Proper CACLS usage for setting folder permissions
Posted on 2006-05-19
I've begun using CACLS commands to set ACL permissions on our Win2K3 server, and its going great, saving a lot of time. But I have hit a stumbling block. I'll try to explain.
For examples sake, I'm assigning permissions for a security grouped called "Office" on a folder structure as follows:
Desired Permissions are:
Folder_A - READ (Root Folder Above the share)
Folder_B - READ (One folder of many in the share)
Folder_C - Change/Modify
Folder_D - Change/Modify
To further explain, there is a structure in place here, in which no one should be able to create, delete or modify any folders within the first two level Folders, A or B.
Below that, in Folders C and D, the group should be able to create, delete and modify folders or files.
I was able to achieve the desired result of granting the "Change" permission to the group for Folders B, C and D by using the following command, while at the "T:\Folder_A>" dos prompt:
T:\Folder_A>cacls *.* /e /t /g "Office":C
Now I want to assign the READ permission for Folder_B, but am getting stuck. I tried this command while at the Folder_A dos prompt:
T:\Folder_A>cacls Folder_B /e /g "Office":R
It shows the directory was processed, but when checking the permissions afterward, the Office group still has "Change" permissions to the folder. Also Folder_B is not inheriting any permissions.
A cacls Folder_B command, yields this output (I'm a little confused on reading this just yet):
Any idea's? I'm probably just going about this the wrong way...