A server stack is the collection of software that forms the operational infrastructure on a given machine. In a computing context, a stack is an ordered pile. A server stack is one type of solution stack — an ordered selection of software that makes it possible to complete a particular task. Like in this post about Unable to assign group permissions with ICACLS on Windows Server 2012 was one problem in server stack that need for a solution. Below are some tips in manage your windows server when you find problem about windows, windows-server-2012, file-permissions, windows-authentication, icacls.
I cannot get icacls to accept my group for adding permissions. I am using an elevated power shell with the following command:
icacls 'C:/foo' /grant:r 'Group Foo':f
I get the following error:
Invalid parameter "Group Foo"
I have tried using the SUID too, but that fails as well. I have also tried ‘DomainGroup Foo’
I have a bunch of files I am trying to allow a group to use. What is the proper way to add mass permissions in Windows Server 2012?
— EDIT —
E:> icacls "E:/Contact Numbers.xlsx" /grant:r "Users":f Invalid parameter "Users"
Use double quotes instead of single quotes:
C:>mkdir foo C:>icacls 'C:/foo' /grant:r 'Users':f 'Users': No mapping between account names and security IDs was done. Successfully processed 0 files; Failed processing 1 files C:>icacls "C:/foo" /grant:r "Users":f processed file: C:/foo Successfully processed 1 files; Failed processing 0 files
I missed that you were using Powershell, not
cmd. Powershell has some high weirdness when mixing external commands and quoting. Here’s a couple examples using Powershell.
PS v2: To pass the quotes onto
icacls you must escape them with a caret. Note parenthesis around the “F” need escaped as well.
PS C:>icacls `"C:/foo`" /grant:r `"Users`":`(F`)
PS v3: Version 3 offers a new escape sequence
--% (dash, dash, percent) which escapes the remainder of the line. This makes even complex external parameters simple.
PS C:>icacls --% "C:/foo" /grant:r "Users":F
It won’t let me comment on jscott’s thread but in order to make your command run properly in Powershell, you’ll have to add quotes around the entire parameter, as such:
C:> icacls .foo /grant:r "Users:F"
This will work for group names that have spaces in them, as well as commands including inherit permissions.
C:> icacls .foo /grant:r "Remote Desktop Users:(OI)(CI)(F)"
When in doubt, always apply quotes around the full parameter. Hope this helps! 🙂