icacls to resolve "File/Directory is not readable"

I'm running Windows Server 2016 and attempting to grant a non-administrative user enough credentials to be able to run a script.

When I run this as the user in question, I get the error "File/Directory in not readable", as demonstrated in this screenshot:

file-directory-not-readable.png
That said, I've used the following icacls permissions:

icacls "D:\LogFiles" /grant DOMAIN\USER:(OI)(CI)RD

Open in new window


and I'm still getting the error.

Can someone please do a sanity check on this one for me? What should I be assigning to D:\LogFiles so that the folder and all subfolders are readable for copying?

Thanks!
TessandoIT AdministratorAsked:
Who is Participating?
 
NVITCommented:
This gives Read and Execute...
icacls "D:\LogFiles" /grant DOMAIN\USER:(OI)(CI)(RX)

Open in new window


Of course, that assumes that USER is not in another right that blocks or restrict the same folder.
0
 
TessandoIT AdministratorAuthor Commented:
Thank you, NVIT. This is, however, now working and I'm getting the same error. Please note that it's not readable in the subfolder :

warning: Skipping file D:\LogFiles\reporting-images.domain.com\W3SVC14. File/Directory is not readable.

Open in new window


I was under the impression that:

OI is Object inherit, e.g. "This folder and files. (no inheritance to subfolders)" and
CI is Container inherit "This folder and subfolders"

There is no blocking or restrictions on this folder, btw. This includes the user in question.

What am I missing here?
0
 
NVITCommented:
> ...it's not readable in the subfolder

But other sub files/folders are readable?
0
Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

 
TessandoIT AdministratorAuthor Commented:
No, they are not. Sorry that wasn't clear. I just manually ran a sub-folder hard-coded to the script and it also gives me a "File/Directory is not readable." error as well.

Should I be logging out of the Command Prompt window in order for permissions to take or something?
0
 
TessandoIT AdministratorAuthor Commented:
I went ahead and listed permissions on the folder that I want to change. I'm not sure why there are two instances of the user (in this case, "scheduled_tasks" - which is the User I want to change. Maybe this will jar something:

icacls-scheduled_tasks.png
Thanks again for your help.
0
 
TessandoIT AdministratorAuthor Commented:
I was able to fix this by first removing all previous permissions changes I made.

This was done using:

icacls  "D:\LogFiles"  /remove USER /T

I then was able to simply assign READ permissions and it worked as both the User and Scheduled Task:

icacls "D:\LogFiles" /grant DOMAIN\USER:R /T

Thank you for your help. :-)
0
 
NVITCommented:
I'm glad you got it working... Yes. It can get confusing. As I first mentioned "...that assumes that USER is not in another right that blocks or restrict the same folder". And that, you found and figured out the fix for.

Happy Holidays!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.