subinacl is "a command-line tool that enables administrators to obtain security information about files, registry keys, and services, and transfer this information from user to user, from local or global group to group, and from domain to domain."
The magic thing that you can do with subinacl that you can't do with the GUI, is change ownership of files. It was a deliberate decision to only allow taking ownership from the GUI, so that if you are an admin, and someone locks you out of their files, and you have to take ownership to see them, the owner will know. Bugger having a paper trail for a laugh - use subinacl.
I have found a good example (with pics) at Windows Server Hacks. There is a reference page at ss64, which is a great reference for command line Windows tools. (What, Windows has a command line?)
If you're the sort of person who already knew about subinacl, can tell me tales of other useful tools like it, and want an IT job in Hamilton, we want to hear from you.
[...] can't be done with subinacl isn't worth doing, so I pulled it out and had a look at the service. Here's the important part: [...]
[...] subinacl is a Windows sysadmin’s power tool for doing everything to do with ownership and ACLs. You can change the ownership to anyone other than just you (you can’t do this with the GUI). [...]