icacls in windows 7 does not give full permission to write files in root drive
5,516
If it's the users writing to the C:\ drive...
icacls.exe C:\ [Users or group...]:(M,RX,W)
Be aware it will let them write anything to the root of C:\ though.
Related videos on Youtube
Author by
Matthew Rohrich
Updated on September 18, 2022Comments
-
Matthew Rohrich over 1 year
icacls in windows 7 does not give full permission to write files in root drive.
We have a very old application based on Omnis7 that needs to create and read/write files on drive C: when running as a restricted user. In Windows XP to give this permission is quite trivial using cacls.
cacls C:\ /G Everyone:(C)
The equivalent icacls in Windows 7 will not work.
icacls C:\ /Grant Everyone:(M)
I have also tried the following.
icacls C:\ /Grant Everyone:(F) icacls C:\ /Grant Domain\user:(F)
trying to create file with a restricted user gives this
C:\>copy nul text.txt Access is denied. 0 file(s) copied.
After applying the icacls permissions above the result changes to this.
C:\>copy nul text.txt A required privilege is not held by the client. 0 file(s) copied.
Is this an issue with the way I am applying the permissions? Or is Window 7 being extremely strict?
-
Driftpeasant over 12 yearsHave you disabled UAC on the Windows 7 machine?
-
Matthew Rohrich over 12 yearsAlso in case anyone mentions running the app from a scheduled task that has admin rights. This does not work as the app will not run in the foreground unless it is currently logged in user.
-
Driftpeasant over 12 yearsI think that avoiding those rights will be difficult. The reason I ask about UAC is that a lot of Windows 7 actions require UAC confirmation regardless of permission set. So though you may not want to turn off UAC, it may be the only way to run the app short of giving the user admin rights. I'd give it a shot in test, at least.
-