Using XCACLS to set permissions with long filenames

We need to set permissions on users' directories on a Windows 2000 Server. This happens regularly enough and they must also be set in the order below or the backups crap out. This is the basic script:

XCACLS foldername /g Administrators:OF /T /C /Y  
XCACLS foldername /E /g "DOM\Enterprise Admins":OF /T /C /Y  
XCACLS foldername /E /g SYSTEM:OF /T /C /Y  
XCACLS foldername /E /g STAFF\username:ORWEDC /T /C /Y  

My problem is that this script doesn't work on all files in some directories. The files it seems to fail on are long filenames and deeply nested directories.

Does anyone know of a script that doesn't mind long filenames and takes large paths in its stride?

I have come across a XCACLS.vbs script from Microsoft, but it works differently and I'm not sure if it works with these large filenames also.

Solution 1:

There is a limit of around 260 characters on the length of filenames, however there is a massively cunning and sneaky way to get round this :-)

The limit is in the Win32 subsystem not in the kernel. If you prefix a file name with \?\ this causes the Win32 subsystem to pass the name directly to the kernel without any preprocessing, and the limit doesn't apply. The kernel still has a limit, but it's somthing silly like 65,553 characters.

So while:

xcacls C:\verylongname.txt

doesn't work you should find:

xcacls \\?\C:\verylongname.txt

does work. If you're using a UNC name the syntax is:

xcacls \\?\UNC\server\share\verylongname.txt

NB this only works with fully qualified names i.e. starting with a drive letter. It doesn't work with all of the command line apps in Windows, but it works with many.