Edit inherited ACE's using icacls
Posted
by RedPheonix
on Server Fault
See other posts from Server Fault
or by RedPheonix
Published on 2010-03-22T19:21:41Z
Indexed on
2010/03/22
19:31 UTC
Read the original article
Hit count: 410
permissions
I am trying to write a script that will allow me to replace the user associated with certain permissions with another username. For example say I have a user Administrators and a user Administrator. Using icacls.exe I want to be able to replace all of the permissions given to Administrators and give them to Administrator. I also want to remove all instances of Administrators. So far I have used the following commands:
icacls File1.txt /save acls.bin
icacls . /substitute Administrator Administrators /restore acls.bin
But when I run icacls File1.txt
I get:
User-PC\Administrator:(F)
NT AUTHORITY\SYSTEM:(I)(F)
BUILTIN\Administrators:(I)(F)
User-PC\User:(I)(F)
I have read that icacls has trouble dealing with inherited permissions but I was wondering if there was a method that allowed you to edit all of the permissions including the inherited ones.
© Server Fault or respective owner