Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1273
  • Last Modified:

Proper CACLS usage for setting folder permissions

I've begun using CACLS commands to set ACL permissions on our Win2K3 server, and its going great, saving a lot of time. But I have hit a stumbling block. I'll try to explain.

For examples sake, I'm assigning permissions for a security grouped called "Office" on a folder structure as follows:

T:\Folder_A\Folder_B\Folder_C\Folder_D

Desired Permissions are:

Folder_A - READ (Root Folder Above the share)
Folder_B - READ (One folder of many in the share)
Folder_C - Change/Modify
Folder_D - Change/Modify

To further explain, there is a structure in place here, in which no one should be able to create, delete or modify any folders within the first two level Folders, A or B.

Below that, in Folders C and D, the group should be able to create, delete and modify folders or files.

I was able to achieve the desired result of granting the "Change" permission to the group for Folders B, C and D by using the following command, while at the "T:\Folder_A>" dos prompt:

T:\Folder_A>cacls *.* /e /t /g "Office":C

Now I want to assign the READ permission for Folder_B, but am getting stuck. I tried this command while at the Folder_A dos prompt:

T:\Folder_A>cacls Folder_B /e /g "Office":R

It shows the directory was processed, but when checking the permissions afterward, the Office group still has "Change" permissions to the folder. Also Folder_B is not inheriting any permissions.

A cacls Folder_B command, yields this output (I'm a little confused on reading this just yet):

BUILTIN\Administrators:(OI)(CI)F
NT AUTHORITY\SYSTEM:(OI)(CI)F
BUILTIN\Users:(OI)(CI)R
BUILTIN\Users:(CI)(special access:)
                  SYNCHRONIZE
                  FILE_WRITE_DATA
                  FILE_APPEND_DATA

OurDomainName\Office:(OI)(CI)C


Any idea's? I'm probably just going about this the wrong way...





0
waltb123
Asked:
waltb123
  • 2
1 Solution
 
NJComputerNetworksCommented:
Check the properties of folder B... by right clicking it in explorer.  I would guess that the Office NTFS rights are being propagated down from a higher folder.  You would have to click Advanced and uncheck inheret from the parent folder.  Then choose copy permissions...

Then re-run your cacls...

-just a thought.
0
 
waltb123Author Commented:
Thanks for the shot at it NJ (Im in NJ btw), but as mentioned above, Folder_B inheritance is not on (I just double checked too).
0
 
waltb123Author Commented:
This question can be closed as I was able to find the answer on microsofts file system newsgroup.

The correct formatting of the command needed to do what I needed was:

cacls Folder_B /e /p "Office":R

(Note the change from /g  /p)
0
 
DarthModCommented:
PAQed with points refunded (500)

DarthMod
Community Support Moderator
0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now