Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Tuesday, March 26, 2013 6:06 PM
I'm trying to understand how the iCACLS grant:r switch works.
Windows Server 2008 R2 SP2
Users\UserFolder - has Administrator with Full Rights, UserName with Modify - Inheritance turned off
Users\UserFolder\MnO - Has Adminsitrator with Full Rights, UserName with Modify - Inheritance turned on
In windows explorer right click on Users\Userfolder\MnO and add User2 with Read rights
Based on reading this link - http://technet.microsoft.com/en-us/library/cc753525(v=ws.10).aspx
If i use this command - icacls \servername\Div\Case\Mno /grant:r "Domain\User3":(OI)(CI)M. This should remove User2 from the folder. But it does not.
Running this command icacls \servername\Div\Case\Mno /grant:r "Domain\User3":(OI)(CI)M. Gives me the same results of the first command.
What am i doing wrong?
Thanks
Mike
All replies (1)
Thursday, March 28, 2013 1:52 AM âś…Answered
Hi Mike,
From the description:
Grants specified user access rights. Permissions replace previously granted explicit permissions.
Without :r, permissions are added to any previously granted explicit permissions.
It means it will replace/edit the previous granted permission of the specified user with :R.
For example, UserA only has Delete permission on folder E:\folder.
with "icacls e:\folder /grant userA:R", it will add another entry for userA, so now userA has both Read and Delete permission.
with "icacls e:\folder /grant:R userA:R", it will replace the current entry for userA, so now userA has only Read permission and Delete permission is replaced.
TechNet Subscriber Support in forum |If you have any feedback on our support, please contact [email protected].