![]() Remember, the intended permission is Deny, Domain Users, Delete, This Folder Only. But finally I found a difference when I asked SetACL to report the results in SDDL format (SDDL is 'Security Descriptor Definition Language') The permissions were completely identical when SetACL reported them in tabular or CSV (i.e. Instead I tried a program called SetACL and used it to compare the permissions for the folder in the two situations (set-by-GUI and set-by-icacls). I had a look at XCACLS but it doesn't work on Server 2012. The /e option you mention is not included in ICACLS. I have UAC disabled so I am always running on elevated rights. Has anyone else encountered this behaviour after using ICACLS? How can I fix the problem? I don't want to have to use the GUI - I need to add the permission to dozens of folders. So why on earth is it that the domain users have no problem opening the folder when it's set via GUI, but get 'Access Denied' when it's set via ICACLS? I'm mystified. I compared the two permissions reports in Excel, and the reports are completely identical (apart from the cell containing with the report date and time of course). I even ran an NTFS permissions report on the folder when the permission is set via GUI and another when it's set via ICACLS. The ICACLS command executes successfully, and when I check the folder permissions in the GUI afterwards, they look identical to how they look when I use the GUI to add the permission. The ICACLS command I'm using is ICACLS "" /deny "Domain Users":(d) However, when I apply the permission using ICACLS, suddenly everybody in Domain Users gets an 'Access is denied' error when they try to open the folder! I can apply the permission to the folder using the GUI (Advanced Security Settings) with no problems. The permission is: Deny, Domain Users, Delete, This Folder Only. I need to apply an NTFS permission to a bunch of folders so I would prefer to do it via a script than via the GUI. Hi, I have a Windows 2012 R2 file server that's showing some odd behaviour. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |