5

I want to restrict the access for everything inside the work directory to me and the system only. I tried this with the following command:

cacls.exe work /t /p 'PIXLA09\Maaartin:f' 'NT AUTHORITY\SYSTEM':f

However it doesn't work at all. The following command should show only the two specified users but instead shows a very long list of permissions:

cacls.exe work/somedirectory

I tried to use /g instead of /p, too. Since I didn't use /e the permissions shouldn't get edited but replaced.

Any ideas what's wrong?

Gareth
  • 19,080
maaartinus
  • 3,392
  • 8
  • 33
  • 42

1 Answers1

1

There might be a small error in your first commandline. The :f should be outside the quotation marks. It also seems that you have used single quotes instead of double quotes. That didn't work when I tried it.

This command line worked OK for me:

cacls test /t /g "computername\sahmeepee":f "system":f

or using your names:

cacls work /t /g "PIXLA09\Maaartin":f "system":f

Another possible issue is the strange order in which the cacls command seems to apply permission changes. If you run the command above, but instead of your own account you grant permissions to someone else's, only the directory "test" will be affected - not its subdirectories. This is because the command seems to make changes from the top down, rather than from the bottom up, so when it comes to edit the ACLs on the subdirectories it no longer has permission!

sahmeepee
  • 1,717