472 |
472 |
473 ``icacls`` allow option: |
473 ``icacls`` allow option: |
474 |
474 |
475 * ``/c`` - Continues the operation despite any file errors. Error messages will |
475 * ``/c`` - Continues the operation despite any file errors. Error messages will |
476 still be displayed. |
476 still be displayed. |
477 * ``/t`` - Performs the operation on all specified files in the current |
477 * ``/t`` - Apply recursively. |
478 directory and its subdirectories. |
|
479 * ``/l`` - Performs the operation on a symbolic link versus its destination. |
478 * ``/l`` - Performs the operation on a symbolic link versus its destination. |
480 * ``/q`` - Suppresses success messages. |
479 * ``/q`` - Suppresses success messages. |
481 |
480 |
|
481 Permissions description:: |
|
482 |
|
483 * ``f`` - full control |
|
484 * ``CI`` = Container Inherit - This flag indicates that subordinate containers will |
|
485 inherit this ACE. |
|
486 * ``OI`` = Object Inherit - This flag indicates that subordinate files will inherit |
|
487 the ACE. |
|
488 |
|
489 To review current permissions:: |
|
490 |
|
491 cmd> icacls %dir% /t |
|
492 |
|
493 .. note:: To get brief view of permissions use ``AccessEnum`` utility from |
|
494 Sysinternals. |
|
495 |
482 Recursively change the owner of all matching files to the specified user:: |
496 Recursively change the owner of all matching files to the specified user:: |
483 |
497 |
484 cmd> icacls %dir% /setowner %user% /t /c |
498 cmd> icacls %dir% /setowner %user% /t /c |
485 |
499 |
486 or simply:: |
500 or simply:: |
487 |
501 |
488 cmd> takeown /r /f %file% |
502 cmd> takeown /r /f %file% |
|
503 |
|
504 .. note:: Sometimes you don't have enough permssion to change permission. Run |
|
505 commands from administrator shell. |
489 |
506 |
490 Recursively grand full access for everyone:: |
507 Recursively grand full access for everyone:: |
491 |
508 |
492 cmd> icacls %dir% /t /grant:r %user%:(f) |
509 cmd> icacls %dir% /t /grant:r %user%:(f) |
493 cmd> icacls %dir% /t /grant:r *S-1-1-0:(f) |
510 cmd> icacls %dir% /t /grant:r *S-1-1-0:(f) |
494 |
511 |
|
512 Somtimes it fail due to permission inheritance, thry strip them:: |
|
513 |
|
514 cmd> icacls %dir% /inheritance:r /t /grant:r %user%:(f) |
|
515 |
495 Remove all permissons from file (first reset to inherited, then remove inherited):: |
516 Remove all permissons from file (first reset to inherited, then remove inherited):: |
496 |
517 |
497 cmd> icacls %FILE% /reset |
518 cmd> icacls %FILE% /reset |
498 cmd> icacls %FILE% /inheritance:r |
519 cmd> icacls %FILE% /inheritance:r |
499 |
520 |
|
521 https://technet.microsoft.com/en-us/library/cc753525.aspx |
|
522 Icacls. |
500 http://support.microsoft.com/kb/919240 |
523 http://support.microsoft.com/kb/919240 |
501 The ``Icacls.exe`` utility is available for Windows Server 2003 with Service Pack 2. |
524 The ``Icacls.exe`` utility is available for Windows Server 2003 with Service Pack 2. |
|
525 https://technet.microsoft.com/en-us/library/2009.07.geekofalltrades.aspx |
|
526 Geek of all Trades Setting Permissions from the Command Line. |
502 |
527 |
503 User management |
528 User management |
504 =============== |
529 =============== |
505 |
530 |
506 List available users:: |
531 List available users:: |