Icacls Grant all users access to a folder including new files?
You're enabling inheritance for this item separately from its ACL entries. This means it will receive ACEs from its parent. It has absolutely nothing to do with whether it'll give its own custom ACEs to be inherited by children.
You have to mark each ACL entry as inheritable, separately for child files (object inherit) and child folders (container inherit):
icacls foo /grant Everyone:(OI)(CI)F
This is equivalent to the "Inherit: [Files and subfolders]" drop-down in Properties – Security – Advanced.
When you add ACEs marked inheritable, icacls will propagate them automatically and the /T option is unnecessary (maybe even slightly harmful).
Related videos on Youtube
05 : 11
07 : 28
05 : 37
01 : 25
07 : 06
Mark Deven
Updated on September 18, 2022Comments
-
Mark Deven almost 2 years
I use the following command (in an admin batch file) to grant all users (specifically users on the network) full access to a folder and all its contents:
Icacls %fold% /grant Everyone:F /inheritance:e /THowever, it is not applying these settings to files newly created. What am I missing in the Icacls command?
-
Biswapriyo almost 6 yearsTip: First usetakeownthenicacls.Everyonecan be replaced with current user name. -
user1686 almost 6 years@Biswapriyo: Why would you do that? OP specifically wants to grant access to all users, not just to themselves.
-
Mark Deven almost 6 yearsquestion, what do I put in the place of
foo? Or is that what I should have there? -
Vomit IT - Chunky Mess Style almost 6 years@MarkDodsonsfoowill be replaced by%fold%... it's just the folder path. -
Mark Deven almost 6 yearsthanks. Does foo usually refer to the folder or file in question?
-
user1686 almost 6 yearsIt is a commonly used placeholder word. Just like your
%Fold%in your own example, it refers to whatever it needs to refer at the given moment, and you're expected to substitute it with the real thing, be it a file or something else.
