Edit inherited ACE's using icacls

Posted by RedPheonix on Server Fault See other posts from Server Fault or by RedPheonix
Published on 2010-03-22T19:21:41Z Indexed on 2010/03/22 19:31 UTC
Read the original article Hit count: 405

Filed under:

permissions

I am trying to write a script that will allow me to replace the user associated with certain permissions with another username. For example say I have a user Administrators and a user Administrator. Using icacls.exe I want to be able to replace all of the permissions given to Administrators and give them to Administrator. I also want to remove all instances of Administrators. So far I have used the following commands:

icacls File1.txt /save acls.bin
icacls . /substitute Administrator Administrators /restore acls.bin

But when I run icacls File1.txt I get:

User-PC\Administrator:(F)
NT AUTHORITY\SYSTEM:(I)(F)
BUILTIN\Administrators:(I)(F)
User-PC\User:(I)(F)

I have read that icacls has trouble dealing with inherited permissions but I was wondering if there was a method that allowed you to edit all of the permissions including the inherited ones.

Related posts about permissions

Mailman Error / Cpanel

as seen on Server Fault - Search for 'Server Fault'
Mailman is giving off this error when any changes are made to the list: ======================= Bug in Mailman version 2.1.14 We're sorry, we hit a bug! Please inform the webmaster for this site of this problem. Printing of traceback and other system information has been explicitly… >>> More
NTFS Permissions - Correct combinations of special access permissions

as seen on Server Fault - Search for 'Server Fault'
What would be the correct combination of NTFS special access permissions to allow an AD group (Authenticated Users) to copy files to a share, but after copying no one in the AD group should be allowed to edit, overwrite, rename, or delete the file? The AD group should also be able to copy files from… >>> More
FTP, permissions: I cannot see permissions but I can change them

as seen on Super User - Search for 'Super User'
hi, I'm browsing a server with my ftp client. When I try to get the information about a folder, I cannot see the permissions (all rwx checkboxes are uncecked). If i try to check one of it, the opeartion is succesfull (I don't get any error), but then when I come back it is again unchecked. What… >>> More
Snow Leopard doesn't repair permissions, despite showing / saying its fixed them?

as seen on Super User - Search for 'Super User'
Sometime ago, I used carbon copy as I was replacing my hard drive in my Mac Mini running Snow Leopard. Afterwards, on my new drive I had some permission problems. I've tried several times running a repair permissions / repair disk from disk util. It shows that there are problems and I think it says… >>> More
IIS Permissions or NTFS Permissions?

as seen on Pro Webmasters - Search for 'Pro Webmasters'
I currently have a Windows Server 2003 setup to serve multiple sites via IIS. One of our directories needs to allow access to only 1 specific AD Security Group. I know there are two ways to accomplish this. One is using IIS to add permissions and the other is to set permissions on the folder/directory… >>> More

Developer IT