?
Solved

icacls to assign permissions to ALL subfolders, even folders not inheriting access?

Posted on 2010-09-09
5
Medium Priority
?
3,990 Views
Last Modified: 2013-12-04
I am using the following command to add a group to the ACL for very large directories. The problem I am having is some of the folders have disabled access inheritance and have explicit access assigned and this group doesn't get added to that folder with the following command.

icacls.exe U:\*.* /grant DOMAIN\GroupName:(OI)(CI)F /C /T

Am I missing a switch or something? Is there a way to force it to add the group to all folders regardless if they are inheriting access? Or is there something else that is preventing the group from being applied to the folder?

Thanks,
0
Comment
Question by:REIUSA
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 14

Accepted Solution

by:
Ben Personick (Previously QCubed) earned 2000 total points
ID: 33636680
you have used the container inherit and object inherit options in place which will allow the inheritance blocking you put in place to over-ride your changes.

you can change the command as follows and you should be fine.

Also note that if you are trying to change inheritance to be enabled you would use

icalcs "U:\*" /inhereitance:e /T /C

icacls "U:\*" /grant:r Domain\Group:f /C /T

Open in new window

0
 

Author Comment

by:REIUSA
ID: 33636997
Thanks, that looks like it is working.

Something else I noticed is, if I try to apply it to c:\F1\F2\* the group doesn't get added to F2. is there a way to make it apply to F2 also? there are many other sub folders under F1 that I do not want to apply the group to, just F2 and everything below it.
0
 
LVL 14
ID: 33637648
Try doing one of these two variations for the path


“C:\F1\F2“

“C:\F1\F2\“

I think option 1 will work
0
 

Author Comment

by:REIUSA
ID: 33638615
Cool, thanks. I will try that.
0
 
LVL 14
ID: 33639211
You're welcome glad I could help =)
0

Featured Post

Bringing Advanced Authentication to the SMB Market

WatchGuard announces the acquisition of advanced authentication provider, Datablink, with one mission – to bring secure authentication to SMB, mid-market, and distributed enterprises with a cloud-based solution, ideal for resale via their established channel & MSSP community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction: Recently, I got a requirement to zip all files individually with batch file script in Windows OS. I don't know much about scripting, but I searched Google and found a lot of examples and websites to complete my task. Finally, I was ab…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
Suggested Courses
Course of the Month10 days, 22 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question