I am trying to use icacls to set permissions for a domain group, but for some reason it is not working.
icacls "C:\Temp\ACL" /T /C /grant ("Everyone"+':F') ("System"+':F') ("Administrators"+':F') ("DOMAIN\groupname"+':C') >> C:\temp\c.log
I am trying to run it with Powershell, but I get the following error:
Invalid parameter "DOMAIN\groupname:C"
I have tried multiple solutions, and it works without ("DOMAIN\groupname"+':C')
.
Best Answer
I had an old script that did this... your code looked correct, very similar to mine. However I was granting Full control, and you were granting Change. Other CLI tools like
SUBINACL
,CALCS
have used "C" for Change, but it would seemICACLS
decided to use "M" for Modify.If you change
("DOMAIN\groupname"+':C')
to("DOMAIN\groupname"+':M')
you'll have better luckFrom the ICACLS usage output: