
  $subitem.SetAccessControl($blankdirAcl)
  #At this point, Administrators have the ability to change the directory permissions
  Set-Acl -aclObject $subDirACL -path $subitem.Fullname -ErrorAction Stop
  } Else {
  # New, blank File ACL with only Owner set
  $blankfileAcl = New-Object System.Security.AccessControl.FileSecurity
  $blankfileAcl.SetOwner([System.Security.Principal.NTAccount]'BUILTIN\Administrators')
  #Use SetAccessControl to reset Owner; Set-Acl will not work.
  $subitem.SetAccessControl($blankfileAcl)
  #At this point, Administrators have the ability to change the file permissions
  Set-Acl -aclObject $subFileACL -path $subitem.Fullname -ErrorAction Stop
  Write-Host "." -NoNewline
  Write-Host "fin."
  Write-Host "Script Complete."
  I hope you find this useful.
  Thank you,
  Tony
  Final Thought: There are great non-PS tools like
  Set-Acl and takeown which are external to PS & can also do the job wonderfully.  It may be much simpler to call those tools than recreate the wheel in pure
  code.  Feel free to use whatever best suits your time, scope & cost.

• MY Hard Drive says_"YOU CAN READ ONLY" for the OWNERSHIP AND PERMISSSIONS!

  I cannot add anything to my EXTERNAL (SimpleDrivePS) hard drive. When I try to copy something to it, it says "The item cannot be moved because SimpleDrivePS cannot be modified."
  Upon control-clicking this external hard drive's icon, under "Get info" it says "You can read only" for it's "Ownership and Permissions."
  I have used this hard drive with Windows-based computers, but not with this new Apple yet.
  What do I need to do so that I can move or copy things to this external hard drive?
  Also, is there a discussion room for just general questions? - There are many little things that I wonder how to do from time to time as I am trying to become accustomed with Apple, like shortcut key for desktop, or where is control panel or link to "my computer" or other shortcut keys - things like that.

  Hi newsppler;
  Since I have never had a disk that was formatted NTFS, I am not absolutely sure exactly how you can discover how it is formatted. I think if you look at the disk with Disk Utility that should tell you.
  Yes. If you reformat you will lose everything that is currently on that disk.
  To reformat open Disk Utility and then select the disk. You then click the partition tab. This will allow you to select what format you wish to use. I would suggest Mac OS Extended +
  Allan