Icacls reset inherited permissions on multi folders

icacls

Looking to find a better way to script this for multiple folders.

Right now I have a icacls script that is reseting permissions on files/folder from a parent folder:

icacls "e:\FTP_Root\user1\*" /q /c /t /reset
icacls "e:\FTP_Root\user2\*" /q /c /t /reset
icacls "e:\FTP_Root\user3\*" /q /c /t /reset

Is there a better way to do this so I don't have to keep adding lines for new users?

Each user folder has its own permissions applied to it so anything inside the users folder gets its permissions reset to inherit from the users folder using the script above.

Best Answer

You can write a for loop which loops through directory names with the /d switch,

for /d %A in (e:\FTP_Root\user*) do (
    icacls "%A\*" /q /c /t /reset
)

You can always test that the loop is going to do what you want by prepending the icacls line with an echo, which will print the command rather than executing it,

@echo icacls "%A\*" /q /c /t /reset

Here it is on one line, for clarity.

for /d %A in (e:\FTP_Root\user*) do icacls "%A\*" /q /c /t /reset

Here's a wee test, given the file tree below

E:\FTP_ROOT
|
+---user1
|       bar.txt
|       baz.txt
|       foo.txt
|
+---user2
|       bar.txt
|       baz.txt
|       foo.txt
|
\---user3
        bar.txt
        baz.txt
        foo.txt


C:\>for /d %A in (e:\FTP_Root\user*) do icacls "%A\*" /q /c /t /reset

C:\>icacls "e:\FTP_Root\user1\*" /q /c /t /reset
Successfully processed 3 files; Failed processing 0 files

C:\>icacls "e:\FTP_Root\user2\*" /q /c /t /reset
Successfully processed 3 files; Failed processing 0 files

C:\>icacls "e:\FTP_Root\user3\*" /q /c /t /reset
Successfully processed 3 files; Failed processing 0 files

You can always add the @echo after the do to check what the command will actually look like before running it for real.

FOR loops in scripts Windows .bat/.cmd scripts require doubled %% with variables, whereas the shell requires just a single %, so in a cmd shell script the loop would look like this:

    for /d %%A in (e:\FTP_Root\user*) do icacls "%%A\*" /q /c /t /reset

Related Solutions

Error using iCacls

Is UAC enabled on your system? You need to run your command prompt as administrator in order for icacls restore to work.

Also - I'm pretty sure the format of your restore command is incorrect. A * will cause icacls to error out because it will look for *\File.zip - what you probably want is:

icacls . /restore aclsFile

Icacls to make folder read-only

Something like this perhaps? Try searching the site, there are many icacls examples.

REM take ownership and reset permissions
TAKEOWN /f "C:\TEMP\Reports" /r /d y
ICACLS "C:\TEMP\Reports" /reset /T
REM grant full control to administrators, read only to everyone else
ICACLS "C:\TEMP\Reports" /grant:r "BUILTIN\ADMINISTRATORS":(OI)(CI)F ^
                         /grant:r "BUILTIN\EVERYONE":(OI)(CI)R ^
REM set inheritance on everything below
ICACLS "C:\TEMP\Reports" /inheritance:r

Best Answer

Related Solutions

Error using iCacls

Icacls to make folder read-only

Related Topic