Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [icacls]

55 questions
1
vote
1 answer

NTFS permissions inheriting incorrectly as "this folder only"

I have a full directory tree that was migrated from another server. I've created top level folders with the necessary permissions that I wish to propagate to all descendant files and folders. However, inheritance is only working for a single…
Nilpo
  • 123
  • 1
  • 8
0
votes
0 answers

Granting permission to domain user for folder not working

I'm converting my code to use icacls and currently following this tutorial: https://ss64.com/nt/icacls.html. On this part, Grant the user jdoe rights to create, edit and delete files in the folder C:\demo\example\, but prevent deletion of the…
rminaj
  • 121
  • 1
  • 4
0
votes
1 answer

How do I properly order NTFS ACL using icacls?

I have a directory structure 4 subdirectories deep: [Department] -> [Job #] -> [Docs] -> [EMail] At the [Docs] level I have 4 groups inherited from root and one group (st_JobDocs) explicit. All inherit to subfolders. st_JobAdmin: grant F st_Job_R:…
Albion
  • 465
  • 2
  • 6
  • 16
0
votes
1 answer

Windows Services Vulnerable to Tampering Mitigation

I am testing some software with Microsoft's Attack Surface Analyzer. I took a baseline and after installation scan of the software I am testing. When I create a report it shows that a certain service is vulnerable to tampering, See Picture…
0siris
  • 13
  • 1
  • 7
0
votes
1 answer

how to reset original owner after assigning permissions to Windows specific folders using ICACLS and takeown?

For a specific requirement i need to assign permissions to "Starks" for C: and C:\Windows C:\Windows\System32 and few other windows specific folders on a Win7 machine without tampering existing permissions for others. The user i have logged in does…
GhostSpeaks101
  • 101
  • 4
0
votes
1 answer

Find permission of specific account and owner to replace with new account

Using Windows 2008R2. I have an ad account "fileadm" which have some permissions of many folders and files and for some it's a owner. I need to replace this account with another account (with the same permission) and change owner. I found the…
puffydee
  • 1
0
votes
1 answer

How do I provide read-only permission for a user on a Windows File Share?

I am trying to provide read-only permission to folder/sub-folders for particular users in windows NAS server with following scenarios: if user already has some permission remove all of that. provide read permission for both enable/disable…
Hitesh Kumar
  • 101
  • 2
0
votes
1 answer

ICACLS for a remote group on a remote machine

This question concerned a local group. I'm trying to use icacls for a remote group. I've tried this way, but it didn't work : > icacls \\HOST\shared_dir\file.txt /grant "HOST\GROUP":F HOST\GROUP: No mapping between account names and security IDs was…
Amessihel
  • 113
  • 8
0
votes
1 answer

icacls adding SID instead of friendly name

I need to apply the icacls command from a server in the network, for example, server001 to a folder that is on server002. The objective is to add a local security group of server002 on a folder that is on that server, but run the command from the…
Vito
  • 101
  • 4
0
votes
1 answer

Access denied on single file with explicit permissions set

I have a Windows 2008R2 server that has a weird permissions issue. I have a single file in a share that has inheritance disabled and explicit permissions set on the file. The only groups that have entries listed in the security tab for the file…
eljasbo
  • 1
0
votes
0 answers

ICACLS not working from PowerShell

I created a BAT file that executes this C:\Windows\system32\icacls.exe "F:\Users\username" /inheritance:r /T /C /Q It works fine. When I copy the command within a PowerShell, I get error messages C:\Windows\system32\icacls.exe :…
software is fun
  • 306
  • 3
  • 6
  • 14
0
votes
1 answer

icacls for a local group of a remote machine

I'm trying to use icacls to adjust permissions on a remote folder, when the grantee is the local group of the remote server. From machine Foo, I'm trying to grant modify rights for group Bar\Users to a folder on machine Bar. Executing it all on Bar…
Seva Alekseyev
  • 197
  • 2
  • 12
0
votes
1 answer

using icacls to set traverse/execute without setting change permissions

I'm having trouble with network shares. Specifically with mac clients accessing home shares on a NAS. The fix has been to remove certain permissions on the Library folder. in the past, i've used set-acl to set acls on locally mounted drives, but…
flow in
  • 11
  • 4
0
votes
1 answer

Icacls works from command line, not from batch file

The OS is Windows server 2012. I am trying to use command icacls C:\folder\targetfile /grant domain\usergroup:(rx) to give permissions on certain file. The command works when executed on command line. But when I run it from batch file I get the…
Madoc Comadrin
  • 570
  • 4
  • 11
  • 29
0
votes
1 answer

icacls to make folder read-only

I'm just learning about icacls to set permissions to a folder. Better yet, I want to make sure that a folder is readonly. Anyone have any ideas? C:>icacls.exe C:\TEMP\Reports [switches]
coson
  • 111
  • 1
  • 2
1 2
3
4