CACLS "Access is denied"
8,267
Access to a lot of stuff in the Windows folder is restricted to the TrustedInstaller account. This is by design.
http://msdn.microsoft.com/en-us/library/windows/desktop/aa382530%28v=vs.85%29.aspx
Author by
anonymous
Updated on September 18, 2022Comments
-
anonymous over 1 year
I am on Windows Server 2008.
I'm trying to set deny permissions for a certain user on the Windows folder with the following command:
cacls Windows /E /D sneakyUser
I get the error message "Access is denied." I'm running Command Prompt as Administrator.
I also tried ICACLS -- no luck.
icacls Windows /deny sneakyUser:f
These commands work on individual files within the Windows folder, but not on the folder itself. Is this behavior by design, or am I doing something wrong?
Edit: Interestingly enough, the command works fine in Windows Server 2003.
-
Admin about 12 yearswhat about using the GUI method?
-
Admin about 12 years@mdpc - I'm scared to use it because it automatically applies permissions to subfolders.
-
Admin about 12 yearsuse the "Advanced" dialog. In there, you can specify whether the permissions apply to "This folder, subfolders, and files", or "Subfolders and files only".
-
-
anonymous about 12 yearsSo there's no way to change the permissions? In my example, "sneakyUser" is actually one of the anonymous IUSR accounts. I'm trying to protect system files from being read by untrusted code.