“Delete” and “Delete subfolders and files” permissions must be set to “Deny” using batch-script or power-shell or an other way

Hi All,

Want to apply “Delete” and “Delete subfolders and files” permissions must be set to “Deny” for following folders:
o D:\AB\2100\Data
o D:\AB\2100\DataStore
o D:\AB\MicroSEQID\data\DataStore
o D:\ABC\2100 Data*

can we write a batch file to make the same change of DENY to all the folder in one go.
suraj badheAsked:
Who is Participating?
 
QlemoConnect With a Mentor Batchelor, Developer and EE Topic AdvisorCommented:
This should work if in a batch file. If you want to run it directly in a command prompt instead, replace %% by %.
Replace TheUser by the group or user you want to apply that denial to.
@echo off
for /D %%D in (
  D:\AB\2100\Data
  D:\AB\2100\DataStore
  D:\AB\MicroSEQID\data\DataStore
  D:\ABC\2100 Data*
) do icacls %%D /deny TheUser:D

Open in new window

1
 
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
Are you aware that this also prohibits renaming?
0
 
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
I'm on mobile now, not able to look up the necessary details, but have you considered using the icacls tool?
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
suraj badheAuthor Commented:
Yes, i know that it prohibits renaming.
icacls tool?
0
 
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
icacls.exe is part of Windows, you can run it in a command prompt. You can try yourself ...
1
 
CEHJCommented:
Not worth a script. Try icacls as suggested. Not a Java question either!
0
 
suraj badheAuthor Commented:
Thanks, Qlemo.

It works.
Could you please let me know if I have to Allow "delete and Delete subfolders and files"  permission to some of the subfolders from the folder to which we have applied deny permission.

EX:
D:\AB\2100\DataStore - Deny "delete and Delete subfolders and files"
D:\Applied Biosystems\3500\DataStore\PlateRecord - Allow  "delete and Delete subfolders and files"

Here i want to apply "delete and Delete subfolders and files" permission to allow for some of the subfolders and it should be denied for the main folder.Could you please help me with that.
0
 
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
That is more difficult. A Deny permission trumps Allow, so you'll have to remove inheritance and set up an own set of permissions.
0
 
suraj badheAuthor Commented:
Hi,

Could you please help with some example.
0
 
NVITConnect With a Mentor Commented:
In case Qlemo doesn't get back to you in time...

Remove any existing inheritance and copy existing ACEs...
for /D %%D in (
  rem Add folders here as needed
  "D:\Applied Biosystems\3500\DataStore\PlateRecord"
) do icacls %%D /inheritance:d

Open in new window


Remove any denied and granted rights to user. Then grant (replace existing rights) user modify rights...
for /D %%D in (
  rem Add folders here as needed
  "D:\Applied Biosystems\3500\DataStore\PlateRecord"
) do icacls %%D /remove:d TheUser /remove:g TheUser /grant:r TheUser:(OI)(CI)M

Open in new window


About ICACLS usage...
https://ss64.com/nt/icacls.html
https://technet.microsoft.com/en-us/library/cc753525(WS.10).aspx
1
 
NVITCommented:
Solutions given by Qlemo and NVIT.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.