i'm using icacls to set permissions to a folder for a active directory security group.
mkdir "33 Test" && icacls "33 Test" /inheritance:d /grant domain\ACL_Test_RW:(OI)(CI)(X,RD,RA,REA,WD,AD,WA,WEA,DC,RC) domain\ACL_Test_RO:(OI)(CI)(RX) && icacls "33 Test" /remove Domänen-Benutzer
Actually this is working fine. I create a folder, disable the inheritance, grant my two permissions ("special" and read only) and remove the domain users. No error message, everything seems to be perfect.
But then: I'm member of the RW-Group - but can't access to the folder.
enter image description here enter image description here
Whats wrong: If i grant the same permissions by hand, everything is working fine. But with icalcs it's not working.
I think the problem is here: domain\ACL_Test_RW If i open my granted permissions by hand and re-select the ACL-Group, it's working. So, i think i have to change this. But idk how. I already tried with "Domain\company1\groups..." -> error message, no connection between Name and SID.
Anyone an idea?
Yes, i did gpupdate /force + restart ...
I just had to put a "S" in the command...it's working now:
mkdir "34 Test" && icacls "34 Test" /inheritance:d /grant domain\ACL_Test_RW:(OI)(CI)(X,RD,RA,REA,WD,AD,WA,WEA,DC,RC,S) domain\ACL_Test_RO:(OI)(CI)(RX,S) && icacls "34 Test" /remove Domänen-Benutzer