Windows 10: Icacls command usage ?

Page 2 of 2 FirstFirst 12
  1.    27 Dec 2015 #11

    icacls "C:\Program Files (x86)\...\...\..." /remove:g
    Correct; if so I'm getting a Invalid Parameter error !
      My ComputerSystem Spec

  2.    27 Dec 2015 #12

    If that is what you entered it is not correct. You haven't specified who you are trying to remove the authority for. You need to enter it exactly as in post #2.

    For example adding full control (commands in bold) using %USERDOMAIN%\%USERNAME% adds the current user (shown in red after granting the authority and displaying it)
    Code:
    Microsoft Windows [Version 10.0.11082]
    (c) 2016 Microsoft Corporation. All rights reserved.
    
    C:\Windows\system32>mkdir "C:\Program Files\Test\Test\Test"
    
    C:\Windows\system32>icacls "C:\Program Files\Test\Test\Test" /grant "%USERDOMAIN%\%USERNAME%":(F) /t
    processed file: C:\Program Files\Test\Test\Test
    Successfully processed 1 files; Failed processing 0 files
    
    C:\Windows\system32>icacls "C:\Program Files\Test\Test\Test"
    
    C:\Program Files\Test\Test\Test WINDOWS-VM2\Hali:(F)
                                    NT SERVICE\TrustedInstaller:(I)(F)
                                    NT SERVICE\TrustedInstaller:(I)(CI)(IO)(F)
                                    NT AUTHORITY\SYSTEM:(I)(F)
                                    NT AUTHORITY\SYSTEM:(I)(OI)(CI)(IO)(F)
                                    BUILTIN\Administrators:(I)(F)
                                    BUILTIN\Administrators:(I)(OI)(CI)(IO)(F)
                                    BUILTIN\Users:(I)(RX)
                                    BUILTIN\Users:(I)(OI)(CI)(IO)(GR,GE)
                                    CREATOR OWNER:(I)(OI)(CI)(IO)(F)
                                    APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(I)(RX)
                                    APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(I)(OI)(CI)(IO)(GR,GE)
    
    Successfully processed 1 files; Failed processing 0 files
    now remove again and specify the same user the current user that was in red is then removed.
    Code:
    C:\Windows\system32>icacls "C:\Program Files\Test\Test\Test" /remove:g "%USERDOMAIN%\%USERNAME%" /t
    processed file: C:\Program Files\Test\Test\Test
    Successfully processed 1 files; Failed processing 0 files
    
    C:\Windows\system32>icacls "C:\Program Files\Test\Test\Test"
    C:\Program Files\Test\Test\Test NT SERVICE\TrustedInstaller:(I)(F)
                                    NT SERVICE\TrustedInstaller:(I)(CI)(IO)(F)
                                    NT AUTHORITY\SYSTEM:(I)(F)
                                    NT AUTHORITY\SYSTEM:(I)(OI)(CI)(IO)(F)
                                    BUILTIN\Administrators:(I)(F)
                                    BUILTIN\Administrators:(I)(OI)(CI)(IO)(F)
                                    BUILTIN\Users:(I)(RX)
                                    BUILTIN\Users:(I)(OI)(CI)(IO)(GR,GE)
                                    CREATOR OWNER:(I)(OI)(CI)(IO)(F)
                                    APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(I)(RX)
                                    APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(I)(OI)(CI)(IO)(GR,GE)
    
    Successfully processed 1 files; Failed processing 0 files
    Without saying from whom you want to remove the rights for you'll get an error.
    Code:
    C:\Windows\system32>icacls "C:\Program Files\Test\Test\Test" /remove:g
    Invalid parameter "/remove:g"
    
    C:\Windows\system32>
    Last edited by lx07; 27 Dec 2015 at 17:32.
      My ComputerSystem Spec

  3.    27 Dec 2015 #13

    A week ago I couldn't write to Program Files or Program Files (x86) even after providing the admin password. Yet,I only applied icacls to Program Files (x86) but I can write to Program Files as well by simply providing the Admin password as I run Windows10 as a standard user; this doesn't make sense.

    Can you by default write to Program Files or Program Files (x86) ?
      My ComputerSystem Spec

  4.    27 Dec 2015 #14

    JerometheGiraff said: View Post
    Can you by default write to Program Files or Program Files (x86) ?
    Only by running as administrator. I can make a new folder by clicking on the administrator shield to get administrator authority.

    Click image for larger version. 

Name:	Capture1.PNG 
Views:	0 
Size:	72.2 KB 
ID:	55663

    But can't save anything as my normal (Admin) user.

    Click image for larger version. 

Name:	Capture2.PNG 
Views:	17 
Size:	9.0 KB 
ID:	55664

    This is correct authorities and should look like this:
    Code:
    Microsoft Windows [Version 10.0.11082]
    (c) 2016 Microsoft Corporation. All rights reserved.
    
    C:\Windows\system32>icacls "C:\Program Files"
    C:\Program Files NT SERVICE\TrustedInstaller:(F)
                     NT SERVICE\TrustedInstaller:(CI)(IO)(F)
                     NT AUTHORITY\SYSTEM:(M)
                     NT AUTHORITY\SYSTEM:(OI)(CI)(IO)(F)
                     BUILTIN\Administrators:(M)
                     BUILTIN\Administrators:(OI)(CI)(IO)(F)
                     BUILTIN\Users:(RX)
                     BUILTIN\Users:(OI)(CI)(IO)(GR,GE)
                     CREATOR OWNER:(OI)(CI)(IO)(F)
                     APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(RX)
                     APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(OI)(CI)(IO)(GR,GE)
    
    Successfully processed 1 files; Failed processing 0 files
    
    C:\Windows\system32>
      My ComputerSystem Spec

  5.    27 Dec 2015 #15

    Hrm. The five levels deep sub-folder to which I wanted to grant write access; this is the info from icacls.

