Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Wednesday, October 21, 2009 10:50 PM
I want to script a job on a server 2008 box that saves ACLs for specific objects for possible recovery. I cannot find anything on return codes for icacls. Does a return code of zero indicate a suucessful completion?
Thanks,
Leon
All replies (3)
Thursday, October 22, 2009 8:59 AM ✅Answered
Hi Leonv,
To save ACLs for a specific object, you can run the following command:
"icacls c:\windows\test.txt /save aclfile"
The return code should be like " Successfully processed 1 files; Failed processing 0 files" which mean the ACLs has been saved successfully for the file without failure.
If you want to save multi file's ACLs, please check the following sample command:
"icacls c:\windows\ /save AclFile /T"
Return Code:
c:\windows\System32\.....: Access is denied.
Successfully processed 19271 files; Failed processing 1 files
The output will illustrate you how many successfully and failed processed.
For more information, you can refer to:
http://technet.microsoft.com/en-us/library/cc753525(WS.10).aspx
Best Regards,
Wilson JiaThis posting is provided "AS IS" with no warranties, and confers no rights.
Monday, October 26, 2009 9:28 AM ✅Answered
Hi Leonv,
I performed a test on my side and could reproduce the behavior exactly. In my test, the icaclsout file was created properly although the prompt indicated that no file was processed.
According to TechNet Library's explanation about Icacls command, the /q swich indicates that Icacls should Suppress successful messages. I think that's why you receive the message " Successfully processed 0 files; Failed processing 0 files " when you add "/q" option in the icacls command. If the output iscaclsout file contains the correct content, you can safely ignore the output indication. The icalcs tool has been executed properly.
This posting is provided "AS IS" with no warranties, and confers no rights.
Friday, October 23, 2009 3:57 PM
Thanks for the reply Wilson. I've been doing some testing based on your feedback. If I add the /Q option (surpress success messages) so I don't get all the
processed file: xxxxxx
messages, the return says 0 files.
example without q
**C:\icacls c:\windows\ /save icaclsout.txt
processed file: c:\windows\AppPatch
processed file: c:\windows\assembly
processed file: c:\windows\bfsvc.exe
.
.
.
processed file: c:\windows\default.pif
Successfully processed 186 files; Failed processing 0 files
**
Same but with /q
**C:>icacls c:\windows\ /q /save icaclsout.txt
Successfully processed 0 files; Failed processing 0 files
**
Because the actual script will be doing a large data store (with /t option) I really want to surpress all the extraneous output the way I could with subinacl in server 2003.
Is the /q broken?