New
#11
Correct; if so I'm getting a Invalid Parameter error !icacls "C:\Program Files (x86)\...\...\..." /remove:g
Correct; if so I'm getting a Invalid Parameter error !icacls "C:\Program Files (x86)\...\...\..." /remove:g
If that is what you entered it is not correct. You haven't specified who you are trying to remove the authority for. You need to enter it exactly as in post #2.
For example adding full control (commands in bold) using %USERDOMAIN%\%USERNAME% adds the current user (shown in red after granting the authority and displaying it)now remove again and specify the same user the current user that was in red is then removed.Code:Microsoft Windows [Version 10.0.11082] (c) 2016 Microsoft Corporation. All rights reserved. C:\Windows\system32>mkdir "C:\Program Files\Test\Test\Test" C:\Windows\system32>icacls "C:\Program Files\Test\Test\Test" /grant "%USERDOMAIN%\%USERNAME%":(F) /t processed file: C:\Program Files\Test\Test\Test Successfully processed 1 files; Failed processing 0 files C:\Windows\system32>icacls "C:\Program Files\Test\Test\Test" C:\Program Files\Test\Test\Test WINDOWS-VM2\Hali:(F) NT SERVICE\TrustedInstaller:(I)(F) NT SERVICE\TrustedInstaller:(I)(CI)(IO)(F) NT AUTHORITY\SYSTEM:(I)(F) NT AUTHORITY\SYSTEM:(I)(OI)(CI)(IO)(F) BUILTIN\Administrators:(I)(F) BUILTIN\Administrators:(I)(OI)(CI)(IO)(F) BUILTIN\Users:(I)(RX) BUILTIN\Users:(I)(OI)(CI)(IO)(GR,GE) CREATOR OWNER:(I)(OI)(CI)(IO)(F) APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(I)(RX) APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(I)(OI)(CI)(IO)(GR,GE) Successfully processed 1 files; Failed processing 0 filesWithout saying from whom you want to remove the rights for you'll get an error.Code:C:\Windows\system32>icacls "C:\Program Files\Test\Test\Test" /remove:g "%USERDOMAIN%\%USERNAME%" /t processed file: C:\Program Files\Test\Test\Test Successfully processed 1 files; Failed processing 0 files C:\Windows\system32>icacls "C:\Program Files\Test\Test\Test" C:\Program Files\Test\Test\Test NT SERVICE\TrustedInstaller:(I)(F) NT SERVICE\TrustedInstaller:(I)(CI)(IO)(F) NT AUTHORITY\SYSTEM:(I)(F) NT AUTHORITY\SYSTEM:(I)(OI)(CI)(IO)(F) BUILTIN\Administrators:(I)(F) BUILTIN\Administrators:(I)(OI)(CI)(IO)(F) BUILTIN\Users:(I)(RX) BUILTIN\Users:(I)(OI)(CI)(IO)(GR,GE) CREATOR OWNER:(I)(OI)(CI)(IO)(F) APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(I)(RX) APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(I)(OI)(CI)(IO)(GR,GE) Successfully processed 1 files; Failed processing 0 filesCode:C:\Windows\system32>icacls "C:\Program Files\Test\Test\Test" /remove:g Invalid parameter "/remove:g" C:\Windows\system32>
Last edited by lx07; 27 Dec 2015 at 17:32.
A week ago I couldn't write to Program Files or Program Files (x86) even after providing the admin password. Yet,I only applied icacls to Program Files (x86) but I can write to Program Files as well by simply providing the Admin password as I run Windows10 as a standard user; this doesn't make sense.
Can you by default write to Program Files or Program Files (x86) ?
Only by running as administrator. I can make a new folder by clicking on the administrator shield to get administrator authority.
But can't save anything as my normal (Admin) user.
