In my environment, I have several projects that involve running NTFS ACL audit reports and various ACL cleanup activities on a number of file servers. There are two main reasons why I cannot perform these activities locally on the servers:
1) I do not have local access to the servers as they are actually owned and administered by another company.
2) They are SNAP NAS servers which run a modified Linux OS (called GuardianOS) so even if I could get local access, I'm not sure of the availability of tools to perform the operations I need.
With that out of the way, I ended up rolling my own ACL audit reporting tool that would recurse down the filesystem starting at a specified top-level path and would spit out an HTML report on all the groups/users it encountered on the ACLs as well as showing the changes in permissions as it descended the tree. While developing this tool, I found out that the network overhead was the worst part of doing these operations and by multi-threading the process, I could achieve substantially greater performance.
However, I'm still stuck for finding a good tool to perform the ACL modifications and cleanup. Your standard out of the box tools (cacls, xcacls, Explorer) seem to be single-threaded and suffer significant performance penalty when going across the network.
The Question
Are there any faster tools than Explorer or CACLS for performing NTFS ACL modifications across the network?
Best Answer
Your environment sounds a little strange (NTFS running on Linux?) - however, if you can access and modify ACLs from another Windows box then have you considered using PowerShell? It has simple get-acl and set-acl cmdlets that will do what you want.
Here's an MS article on doing the simple stuff: http://www.microsoft.com/technet/scriptcenter/csc/tips/ps/acl.mspx
The beauty of PowerShell is it's flexibility, so for example you could easily read in a set of desired ACLs, possibly with some rules, and then get PowerShell to go and do it for you...
The only thing will be performance - I'm honestly not sure if it will be faster than running CACLS in a CMD/batch file or not...
Good luck!