I'm trying to deny only write access to some folders using:
icacls "C:\Temp\otentu\*" /deny Everyone:(OI)(CI)(W)
In effect I can't also open subfolders. When I doing this same via UI I can open them.
So after running this command when I go "Permissions" screen and just uncheck/check Deny Write and click OK I can open this folder and list items. There is no differences in checked items on "Advanced permissions" tab after this action.
C:\Temp\otentu\ is main folder with 2 subfolders, and we have two stories here:
- Using UI I'm addig Deny Write to Everyone for one subfolder.
- I'm calling above
icacls. Screenshot is showing that result of both of them is this same for this folder - other settings are untouched. After 1 I can open subfolder, after 2 I can't.
Can someone help what I missing here?
EDIT:
I run icacls "C:\Temp\otentu" /T /C /L /Q for each scenario - no difference at all. To simplify I left only one subfolder.
BEFORE:
C:\Temp\otentu BUILTIN\Administrators:(I)(OI)(CI)(F)
NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)
BUILTIN\Users:(I)(OI)(CI)(RX)
NT AUTHORITY\Authenticated Users:(I)(M)
NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(IO)(M)
C:\Temp\otentu\dwa BUILTIN\Administrators:(I)(OI)(CI)(F)
NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)
BUILTIN\Users:(I)(OI)(CI)(RX)
NT AUTHORITY\Authenticated Users:(I)(M)
NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(IO)(M)
AFTER UI CHANGES:
C:\Temp\otentu BUILTIN\Administrators:(I)(OI)(CI)(F)
NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)
BUILTIN\Users:(I)(OI)(CI)(RX)
NT AUTHORITY\Authenticated Users:(I)(M)
NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(IO)(M)
C:\Temp\otentu\dwa Everyone:(OI)(CI)(DENY)(W)
BUILTIN\Administrators:(I)(OI)(CI)(F)
NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)
BUILTIN\Users:(I)(OI)(CI)(RX)
NT AUTHORITY\Authenticated Users:(I)(M)
NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(IO)(M)
AFTER CMD:
C:\Temp\otentu BUILTIN\Administrators:(I)(OI)(CI)(F)
NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)
BUILTIN\Users:(I)(OI)(CI)(RX)
NT AUTHORITY\Authenticated Users:(I)(M)
NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(IO)(M)
C:\Temp\otentu\dwa Everyone:(OI)(CI)(DENY)(W)
BUILTIN\Administrators:(I)(OI)(CI)(F)
NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)
BUILTIN\Users:(I)(OI)(CI)(RX)
NT AUTHORITY\Authenticated Users:(I)(M)
NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(IO)(M)