asked on
Apply these permissions to object using icacls
I had this question after viewing 'Access denied' when permission applied via ICACLS; no problem when applied via GUI.
Does anyone know what the icacls command would be to do this? tick the "Only Apply these permissions button?
Cant find anything in google on how to do it.
Does anyone know what the icacls command would be to do this? tick the "Only Apply these permissions button?
Cant find anything in google on how to do it.
OS Security
Last Comment
matt carter
ASKER
Thank you for the reply, however when i do this, my someotheruser has access denied, until i manually tick the "Only apply these permissions to object" button. The same as the previous question i linked to.
That person could only get around the access denied once they ticked this button.
my issue is i have a large amount of folders i need to apply this setting, so do not want to do this manually.
On File server, i have used icacls E:\Files\temp\*.* /c /grant "MYDomain\Domain Users":(OI)(CI)(X,RD,RA,RE
Then, when any domain users try to access, they get access denied, i tick that button, they have access.
I manually do these settings using GUI, they have access (without ticking that box).
That person could only get around the access denied once they ticked this button.
my issue is i have a large amount of folders i need to apply this setting, so do not want to do this manually.
On File server, i have used icacls E:\Files\temp\*.* /c /grant "MYDomain\Domain Users":(OI)(CI)(X,RD,RA,RE
Then, when any domain users try to access, they get access denied, i tick that button, they have access.
I manually do these settings using GUI, they have access (without ticking that box).
Be so kind to follow my suggestion and test it right like I did with a folder on your desktop. You will see that that command will apply the permission entry only to that folder and not to subfolders. Try it, so that we are on the same page. Then please upload screenshots that demonstrate what you need to do with this example folder on the desktop so that it works to your liking.
ASKER
Yes, that process worked when using a desktop folder, and the code you provided, however this is not what i am wanting to achieve.
Modify access gives the user the right to delete the folder. this is the exact thing i want to prevent.
I need the user to not be able to delete / move C:\Users\someuser\Desktop\
I have uploaded 2 screen shots.
1st is the normal settings, where users have normal modify access (current settings), they can move / delete parent folder
2nd is the settings i need it to be, however the Users get an access denied if i use the code
icacls E:\Files\temp\*.* /c /grant "Users":(OI)(CI)(X,RD,RA,R
If i manually enter in the settings using the GUI so they match "exactly" the same as the 2nd screenshot, the user has access, cannot move / delete folder, however can on sub folders. Which is how i want it to happen.
So something in my code is wrong / missing, something, i dont know what.
I have 1000+ folders to do this too, so manually is not an option.
folder-security-current.PNG
folder-security-what-it-needs-to-be.PNG
Modify access gives the user the right to delete the folder. this is the exact thing i want to prevent.
I need the user to not be able to delete / move C:\Users\someuser\Desktop\
I have uploaded 2 screen shots.
1st is the normal settings, where users have normal modify access (current settings), they can move / delete parent folder
2nd is the settings i need it to be, however the Users get an access denied if i use the code
icacls E:\Files\temp\*.* /c /grant "Users":(OI)(CI)(X,RD,RA,R
If i manually enter in the settings using the GUI so they match "exactly" the same as the 2nd screenshot, the user has access, cannot move / delete folder, however can on sub folders. Which is how i want it to happen.
So something in my code is wrong / missing, something, i dont know what.
I have 1000+ folders to do this too, so manually is not an option.
folder-security-current.PNG
folder-security-what-it-needs-to-be.PNG
ASKER
also
Let us try something different.
Folder1
Subfolder1
what code would be used to grant user access to folder1, but not be able to delete it / move it.
and also grant access to delete / move subfolder1
Let us try something different.
Folder1
Subfolder1
what code would be used to grant user access to folder1, but not be able to delete it / move it.
and also grant access to delete / move subfolder1
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Figured out the issue myself
The command
Open in new window
will grant modify permissions to this folder for "someotheruser" and apply it to "that folder only".So you see, by default, icacls is already doing what you want. If you would like inheritance, you would have chosen
Open in new window