This is correct authorities and should look like this:Code:Microsoft Windows [Version 10.0.11082] (c) 2016 Microsoft Corporation. All rights reserved. C:\Windows\system32>icacls "C:\Program Files" C:\Program Files NT SERVICE\TrustedInstaller:(F) NT SERVICE\TrustedInstaller:(CI)(IO)(F) NT AUTHORITY\SYSTEM:(M) NT AUTHORITY\SYSTEM:(OI)(CI)(IO)(F) BUILTIN\Administrators:(M) BUILTIN\Administrators:(OI)(CI)(IO)(F) BUILTIN\Users:(RX) BUILTIN\Users:(OI)(CI)(IO)(GR,GE) CREATOR OWNER:(OI)(CI)(IO)(F) APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(RX) APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(OI)(CI)(IO)(GR,GE) Successfully processed 1 files; Failed processing 0 files C:\Windows\system32>
Hrm. The five levels deep sub-folder to which I wanted to grant write access; this is the info from icacls.
I ran this command /remove:g %userdomain%\%username% on the 5 levels deep sub-folder as mentioned above. The result;Everyone(F)
NT SERVICE\TrustedInstallerI)(F)
NT SERVICE\TrustedInstallerI)(CI)(IO)(F)
NT AUTHORITY\SYSTEMI)(F)
NT AUTHORITY\SYSTEMI)(OI)(CI)(IO)(F)
BUILTIN\AdministratorsI)(F)
BUILTIN\AdministratorsI)(OI)(CI)(IO)(F)
BUILTIN\UsersI)(RX)
BUILTIN\UsersI)(OI)(CI)(IO)(GR,GE)
CREATOR OWNERI)(OI)(CI)(IO)(F)
Successfully processed 1 files; Failed processing 0 files
When I ran strictly icacls on the 5 levels deep sub-folder after removing; there remains (F) full access ?
The frown emicons are really suppose to be right bracket (
OK, you've added Everyone - you can remove it with
icacls "C:\Program Files\Test\Test\Test" /remove:g Everyone /t
(Don't forget the /t to process subdirectories also.)
The rest of it looks OK except you don't have All Application Packages at the bottom (unless it is cut off). That may cause problems for your store apps...
BTW if you use [code] instead of [quote] tags it doesn't turn things into smileys...Code::(
Last edited by lx07; 27 Dec 2015 at 17:35. Reason: /t
I don't understand ?The rest of it looks OK except you don't have All Application Packages at the bottom (unless it is cut off). That may cause problems for your store apps...
Icacls is a command to give full access to a folder and or any sub-folders that is it's main purpose ?
icacls is a command to change or display access. You noticed this earlier
In post #15 you have indicated you have Everyone which you need to remove and you don't have ALL APPLICATION PACKAGES which you should (but perhaps you didn't copy/paste it all into the quote).
The ALL APPLICATION PACKAGES SID is used by the modern Store Apps so if you are missing this SID in Program Files directory they will not work correctly.
You need to compare what you have to the defaults which I posted in post #14.
I don't have All Application Packages listed for the 5 level deep sub-folder ?
Before running this command I couldn't write to any folder in Program Files, then I realized before successfully running the command that I could write to the folder Program Files, when previously even running explorer with admin privileges, I couldn't write to program files, what I find odd.
It could also be that I'm not re-creating the problem and that is where icacls comes into help ? :) Anyhow I suppose I'll continue to understand this command. :)Code:NT SERVICE\TrustedInstaller:(I)(F) NT SERVICE\TrustedInstaller:(I)(CI)(IO)(F) NT AUTHORITY\SYSTEM:(I)(F) NT AUTHORITY\SYSTEM:(I)(OI)(CI)(IO)(F) BUILTIN\Administrators:(I)(F) BUILTIN\Administrators:(I)(OI)(CI)(IO)(F) BUILTIN\Users:(I)(RX) BUILTIN\Users:(I)(OI)(CI)(IO)(GR,GE) CREATOR OWNER:(I)(OI)(CI)(IO)(F)
Last edited by JerometheGiraff; 28 Dec 2015 at 20:41.