0

I have a folder that contains bunch of *.exe and *.dll files (not necessarily all in root) and I want to Forbid Write to {S-1-1-0} (Everyone) on all these files.

I've tried:

 Get-ChildItem -Path c:\my\path\ -Filter *.exe -Recurse -ErrorAction SilentlyContinue -Force | Foreach {icacls $_.fullname /deny"Authenticated Users:(w)"}

however this does something weird - I can no longer run the executable, instead of just not being able to write into it.

I found a similar issues, but there is no answer

https://stackoverflow.com/questions/67301987/deny-write-to-everyone-blocking-also-read-access-icacls

https://stackoverflow.com/questions/48504651/icacls-deny-de-and-d-doesnt-work

UPD: to clear this up, I just want to either set (with add if not present) Authenticated Users to Deny:Write and that is but it proves to be impossible task

Improve this question
4
  • Does superuser.com/questions/1735470/… answer the question?
    – grawity_u1686
    Commented Jun 21 at 17:46
  • Not really, applying these perms does nothing literally.
    – Kirikan
    Commented Jun 21 at 18:18
  • Applying which perms in what way?
    – grawity_u1686
    Commented Jun 21 at 18:20
  • Just testing icacls N:\1.txt /deny "Everyone":(OI)(CI)(WD,AD,WEA,WA) - absolutely no perms even added.
    – Kirikan
    Commented Jun 21 at 18:25

0

Reset to default

You must log in to answer this question.

Browse other questions tagged .