“Delete” and “Delete subfolders and files” permissions must be set to “Deny”  using batch-script or power-shell or an other way

suraj badhe
suraj badhe used Ask the Experts™
on
Hi All,

Want to apply “Delete” and “Delete subfolders and files” permissions must be set to “Deny” for following folders:
o D:\AB\2100\Data
o D:\AB\2100\DataStore
o D:\AB\MicroSEQID\data\DataStore
o D:\ABC\2100 Data*

can we write a batch file to make the same change of DENY to all the folder in one go.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Qlemo"Batchelor", Developer and EE Topic Advisor
Top Expert 2015

Commented:
Are you aware that this also prohibits renaming?
Qlemo"Batchelor", Developer and EE Topic Advisor
Top Expert 2015

Commented:
I'm on mobile now, not able to look up the necessary details, but have you considered using the icacls tool?

Author

Commented:
Yes, i know that it prohibits renaming.
icacls tool?
CompTIA Network+

Prepare for the CompTIA Network+ exam by learning how to troubleshoot, configure, and manage both wired and wireless networks.

Qlemo"Batchelor", Developer and EE Topic Advisor
Top Expert 2015

Commented:
icacls.exe is part of Windows, you can run it in a command prompt. You can try yourself ...
Top Expert 2016

Commented:
Not worth a script. Try icacls as suggested. Not a Java question either!
"Batchelor", Developer and EE Topic Advisor
Top Expert 2015
Commented:
This should work if in a batch file. If you want to run it directly in a command prompt instead, replace %% by %.
Replace TheUser by the group or user you want to apply that denial to.
@echo off
for /D %%D in (
  D:\AB\2100\Data
  D:\AB\2100\DataStore
  D:\AB\MicroSEQID\data\DataStore
  D:\ABC\2100 Data*
) do icacls %%D /deny TheUser:D

Open in new window

Author

Commented:
Thanks, Qlemo.

It works.
Could you please let me know if I have to Allow "delete and Delete subfolders and files"  permission to some of the subfolders from the folder to which we have applied deny permission.

EX:
D:\AB\2100\DataStore - Deny "delete and Delete subfolders and files"
D:\Applied Biosystems\3500\DataStore\PlateRecord - Allow  "delete and Delete subfolders and files"

Here i want to apply "delete and Delete subfolders and files" permission to allow for some of the subfolders and it should be denied for the main folder.Could you please help me with that.
Qlemo"Batchelor", Developer and EE Topic Advisor
Top Expert 2015

Commented:
That is more difficult. A Deny permission trumps Allow, so you'll have to remove inheritance and set up an own set of permissions.

Author

Commented:
Hi,

Could you please help with some example.
NVITEnd-user support
Commented:
In case Qlemo doesn't get back to you in time...

Remove any existing inheritance and copy existing ACEs...
for /D %%D in (
  rem Add folders here as needed
  "D:\Applied Biosystems\3500\DataStore\PlateRecord"
) do icacls %%D /inheritance:d

Open in new window


Remove any denied and granted rights to user. Then grant (replace existing rights) user modify rights...
for /D %%D in (
  rem Add folders here as needed
  "D:\Applied Biosystems\3500\DataStore\PlateRecord"
) do icacls %%D /remove:d TheUser /remove:g TheUser /grant:r TheUser:(OI)(CI)M

Open in new window


About ICACLS usage...
https://ss64.com/nt/icacls.html
https://technet.microsoft.com/en-us/library/cc753525(WS.10).aspx
NVITEnd-user support

Commented:
Solutions given by Qlemo and NVIT.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial