Deny all folders permission from all users/administrators via CMD/Batch in Windows 7/8/10

windows batch-file cmd permissions command
10,952

Solution 1

Try this code

cacls D:\Desktop\Test /e /c /d %username%

I hope I have helped you, This will change the permissions to ALL deny. To undeny it simply do this code

cacls D:\Desktop\Test /e /c /g %username%:f

Solution 2

I think you should learn more about NTFS permissions (technically, the Discretionary Access Control Lists (DACL)) before complaining the appearances of the GUI.

The Security tab in files' Properties dialog box have limited control over what permissions you can allow, and what you can deny. You should also ideas about the purposes of the built-in user groups, because specifically, the groups that appear in the GUI are never the only groups your system has (it only shows users or groups that have permission entries applied on the files).

For now, I will assume that you want to deny access to Everyone.

First: simply clicking Deny on Full control on all the users on the list is not enough.

You need to Deny two groups for this: the Everyone group and the Anonymous Logon group. (Because "Everyone" no longer includes anonymous logon since Windows XP)

After everyone is denied, it might be a good idea to remove inherited permission entries as well, since they no longer apply and waste your system a little time processing those entries.

With the guide above, I think you can teach yourself to operate all these on the GUI. The result should look something like this:

Advanced Security Settings for a folder that denies all access by everyone

If you still have no idea what to do, here is the command-line equivalent (using icacls command - you need Windows Vista SP1 or later because of /inheritance option):

rem /inheritance:r - Remove all inherited entries
rem /deny - Set denial of permissions
rem (OI) - "Object inherit" - Also applies to files within the folder
rem (CI) - "Container inherit" - Also applies to subfolders
rem (F) - "Full control"
icacls /inheritance:r /deny "Everyone:(OI)(CI)(F)" "ANONYMOUS LOGON:(OI)(CI)(F)"

If the names "Everyone" or "Anonymous Logon" don't work for you...

icacls /inheritance:r /deny "*S-1-1-0:(OI)(CI)(F)" "*S-1-5-7:(OI)(CI)(F)"

(Yes, it's the same thing, but with SIDs specified in place of user names.)

Here is one caveat though: The owner of the files can change permissions whenever they want. And the Administrators can change the owner of the files at least to themselves. These are special privileges granted by the system that you can't deny, so with a bit of effort, all process of setting this DACL are reversible by Administrators.

Share:
10,952
rafaelfndev
Author by

rafaelfndev

Updated on June 04, 2022

Comments

  • rafaelfndev
    rafaelfndev almost 2 years

    I need to deny all folder permissions for all users, include administrators and others groups via batch file.

    I found two topics about this, but i can't solve my problem

    icacls Deny Everyone Directory Delete Permission

    How to grant permission to users for a directory using command line in Windows?

    This command works icacls D:\Desktop\test /deny Administrator:(OI)(CI)(DE,DC) , but this command affects only special permissions:

    enter image description here

    But I need to deny all others permissions like image:

    enter image description here

    I need to deny all permissions to all all users (administrators, system, and others) via batch, so that nobody can access this folder, not even the system, or the creator of the folder.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Find a program and run it through command prompt
Batch program to to check if process exists
How To Launch Git Bash from Windows Command Line?
Get only ethernet MAC-address via command prompt
Batch - Store command output to a variable (multiple lines)
Unzip all zip files in all subfolders
How to start PowerShell script from BAT file with proper Working Directory?
Show balloon notifications from batch file
How to split string using batch file?
Batch File execution on remote windows server via batch file on another windows server