Blocking NTFS permission inheritance using a command line

[LordJudas]

I'm looking for a solution to stop NTFS inheritance on a folder like c:\users using a command line, a tool, a script.

I want to reset permission on this folder (do not copy actuals one).

Does anyone know a solution ?

 

[PHV]

Take a look at xcacls.

Hope This Help
PH.

 

[mrmovie]

there is a adssecurity dll available as part of the adsi resource kit, you may want to look at it if you are scripting ntfs security on files and folders. its is the nuts. great for generating audit info on file and folder permissions during server migrations, if you are brave enough you can use the old audits to set permissions on the new servers etc.

Const ADS_RIGHT_GENERIC_READ = &H80000000
Const ADS_RIGHT_GENERIC_EXECUTE = &H20000000
Const ADS_ACETYPE_ACCESS_ALLOWED = 0

Set sec = CreateObject("ADsSecurity&quot

Set sd = sec.GetSecurityDescriptor("FILE://c:\public\specs&quot
Set dacl = sd.DiscretionaryAcl

'-- Show the ACEs in the DACL ----
For Each ace In dacl
wscript.echo ace.Trustee
wscript.echo ace.AccessMask
wscript.echo ace.AceType
Next

Set ace = CreateObject("AccessControlEntry&quot
ace.Trustee = "ARCADIABAY\jsmith"
ace.AccessMask = ADS_RIGHT_GENERIC_READ Or ADS_RIGHT_GENERIC_EXECUTE
ace.AceType = ADS_ACETYPE_ACCESS_ALLOWED

dacl.AddAce ace
sd.DiscretionaryAcl = dacl
sec.SetSecurityDescriptor sd