Is it possible to update Orphaned Permissions (Windows Group) in a configuration file?
I have a site that was in our Public DMZ and I want to move it to our Trusted Network. I there an easier way to update the Permissions rather than deleting all of the Orphaned Permissions and recreating them from scratch? I have found where the permissions are in the Site.xml file but I have not idea about where the "value" is coming from and how to change it. It would be ideal to do a find and replace on a configuration file. I just don't know where to find that file.
Thank you for any recommendations.
Bobby Jo
0
-
Hi Bobby Jo,
Is your DMZ server on a different domain than your internal server? If they are on the same domain, you should not be seeing this, but if they aren't then I don't think you can easily solve this issue. The permissions are granted to SIDs, not to usernames specifically, so you would need to know your user's SIDs on both sides, and replace them in the site.xml file accordingly. This is not something that is trivial to do.
Thanks,
Danny0 -
Danny,
Thank you. My issue is that I do not know where to look for the SIDs outside of the ones listed in my Site.XML.
Thanks for any help you can provide.
Bobby Jo0 -
Hi Bobby Jo,
Depending on your network permissions, you can do this with the wmic command:wmic useraccount where name="dbriggs" get sidYou could execute that command on both servers, and compare the results and replace them as needed.
Here's some more details on that command:https://www.lifewire.com/how-to-find-a-users-security-identifier-sid-in-windows-2625149
Thanks,
Danny0 -
Very helpful. Thank you Danny.
bjc0
Please sign in to leave a comment.
Comments
4 comments