Edit inherited ACE's using icacls

Posted by RedPheonix on Server Fault See other posts from Server Fault or by RedPheonix
Published on 2010-03-22T19:21:41Z Indexed on 2010/03/22 19:31 UTC
Read the original article Hit count: 410

Filed under:

I am trying to write a script that will allow me to replace the user associated with certain permissions with another username. For example say I have a user Administrators and a user Administrator. Using icacls.exe I want to be able to replace all of the permissions given to Administrators and give them to Administrator. I also want to remove all instances of Administrators. So far I have used the following commands:

icacls File1.txt /save acls.bin
icacls . /substitute Administrator Administrators /restore acls.bin

But when I run icacls File1.txt I get:

User-PC\Administrator:(F)
NT AUTHORITY\SYSTEM:(I)(F)
BUILTIN\Administrators:(I)(F)
User-PC\User:(I)(F)

I have read that icacls has trouble dealing with inherited permissions but I was wondering if there was a method that allowed you to edit all of the permissions including the inherited ones.

© Server Fault or respective owner

Related posts about permissions