windowsicacls

icacls not working with active directory security group


i'm using icacls to set permissions to a folder for a active directory security group.

mkdir "33 Test" && icacls "33 Test" /inheritance:d /grant domain\ACL_Test_RW:(OI)(CI)(X,RD,RA,REA,WD,AD,WA,WEA,DC,RC) domain\ACL_Test_RO:(OI)(CI)(RX) && icacls "33 Test" /remove Domänen-Benutzer

Actually this is working fine. I create a folder, disable the inheritance, grant my two permissions ("special" and read only) and remove the domain users. No error message, everything seems to be perfect.

But then: I'm member of the RW-Group - but can't access to the folder.

enter image description here enter image description here

Whats wrong: If i grant the same permissions by hand, everything is working fine. But with icalcs it's not working.

I think the problem is here: domain\ACL_Test_RW If i open my granted permissions by hand and re-select the ACL-Group, it's working. So, i think i have to change this. But idk how. I already tried with "Domain\company1\groups..." -> error message, no connection between Name and SID.

Anyone an idea?

Yes, i did gpupdate /force + restart ...


Solution

  • I just had to put a "S" in the command...it's working now:

    mkdir "34 Test" && icacls "34 Test" /inheritance:d /grant domain\ACL_Test_RW:(OI)(CI)(X,RD,RA,REA,WD,AD,WA,WEA,DC,RC,S) domain\ACL_Test_RO:(OI)(CI)(RX,S) && icacls "34 Test" /remove Domänen-Benutzer