How to grant permission to users for a directory using command line in Windows?
As of Vista, cacls
is deprecated. Here's the first couple of help lines:
C:\>cacls
NOTE: Cacls is now deprecated, please use Icacls.
Displays or modifies access control lists (ACLs) of files
You should use icacls
instead. This is how you grant John full control over D:\test
folder and all its subfolders:
C:\>icacls "D:\test" /grant John:(OI)(CI)F /T
According do MS documentation:
F
= Full ControlCI
= Container Inherit - This flag indicates that subordinate containers will inherit this ACE.OI
= Object Inherit - This flag indicates that subordinate files will inherit the ACE./T
= Apply recursively to existing files and sub-folders. (OI
andCI
only apply to new files and sub-folders). Credit: comment by @AlexSpence.
For complete documentation, you may run "icacls
" with no arguments or see the Microsoft documentation here and here
Windows command line change folder permission
In my own dispare, I finally managed to figure it out:icacls "C:\my folder" /GRANT *S-1-1-0:F
This is funny: I figured it out by means of technet.microsoft.com, YET, THEIR OWN DOCUMENTATION IS WRONG!!!
IN https://technet.microsoft.com/es-es/library/cc753525(v=ws.10).aspx they state you should use Icacls test2 GRANT *S-1-1-0:(d,wdac)
when you should actually use Icacls test2 /GRANT *S-1-1-0:(d,wdac)
How to change already created folder/directory security permission using Windows API C++
I was able to change directory permisison using this article
https://learn.microsoft.com/en-us/windows/win32/secauthz/modifying-the-acls-of-an-object-in-c--
How to set folder permissions in Windows?
You want the win32security
module, which is a part of pywin32. Here's an example of doing the sort of thing you want to do.
That example creates a new DACL for the file and replaces the old one, but it's easy to modify the existing one; all you need to do is get the existing DACL from the security descriptor instead of creating an empty one, like so:
import win32security
import ntsecuritycon as con
FILENAME = "whatever"
userx, domain, type = win32security.LookupAccountName ("", "User X")
usery, domain, type = win32security.LookupAccountName ("", "User Y")
sd = win32security.GetFileSecurity(FILENAME, win32security.DACL_SECURITY_INFORMATION)
dacl = sd.GetSecurityDescriptorDacl() # instead of dacl = win32security.ACL()
dacl.AddAccessAllowedAce(win32security.ACL_REVISION, con.FILE_GENERIC_READ | con.FILE_GENERIC_WRITE, userx)
dacl.AddAccessAllowedAce(win32security.ACL_REVISION, con.FILE_ALL_ACCESS, usery)
sd.SetSecurityDescriptorDacl(1, dacl, 0) # may not be necessary
win32security.SetFileSecurity(FILENAME, win32security.DACL_SECURITY_INFORMATION, sd)
PowerShell To Set Folder Permissions
Specifying inheritance in the FileSystemAccessRule()
constructor fixes this, as demonstrated by the modified code below (notice the two new constuctor parameters inserted between "FullControl"
and "Allow"
).
$Acl = Get-Acl "\\R9N2WRN\Share"
$Ar = New-Object System.Security.AccessControl.FileSystemAccessRule("user", "FullControl", "ContainerInherit,ObjectInherit", "None", "Allow")
$Acl.SetAccessRule($Ar)
Set-Acl "\\R9N2WRN\Share" $Acl
According to this topic
"when you create a FileSystemAccessRule the way you have, the
InheritanceFlags property is set to None. In the GUI, this
corresponds to an ACE with the Apply To box set to "This Folder Only",
and that type of entry has to be viewed through the Advanced
settings."
I have tested the modification and it works, but of course credit is due to the MVP posting the answer in that topic.
Related Topics
How to Get a Complete List of Object's Methods and Attributes
Using Requests with Tls Doesn't Give Sni Support
Opencv Real Time Streaming Video Capture Is Slow. How to Drop Frames or Get Synced with Real Time
Where to Put Freeze_Support() in a Python Script
Why Do -1 and -2 Both Hash to -2 in Cpython
How to Upgrade to Python 3.6 with Conda
Can Flask Have Optional Url Parameters
Extract Elements of List at Odd Positions
Find the End of the Month of a Pandas Dataframe Series
How to Modify Variable in Python That Is in Outer, But Not Global, Scope
How to Catch a Numpy Warning Like It's an Exception (Not Just for Testing)
How to Request a Url in Python and Not Follow Redirects
Pycharm Current Working Directory
Python Regular Expressions - How to Capture Multiple Groups from a Wildcard Expression
How to Find Where Python Is Installed on Windows