Can Active Directory Global Groups be applied to the ACL using CACLS?

I'm running a batch file to launch CACLS to modify permissions.  Is it possible to apply Active Directory Global Groups to the ACL using CACLS?  User accounts are working fine in the script.  

The script appears to simply ignore the global groups.  The global groups do not have any spaces.

I have tried encasing the group name with quotes (").

I've tried using the domain name slash domain\groupname in the command line (with and without the quotes)  

I'm running out of ideas.  Thanks.
scuba101Asked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
SteveH_UKConnect With a Mentor Commented:
Can you confirm that the groups in question are "security groups" and not "distribution groups" in Active Directory Users & Computers.  Distribution Groups cannot be used in ACLs, but Security Groups (Universal, Global and Local) can all be used in ACLs.

It is best practice to use domain local groups to assign security and global groups to represent groups of users.  You can then combine global groups into universal groups where they are needed to be collected as a set.

Also, be warned, CACLS and XCACLS are not great with permission inheritance.  You may want to look at Powershell:  http://www.microsoft.com/technet/technetmag/issues/2006/12/PowerShell/
0
 
Voo_pgCommented:
CACLS myfile.txt /E /G "Power Users":F

Yes, only security groups will work. The above command would give Power Users, Full Control of myfile.txt

What syntax have you been using?
0
 
scuba101Author Commented:
The problem I was having had to do with an inaccurate path - once I knew AD Global Groups worked, it narrowed down the search.  THanks.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.