Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

Professional Opinions
Ask a Question
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

troubleshooting Question

'Access denied' when permission applied via ICACLS; no problem when applied via GUI

Avatar of vistamed
vistamedFlag for Ireland asked on
Security* NTFS
7 Comments1 Solution8911 ViewsLast Modified:
Hi, I have a Windows 2012 R2 file server that's showing some odd behaviour. I need to apply an NTFS permission to a bunch of folders so I would prefer to do it via a script than via the GUI.
The permission is: Deny, Domain Users, Delete, This Folder Only.
I can apply the permission to the folder using the GUI (Advanced Security Settings) with no problems.
However, when I apply the permission using ICACLS, suddenly everybody in Domain Users gets an 'Access is denied' error when they try to open the folder!
The ICACLS command I'm using is ICACLS "<foldername>" /deny "Domain Users":(d)
The ICACLS  command executes successfully, and when I check the folder permissions in the GUI afterwards, they look identical to how they look when I use the GUI to add the permission.
I even ran an NTFS permissions report on the folder when the permission is set via GUI and another when it's set via ICACLS. I compared the two permissions reports in Excel, and the reports are completely identical (apart from the cell containing with the report date and time of course).
So why on earth is it that the domain users have no problem opening the folder when it's set via GUI, but get 'Access Denied' when it's set via ICACLS?? I'm mystified. So is Dr Google. Has anyone else encountered this behaviour after using ICACLS? How can I fix the problem? I don't want to have to use the GUI - I need to add the permission to dozens of folders. It would take ages.

Any suggestions welcome. Thank you! :)
Avatar of vistamed
vistamedFlag of Ireland image

Our community of experts have been thoroughly vetted for their expertise and industry experience.

This problem has been solved!
Unlock 1 Answer and 7 Comments.
See Answers