icacls Deny Everyone Directory Delete Permission

batch-file windows-8 permissions cacls icacls
TechDude picture TechDude · Sep 9, 2014 · Viewed 10.3k times · Source

I am trying to deny all users from being able to delete a folder (as well as its contents, if possible).

What I currently have is not working.

icacls pics /deny Everyone:(OI)(CI)(DE)

Using the above line neither protects the folder nor its content as I can still delete the folder and all files within it.

Answer

Thomas picture Thomas · Sep 9, 2014

I think i found a solution:

icacls pics /deny Everyone:(OI)(CI)(DE,DC)

which denies the specific rights to delete (DE) and to delete childs (DC).

  • To get this language independent use *S-1-1-0 instead of Everyone. (see Well-Known SIDs)
  • You might still be able to remove the folder if it happens to be empty. If that's a problem, consider setting the read-only flag, e.g., attrib +r pics, and then denying (WA) so it can't be changed (credit to Harry Johnston)

Related questions

How do I create a shortcut via command-line in Windows?

I want my .bat script (test.bat) to create a shortcut to itself so that I can copy it to my windows 8 Startup folder. I have written this line of code to copy the file but I haven't yet found …

Read More
Mapping a network drive and having trouble saving password

I'm running a batch: "net use j: \\192.168.1.241\sausb /user:srvfeskar\administrator Ratata12 /persistent:yes /p:yes" After restarting the windows 8 computer. I need to insert the password again.

Read More
How do I shutdown, restart, or log off Windows via a bat file?

I've been using Remote Desktop Connection to get into a workstation. But in this environment, I cannot use the power options in Start Menu. I need an alternative way to shutdown or restart. How do I control my computer's power …

Read More