icacls adding additional explicit entry

690 views Asked by At

I'm running this command on a folder structure in order for all files and folders to recursively inherit the SYSTEM account with full control (and correct inheritance):

icacls V:\path\*.* /T /C /Q /grant SYSTEM:(OI)(CI)F

This appears to work as expected, but when I go into the advanced permissions settings, there are two permission entries for SYSTEM: One is inherited (as I'd expect), but then there is an additional entry which says "not inherited"..

Is it possible to add a flag so that only the inherited permission entry gets applied? I'm confused as to why two entries need to be added to each file and folder.

I've thoroughly read the icacls /? documentation and attempted many different combinations to no avail.

Many thanks for any suggestions.

1

There are 1 answers

1
Bobtb On BEST ANSWER

If you inherit permissions from parent and add specific permissions for an account that is already inherited, you will always have 2 (or more) entries for that account. If you want just the 1 entry, you'll have to either remove the account from parent, or stop inheriting from parent and specifically set permissions.