Basic icalcs inquiry

I am attempting to use icacls for the first time. I have not been successful so far. But maybe I am doing something wrong.
Here is what I want to accomplish:
1. store current user permissions for existing directory structure so they can be saved and used to retsore permissions if they become corrput or changed incorrectly.

I want to run this on either Windows 7 Enterprise or Windows Server 2008 R2.
I have admins rights on machines and I am running icalcs with admin rights.

Here is intstruction i am using to create the saved file:

A. From command line (with admin rights)
i change to the directory where I want to store the output file
cd c:\SaveRestoreFile
(from same location I then key below command)
icacls c:\directorynameA\* /save filename /T

This seems to work, as the output file is created successfully.
Then I access the main directory , directorynameA, and I remove a user.
Now I want to run the restore to see if it restores the user I just removed, with the correct permissions.

B. From same command line (with admin rights), and same location
where saved restore file exists, I key
icacls c:\directory /restore filename /T

I receive a prompt that the command was successful, failed processing 0 files.
But when I check the direcotry I find the user I removed has not been restored.

Am I doing something wrong or missing a step?
wds620Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Kent OlsenData Warehouse Architect / DBACommented:
Hi wds620,

It looks like everything is working exactly as intended.

Internally, a user is associated with a unique integer value (much like an IDENTITY column in a database).  An ACL will contain the index of a user (or group) and the permissions afforded to the user with that index value.  In your case, you seem to be trying to grant permissions to someone that doesn't exist.  When the ACL is restored, Windows restores the permissions to the valid users.  I'm not aware of icalcs having any provision for creating an ACL entry for a user than doesn't exist.

Kent
0
Lionel MMSmall Business IT ConsultantCommented:
I gather you mean remove a user from the NTFS permissions, right? And instead of using Windows explorer to check to see if the restore worked properly use icacls to do so. Simply type icacls c:\directorynameA\*  -- further I also assume you meant to say icacls c:\directorynameA\* /restore filename /T and not icacls c:\directory /restore filename /T because the save you created was for c:\directorynameA and not c:\directory
0
wds620Author Commented:
Yes - lionelmn - you are correct -
c:\directoryNameA /restore filename /T
should be correct restore command I want to use.

So if I understand correctly - I can restore permissions for user as long as those users are still in the Secutiry tab? But I I remove a user from the Security tab, then it does not restore the entire user and associated permissions?
0
Lionel MMSmall Business IT ConsultantCommented:
It will restore what you saved in icacls c:\directorynameA\* /save filename /T -- take info from the saved file
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.