How to give file permissions to AzureAD user on windows 10?
Solution 1
Thanks to Arni on this thread for the answer:
You can try the following command line. After adding an ACL entry, the Security dialog will display the user and you can change the permissions there.
CACLS "C:\YourPath" /T /E /G AzureAD\FirstLast:C
Solution 2
My cheating way: Add the Azure user to a unique local group "net localgroup groupname domain\user /add" Then give local group permissions
Related videos on Youtube
Rory
Updated on September 18, 2022Comments
-
Rory over 1 year
I'm on a Win10 workstation that's joined to AzureAD like this. How can I grant file permissions to an AzureAD user? When I try to use the File Properties > Security > Edit > Add dialog I can't find/select any users on the AzureAD domain, including the currently logged in user. Entering
AzureAD\FirstLast
and clicking Check Names gives this:In general this sort of thing seems to be a problem with AzureAD-joined accounts: windows appears to not know about them, e.g. when adding them to SQL Server. Or perhaps I just don't know the right way to refer to these users?
-
David Diez about 7 yearsBeing Administrator on my account the output on the console says
Access is denied
to:CACLS "C:" /T /E /G AzureAD\UserName:F
-
David Diez about 7 yearsWith
ICACLS "C:" /grant :r AzureAD\UserName:F
also fails... -
Rory about 7 years@DavidDiez are you running the console window with elevated rights (as Administrator)?
-
David Diez about 7 years@@Rory Yes, I am running the console with elevated rights
-
mpowrie over 4 yearscacls is now deprecated. The equivalent icacls command is:
icacls "C:\yourpath" /t /grant azuread\FirstLast:M
-
Christian Davén over 4 years... but first, create the local group with:
net localgroup GroupName /add
-
Gerneio about 4 years+1 Just had to say this worked perfectly, when other options failed. Just used the icacls variant instead though