    Everyone(F)
    NT SERVICE\TrustedInstallerI)(F)
    NT SERVICE\TrustedInstallerI)(CI)(IO)(F)
    NT AUTHORITY\SYSTEMI)(F)
    NT AUTHORITY\SYSTEMI)(OI)(CI)(IO)(F)
    BUILTIN\AdministratorsI)(F)
    BUILTIN\AdministratorsI)(OI)(CI)(IO)(F)
    BUILTIN\UsersI)(RX)
    BUILTIN\UsersI)(OI)(CI)(IO)(GR,GE)
    CREATOR OWNERI)(OI)(CI)(IO)(F)
    I ran this command /remove:g %userdomain%\%username% on the 5 levels deep sub-folder as mentioned above. The result;
    Successfully processed 1 files; Failed processing 0 files

    When I ran strictly icacls on the 5 levels deep sub-folder after removing; there remains (F) full access ?

    The frown emicons are really suppose to be right bracket (
      My ComputerSystem Spec

  6.    27 Dec 2015 #16

    OK, you've added Everyone - you can remove it with

    icacls "C:\Program Files\Test\Test\Test" /remove:g Everyone /t

    (Don't forget the /t to process subdirectories also.)

    The rest of it looks OK except you don't have All Application Packages at the bottom (unless it is cut off). That may cause problems for your store apps...

    BTW if you use [code] instead of [quote] tags it doesn't turn things into smileys...
    Code:
    :(
    Last edited by lx07; 27 Dec 2015 at 17:35. Reason: /t
      My ComputerSystem Spec

  7.    27 Dec 2015 #17

    The rest of it looks OK except you don't have All Application Packages at the bottom (unless it is cut off). That may cause problems for your store apps...
    I don't understand ?

    Icacls is a command to give full access to a folder and or any sub-folders that is it's main purpose ?
      My ComputerSystem Spec

  8.    28 Dec 2015 #18

    JerometheGiraff said: View Post
    I don't understand ?

    Icacls is a command to give full access to a folder and or any sub-folders that is it's main purpose ?
    icacls is a command to change or display access. You noticed this earlier

    JerometheGiraff said: View Post
    I found out you can simply type icacls {name of directory} and icacls will list permissions etc, which worked on a simple directory, new to me probably not news to you
    In post #15 you have indicated you have Everyone which you need to remove and you don't have ALL APPLICATION PACKAGES which you should (but perhaps you didn't copy/paste it all into the quote).

    The ALL APPLICATION PACKAGES SID is used by the modern Store Apps so if you are missing this SID in Program Files directory they will not work correctly.

    You need to compare what you have to the defaults which I posted in post #14.
      My ComputerSystem Spec

  9.    28 Dec 2015 #19

    I don't have All Application Packages listed for the 5 level deep sub-folder ?

    Before running this command I couldn't write to any folder in Program Files, then I realized before successfully running the command that I could write to the folder Program Files, when previously even running explorer with admin privileges, I couldn't write to program files, what I find odd.

    Code:
    NT SERVICE\TrustedInstaller:(I)(F)
                                                             NT SERVICE\TrustedInstaller:(I)(CI)(IO)(F)
                                                             NT AUTHORITY\SYSTEM:(I)(F)
                                                             NT AUTHORITY\SYSTEM:(I)(OI)(CI)(IO)(F)
                                                             BUILTIN\Administrators:(I)(F)
                                                             BUILTIN\Administrators:(I)(OI)(CI)(IO)(F)
                                                             BUILTIN\Users:(I)(RX)
                                                             BUILTIN\Users:(I)(OI)(CI)(IO)(GR,GE)
                                                             CREATOR OWNER:(I)(OI)(CI)(IO)(F)
    It could also be that I'm not re-creating the problem and that is where icacls comes into help ? Anyhow I suppose I'll continue to understand this command.
    Last edited by JerometheGiraff; 28 Dec 2015 at 20:41.
      My ComputerSystem Spec


 
Page 2 of 2 FirstFirst 12

Related Threads
Performance & Maintenance Run SFC Command in Windows 10 in Tutorials
How to Run SFC Command to Repair System Files in Windows 10 The SFC command scans the integrity of all protected system files and replaces incorrect versions with correct Microsoft versions. This tutorial will show you how to run the sfc...
I was wondering why file not found would occur when I try to access a DIR command on a directory.:rolleyes: DIR name >> file.txt Sincerely, Bash
Anyone figured out a use for the Opacity setting for Command Prompt on the Experimental tab? I've tried it at many different settings and I just can't see a use for it.
Solved Command Prompt in General Support
How to call up "command Prompt (Admin) from the "run" dialog box win 10 Home?
Command Prompt? in General Support
Guys, I'm going to try one last time. The error code I received told to me to empty files and then "Run the command prompt as an administrator"?? Then, type wuauclt.exe/update now??......I don't know what run the command prompt means. I have no...

Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 21:52.
Find Us