Setting Deny Permissions with ICACLS on "This Folder"

windows permissions ntfs icacls
12,128

For anyone else who finds this 6.5 year old post, this is what fixed things for me - https://devblogs.microsoft.com/oldnewthing/20191118-00/?p=103110 - using OP's original command, you would use ICACLS "{PATH}" /DENY "{AD Group}:(DE)" - simply add DE instead of D, which as the article points out, has a bug or glitch in it where it removes synchronize as well as delete. Annoying, but an easy fix.

Share:
12,128

Related videos on Youtube

Ganske
Author by

Ganske

Updated on September 18, 2022

Comments

  • Ganske
    Ganske over 1 year

    ICACLS "{PATH}" /DENY "{AD Group}:(D)"

    I want to deny the ability for {AD Group} to delete the parent folder but still have permissions to delete child folder and files. However, when I set the DENY Delete on the parent, it prevents Traverse Folder access to the folder.

    I read that this is a synchronize error but if I set (D,S) I can traverse the folder but I can also delete it.

    Currently ACL_FILE_IST is the only permission on the folder.

    Has anyone seen a workaround?

    ICACL COMMANDS

    • ICACLS "C:\TEMP\TestPermissions" /GRANT "ACL_FILE_IST:(OI)(CI)(M)"
    • ICACLS "C:\TEMP\TestPermissions" /DENY "ACL_FILE_IST:(D)"

    ICACLS ACL

    testpermissions

    D:PAI(D;;0x110000;;;S-1-5-21-964777865-1556211951-2005962405-8309)(A;OICI;0x1301bf;;;S-1-5-21-964777865-1556211951-2005962405-8309)

  • Ganske
    Ganske about 10 years
    Unfortunately not. I'm still locked out of the folder.
  • Ben Lavender
    Ben Lavender about 10 years
    Well arn't you supposed to make sure at least someone in the DACL has access?
  • Ganske
    Ganske about 10 years
    Im not trying to lock myself out. I want to lock the folder down for other users so Im trying to get it right using a dummy account but its not working.
  • Ben Lavender
    Ben Lavender about 10 years
    Can you paste the acl here please?
  • Ganske
    Ganske about 10 years
    Ive added it to the original post. Any insight would be appreciated Ben. Thanks!

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to change NTFS ACLs on linux?
Can't write on ntfs partition shared with Windows 10
Mounting NTFS as read-only
Mounting a Windows folder with writing permissions in Ubuntu
How to change permissions on a folder when the owner doesn't have read access and no one else has change permissions enabled?
Why can't I remove a group with icacls from a file after revoking read access?
Access for admins is denied on user profile folders on Windows 7
Is there a solution to replace Account Unknown (S-1-5-21-*) SIDs with existing SID
Allow users to create files but not edit and delete them
NTFS: prevent/deny directory delete in a otherwise "personal" folder