Link to home
Start Free TrialLog in
Avatar of wds620

asked on

Basic icalcs inquiry

I am attempting to use icacls for the first time. I have not been successful so far. But maybe I am doing something wrong.
Here is what I want to accomplish:
1. store current user permissions for existing directory structure so they can be saved and used to retsore permissions if they become corrput or changed incorrectly.

I want to run this on either Windows 7 Enterprise or Windows Server 2008 R2.
I have admins rights on machines and I am running icalcs with admin rights.

Here is intstruction i am using to create the saved file:

A. From command line (with admin rights)
i change to the directory where I want to store the output file
cd c:\SaveRestoreFile
(from same location I then key below command)
icacls c:\directorynameA\* /save filename /T

This seems to work, as the output file is created successfully.
Then I access the main directory , directorynameA, and I remove a user.
Now I want to run the restore to see if it restores the user I just removed, with the correct permissions.

B. From same command line (with admin rights), and same location
where saved restore file exists, I key
icacls c:\directory /restore filename /T

I receive a prompt that the command was successful, failed processing 0 files.
But when I check the direcotry I find the user I removed has not been restored.

Am I doing something wrong or missing a step?
Avatar of Kent Olsen
Kent Olsen
Flag of United States of America image

Hi wds620,

It looks like everything is working exactly as intended.

Internally, a user is associated with a unique integer value (much like an IDENTITY column in a database).  An ACL will contain the index of a user (or group) and the permissions afforded to the user with that index value.  In your case, you seem to be trying to grant permissions to someone that doesn't exist.  When the ACL is restored, Windows restores the permissions to the valid users.  I'm not aware of icalcs having any provision for creating an ACL entry for a user than doesn't exist.

I gather you mean remove a user from the NTFS permissions, right? And instead of using Windows explorer to check to see if the restore worked properly use icacls to do so. Simply type icacls c:\directorynameA\*  -- further I also assume you meant to say icacls c:\directorynameA\* /restore filename /T and not icacls c:\directory /restore filename /T because the save you created was for c:\directorynameA and not c:\directory
Avatar of wds620


Yes - lionelmn - you are correct -
c:\directoryNameA /restore filename /T
should be correct restore command I want to use.

So if I understand correctly - I can restore permissions for user as long as those users are still in the Secutiry tab? But I I remove a user from the Security tab, then it does not restore the entire user and associated permissions?
Avatar of Lionel MM
Lionel MM
Flag of United States of America image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial