File Details |
|
| File Size | 0.1 MB |
|---|---|
| License | Freeware |
| Operating System | Windows 2000/Server 2003/XP |
| Date Added | March 28, 2006 |
| Total Downloads | 794 |
| Publisher | Winterfrost Systems Ltd. |
| Homepage | SwitchRight |
Publisher's Description
SwitchRight is a simple command-line file permission replacement utility. Large network filesystems will often have an extensive and complex set of file permissions. Major structural changes such as a new Windows file server, a new domain, or a major corporate reorganization may require those permissions to be reset or re-established from scratch. This process can be more than time-consuming: errors while setting permissions can result in critical information being inaccessible, or worse, sensitive information accessible to the wrong people. This utility allows these changes to be made quickly and easily in an automated, rule-based fashion.
Latest Reviews
spiked reviewed v0.1.2 Beta on Mar 27, 2006
SwitchRight is a subset of functionality which can also be found in Microsoft's CACLS and SUBINACL command-line utilities, as well as the ADMT remote/GUI tool. Unlike those tools, which target a broad range of usage scenarios, SwitchRight is much simpler and readily usable across 2000/XP/2003.
The biggest weakness of SwitchRight, however, is that it is horribly documented at this point. To begin with, the description here is overly vague about what the utility truly does. The README.txt inside the download says "For all product documentation...or for any other questions you may have, please visit our website..." Going to the site yields one additional paragraph of information, written for people familiar with the academically "proper" practices and formal terminology in Microsoft's permission scheme. As a former MCT (Microsoft Certified Trainer), I can tell you that only a tiny fraction of working network admins in the world would recognize the "AGLP or UGLP" concept. In fact, some of my colleagues chose to teach the acronym "UGLY" as a more memorable variation.
Anyway, this command-line tool boasts simple options as a strength, comes with a README, and has a web page devoted to it, yet the ONLY way to see what those options are is to execute the exe. I don't want to execute an exe just to find out some basic info about it, especially a brand new release which may contain something nasty which my antivirus signatures don't. But since I had to, I can share the usage (edited for brevity/clarity)
-s or -r : operation (save or restore)
-t : test mode, no changes made
-f savefile : translation file, defaults to SavedSIDs.csv
-l : local account translation file
-v : verbose
-o : overwrite without prompt
-x : script mode (never prompt)
Basically, you run SwitchRight first with -s to create a CSV file containing 5 fields: username, username's object location (meaning computer, domain, or BUILTIN/NT AUTHORITY), SID, new something, new something.
The last 2 fields are probably new username followed by new location, or new location\username followed by new SID. I call them "new something" because there's no documentation on exactly what they should be. You're apparently supposed to fill them in, and this represents the "rule-based" feature described. Then you rerun SwitchRight with -r to translate the SIDs on existing ACLs based on your rules.
It's not clear whether you can leave a line in the file with the last 2 fields blanks, to leave that SID alone, or whether this would revoke permissions for that SID (which could be disastrous if you accidentally revoked a Deny permission). If it doesn't revoke, then it's unclear whether SwitchRight offers some other way to indicate that you want to revoke. By the time I invest enough testing time to figure it out, I could have finished my task using CACLS or SUBINACL.
Before the next release, Winterfrost should first invest 10 seconds in running SwitchRight -h >>README.txt and another few minutes doing the equivalent to switchright.php. After that, the fields in the CSV file need to be explained. An example would be nice, but AT LEAST identify what the last 2 columns are definitely supposed to be.
spiked reviewed v0.1.2 Beta on Mar 27, 2006
SwitchRight is a subset of functionality which can also be found in Microsoft's CACLS and SUBINACL command-line utilities, as well as the ADMT remote/GUI tool. Unlike those tools, which target a broad range of usage scenarios, SwitchRight is much simpler and readily usable across 2000/XP/2003.
The biggest weakness of SwitchRight, however, is that it is horribly documented at this point. To begin with, the description here is overly vague about what the utility truly does. The README.txt inside the download says "For all product documentation...or for any other questions you may have, please visit our website..." Going to the site yields one additional paragraph of information, written for people familiar with the academically "proper" practices and formal terminology in Microsoft's permission scheme. As a former MCT (Microsoft Certified Trainer), I can tell you that only a tiny fraction of working network admins in the world would recognize the "AGLP or UGLP" concept. In fact, some of my colleagues chose to teach the acronym "UGLY" as a more memorable variation.
Anyway, this command-line tool boasts simple options as a strength, comes with a README, and has a web page devoted to it, yet the ONLY way to see what those options are is to execute the exe. I don't want to execute an exe just to find out some basic info about it, especially a brand new release which may contain something nasty which my antivirus signatures don't. But since I had to, I can share the usage (edited for brevity/clarity)
-s or -r : operation (save or restore)
-t : test mode, no changes made
-f savefile : translation file, defaults to SavedSIDs.csv
-l : local account translation file
-v : verbose
-o : overwrite without prompt
-x : script mode (never prompt)
Basically, you run SwitchRight first with -s to create a CSV file containing 5 fields: username, username's object location (meaning computer, domain, or BUILTIN/NT AUTHORITY), SID, new something, new something.
The last 2 fields are probably new username followed by new location, or new location\username followed by new SID. I call them "new something" because there's no documentation on exactly what they should be. You're apparently supposed to fill them in, and this represents the "rule-based" feature described. Then you rerun SwitchRight with -r to translate the SIDs on existing ACLs based on your rules.
It's not clear whether you can leave a line in the file with the last 2 fields blanks, to leave that SID alone, or whether this would revoke permissions for that SID (which could be disastrous if you accidentally revoked a Deny permission). If it doesn't revoke, then it's unclear whether SwitchRight offers some other way to indicate that you want to revoke. By the time I invest enough testing time to figure it out, I could have finished my task using CACLS or SUBINACL.
Before the next release, Winterfrost should first invest 10 seconds in running SwitchRight -h >>README.txt and another few minutes doing the equivalent to switchright.php. After that, the fields in the CSV file need to be explained. An example would be nice, but AT LEAST identify what the last 2 columns are definitely supposed to be.