How to deny execution of a file although allow deletion of it (XCACLS/ICACLS)

Question

Very frustrating problem, as the title suggests, I am trying to deny the user from executing the file, although I want to allow them to be able to delete the file

icacls bat.exe /grant *S-1-1-0:(D) /deny *S-1-1-0:(RX,WDAC)

I have tried a good few combinations, but having no luck :(

Any help would be greatly appreciated

Only been 15 minutes. Give it some time – Nixphoe Jun 15 '11 at 17:55 — Nixphoe, Jun 15 '11 at 17:55
@Nixphoe Shall do, very new to these Q&A sites :) – Ben Jun 15 '11 at 17:58 — Ben, Jun 15 '11 at 17:58
icacls bat.exe /deny *S-1-1-0:(X) – Ben Jun 15 '11 at 18:33 — Ben, Jun 15 '11 at 18:33

score 1 · Answer 1 · edited Jun 19 '13 at 00:52

1

You just need to use /deny and X.

i.e.:

icacls bat.exe /deny *S-1-1-0:(X)

This will allow a user to delete the file but not execute it.

edited Jun 19 '13 at 00:52

slm

7,615
16
56
76

answered Jun 18 '13 at 22:45

Graham Ansell

11
1

How to deny execution of a file although allow deletion of it (XCACLS/ICACLS)

1 Answers1